This phish circulating today is coming from a Japanese server but the sender is spoofed to look as if internal. They used some sort of random numbers generator for the spoofed addresses (the number in the sender’s address is different, although they all start with “secured_file” and end up with @uvic.ca.
In some cases the subject is “RE: Audit report”, in other cases it is “Audit_report_Nov.2022”
The “get your file” button and the “Privacy statement” link at the bottom – both lead to the same location – some server in Brazil – fortunately already flagged as dangerous site in Google safe browsing.
Please do not be curious and do not click these links because sometimes they may contain malware to infect your machine instantly. Our experts investigate them in dedicated isolated environments.
