This Canada post impersonation delivery phishes have become common occurrence at UVic. But this morning, UVic users received it in bulk.
It claims to be Canada Post but the email address is not from Canada Post domain. The link in the email is also not hosted on Canada Post domain. The email creates a fake sense of urgency that a package is waiting to be delivered. These types of emails can create curiosity in users to know what package they might have received even if they didn’t order it. The delivery cost demanded is quite low which is to let the user’s guard down and the user might take the risk and visit the link. The phisher’s here are not after the amount but the card information that a user might fill out on the phishing page hosted on the given link which is very good imitation of Canada Post page. (The link was investigated by InfoSec in a locked environment.)
Always think whether you were expecting a delivery or not. It is always best to confirm with the organization mentioned in the email via other means of communication before proceeding any further.
Phishing page: