Notice the green “From a trusted sender” banner in this email. That is not a banner that the UVic email system added; it was actually added by the phisher to make the message look more trustworthy. Interestingly, the phisher also uses the recipient’s own email address as the spoofed sender.
The phishing link is an interesting example. If you hover over the “Confirm now” link, you’ll see that its destination starts with uvic.ca. But look closely at the domain of the link, that is, the part before the first “/” (outlined in red in the screenshot below). The link actually goes to uvic[.]ca[.]1web-portale[.]ga (square brackets added by me for safety reasons), which is a spear phishing domain designed to trick people into thinking the link goes to the UVic website.
