This phish points to a latest phish tactic that asks the users to scan the QR code to open the phish url rather than providing the url within the email body. This tactic is used to avoid network security in place. The principles for detecting the phish remains the same, as in this case:
- The sender address is external and the sender name is fake.
- No context in the email body is given as to why this email is sent to you.
- No signature.
- Url of QR code goes to an external site. (Checked responsibly by infosec team)
Always take a moment before taking any action mentioned in an email, look for phishing signs and ask yourself if you were expecting such email. If the doubt still remains then confirm with the department or sender directly using other means of communication rather than replying to the phish email or you can also confirm with helpdesk. It is always better to be safe than sorry.
Subject: Uvic 2FA Salary Report For [redacted username]@uvic.ca Completed 07 September, 2023 09:44:47 AM
Sender: Payroll UPDATE for period ending 07 September, 2023 09:44:47 AM <redacted sender email address>This message was sent with high importance.
[Image with Microsoft Teams logo and QR code.
Text in the image:
Scan the QR code with your CELL PHONE CAMERA to access your personalized performance review and Complete your salary review for timely payroll processing.Please review security requirements within 72 hours to avoid delays.]
Confidentiality Notice: This Electronic message, together with its attachments, if any, is intended to be viewed only by the individual to whom it is addressed. It may contain information that is privileged, confidential, protected health information and/or exempt from disclosure under applicable law. Any dissemination, distribution or copying of this communication is strictly prohibited without our prior permission. If the reader of this message is not the intended recipient or if you have received this communication in error, please notify us immediately by return e-mail and delete the original message and any copies of it from your computer system.