It’s certainly ironic when phishers say something about an increase in spam emails and even say you should be careful when handling emails. That being said, it’s not an uncommon tactic; they do it to make you think it’s from your IT Security staff, hoping that you won’t apply that sense of caution to this particular email. They also create a false sense of urgency by requiring you to act before a fast-approaching deadline.
However, the sender address is not from UVic, which is a sign that the email is not legitimate. Hovering over the link (without clicking on it!) also reveals that the destination is not on uvic.ca. Do not click on the link from this email and do not enter login credentials on the page.
Also, avoid rushing to approve MFA pushes when they come. If an MFA push is unexpected or it’s coming from a weird/unexpected location, it’s safest to deny the attempt, then report it as a suspicious login so that the real UVic Information Security Office can investigate. You should also change your password as soon as possible.
Subject: Email Security Gateway Update
From: [redacted] <[redacted]@******xusa.com>Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
The amount of spam emails reaching email inboxes has increased recently, according to the IT department. We wish to warn you to open and respond to any email with caution.
All users must register for the new email security filter on or before June 17, 2023, to use it. To register, go to Barracuda Email Gateway and log in with your details.
Kind Regards,
[redacted]