Who wouldn’t like a generous salary increase, especially when the cost of living is so high? That feeling is exactly what the phisher is banking on to trick you into opening the attachment and entering your login credentials on a phishing site. The email has the usual red flags:
- The sender is from outside of UVic (the phisher used a compromised account at another university).
- The 16.89% increase is far too good to be true.
- The wording is awkward and there are multiple grammatical errors. While correct grammar doesn’t mean the email is legitimate, multiple grammatical errors in an email that poses as an official communication is usually a sign that something is not right.
These are all signs that the PDF attachment is not legitimate and is not safe to open. UVic InfoSec used some specialized tools to safely examine the phishy PDF’s contents (important: do not try this yourself). The document contained UVic branding, a link to view the “protected” file, and detailed instructions on how to generate MFA bypass codes, which is something that the phishing site specifically asks for.
- If a document says the content is secure, protected or encrypted, and you have to click on another link or button to view the content, do not proceed as that is a sure sign of a phish.
- If an email or document tells you to generate MFA bypass codes that you’re then supposed to provide on a form along with your password, do not proceed. The phisher is trying to trick you into giving them enough information to login to your account without alerting you with a MFA push.
- Beware of login forms that tell you to expect and approve a MFA push later in the day or further out than that. If you saw something like that after you entered your password, change it immediately and contact the Computer Helpdesk or your department’s IT support staff. Never approve MFA pushes that come when you are not logging in, and do not approve pushes that are coming from an unexpected location even if you just entered your password on something that looks like a login form.
Email transcript
From: [redacted – compromised account at another university]
Date: Mon 2026-03-02 9:42 AM
Subject: Important: Salary Increase Notification and Access Instructions – Effective March 2, 2026Attachment: [PDF icon] University of Victoria_protect… (290 KB)
Algunos contactos que recibieron este mensaje no suelen recibir correos electrónicos de [redacted]. Por qué es esto importante.
Dear UVic Members,
Further to last week notification, find enclosed Here-under the letter summarizing your 16.89 percent salary increase starting Monday, March 2, 2026
All relevant documents are enclosed Herein:
NOTE: Your Access is required to review the salary increment letter, Initial Access is Salary2026
Payroll & Employee Relations
University of Victoria
PDF screenshot and transcript
[UVic logo]
This Document is Protected
To view shared file Via PDF File, Click the button below:
View Files [phishing link]
How to Generate Duo Bypass Codes (Self-Service) at UVic
[Watermarked UVic logo]
Before you begin You need:
- Your UVic Netlink ID (username) and password
- Your current Duo second factor (Duo Mobile app push, app-generated passcode, SMS, call, hardware token, etc.)
Step 1 – Log in to your NetLink profile
- Go to the UVic NetLink portal or directly to the MFA management page: https://www.uvic.ca/netlink/manage/mfa/manageDuo (Or start from https://www.uvic.ca/systems/netlink/2fa/index.php and click “Manage duo multi-factor authentication”.)
- Log in with your NetLink ID (username) and password.
- Authenticate with your current Duo method (e.g., approve push on Duo Mobile app or enter app passcode).
Step 2 – Navigate to bypass codes
- Once logged in, go to Your profile > Manage Duo multi-factor authentication > Manage bypass code(s) (or similar section labeled “Manage bypass codes”).
Step 3 – Generate codes
- Choose to generate:
- 10 single-use codes (no expiration date, each works once), or
- One 24-hour code (temporary full access).
- Click Generate (or equivalent button).
- The codes will display on screen