HR or payroll-themed lures are commonly used for phishing emails. While this email claims to be from a UVic system, notice how the capitalization of UVic in the sender name is incorrect and the actual sender address is from outside of UVic. Both are red flags that indicate that this a phishing email; a genuine UVic Payroll or HR email should be coming from a UVic email address. Another bad sign is the fact that there is nothing in the message body except for a disclaimer and confidentiality notice that mentions some other external organization but not UVic.
This email also contains a .htm attachment. Do not open unsolicited or unexpected attachments whose names end in .htm or .html. These files are webpages, meaning that they could contain code that downloads malicious content or that redirects you to a malicious site. UVic InfoSec used a special secure environment to examine this file’s contents and found that it contains code to redirect you to a malicious site after a few seconds’ delay. If you opened the attachment, reach out to the Computer Help Desk or your department’s IT support staff for assistance.
Subject: REMINDER: Benefits Open Enrollment 2024. Review & Sign
From: Uvic e-Service System <okita@****okita.com>
This message was sent with high importance.
Attachment: [webpage file] Open Enrollment 2024.htm (1018 bytes)Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Disclaimer: Confidentiality Notice: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the originator of the message. Any views expressed in this message are those of the individual sender, except where the sender specifies and, with authority, states them to be the views of A********x