The phisher used individualized click-tracking links for this HR-themed phish, meaning that they will know which recipients clicked. Since this is a phish, don’t click on the Unsubscribe button either. There’s no guarantee the phisher will respect that, and it might just mean you’ll get more phish since the phisher now knows that your email address is valid.
Also note the American address in the footer; that should be a red flag given that we’re a Canadian university.
Clicking on the link (don’t do this!) takes you to a phony remote working policy document that tells you to click on a second link to acknowledge and sign the document. That second link goes to a phony Microsoft 365 login page for harvesting your login credentials.
