Who wouldn’t like a sizable salary increase, especially in these times when the cost of living has gone up so much? But that’s precisely what phishers are trying to prey upon when they craft these fake salary increase emails. Thankfully, they left plenty of red flags that you can look for to determine this email is fake:
- The email did not come from UVic–a real salary increase notice would come from a UVic email address.
- The greeting is generic and impersonal.
- The salary increase amount is too good to be true, especially since it’s not spread out over multiple years
- There are a lot of spelling and grammar errors in both the email and the file name.
- The signature block is generic and doesn’t mention UVic.
All of those items are signs that you should not open the attachment, as it will either contain phish/scam content or malware.
InfoSec ran the file through some specialized tools to safely examine the content. The results showed the file simply says that the document is protected and that you have to click on a link to view the actual content online. If you open a file and see something like that, contact the Computer Help Desk or your department’s IT support staff immediately for assistance, as that’s a sign that the file is not legitimate.
Subject: Salary Increase Notification Letter
From: Payroll Department <[redacted]@********u.edu>Attachment: [PDF icon] Salary-Increasment-July… 80 KB
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Dear All,
Sequel to last week notification, find enclosed here-under the letter summarizing your 16.89 percent salary increase starting 21 July 2023
All documents are enclosed here-under:
NOTE: Your Access is needed to go through the salary increment letter, Initial Access is Salary
Payroll & Employee Relations