Payroll

This phish tries to get attention by pretending to be coming from payroll office, which is clearly not the case. The subject is too generic, and the sender’s name is fake “payroll Team” with external sender address (not on uvic.ca domain). The link in the email is also external to the services used in UVic. There is no context whatsoever as to why this email is sent to you.

This phish is to steal your credentials. Once you click on the link to download the attachment it asks for credentials. This was observed by Infosec team in an isolated environment. You should never be adventurous about these emails and refrain from the curiosity of clicking on the links. Always check the link by hovering over it.

If in doubt, you can always confirm with the payroll dept by calling them directly from a known contact information (never from the one given in the phish email).