Dear user

This phish uses scary tactic to get the user to take action to click on the link. The sender email address is external to UVic, subject of the email is very generic, link given (check by hovering over the link) is external to UVic, it has formatting errors, and signature is also very generic. All these are phishing signs.

Another thing of note in this phish is the mention of next steps where you will receive a call and then press 0, whenever such steps are mentioned beware as the phisher will try to further social engineer you into revealing personal information or confidential information (such as MFA info) via phone call.

Always look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Phish with subject "Dear user" to lure users into clicking on external link which will capture user's credentials.

Subject: Dear user
Sender: <****>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

2-step login maintenance is required for your email before April 29th, 2024, to avoid login interruption.

Setup maintenance for 2-step login here [external link]

Note: A notification call will come through your phone, kindly answer the call and then press 0 on your phone to complete your new 2-step login setup.

IT Service Center