This is a spoof phish; the phisher tried to make this email look like it came from a UVic sender but it really came from an external source. The second half of the subject line varies between recipients but follows the same pattern. Hovering over the links would show that they do not go to UVic SharePoint and should not be clicked.
A few people received the variant below. This version had a spoofed sender of accounts@uvic.ca.
Another COVID-19 alert phish. Please be aware that scammers will often take advantage of major events like the pandemic when crafting phishing emails. Do not enter your personal information in links from unsolicited emails like this one.
For official UVic COVID-19 information, go to https://www.uvic.ca/covid-19/index.php 
Another attempt to toy with your sense of urgency this morning.
We have normal processes through your regular logon and use of UVic Services for any required password changes, if there is ever need for them.
As a general rule, we really do not want you to “keep the same password” or reuse them. If you change your password because you think someone may have guessed it, its time to make it significantly different and more importantly, longer.
Today’s phish (multiple versions) did land on a fake version of our UVic logon page and some of them have already been taken down.
Sharing this version with email content for reference.
Although many phishing emails will look as if they are coming from a known contact or service, note the sender address here.
There is a link named with the uvic.ca name but if you hold your mouse over the link (without clicking) you will see that this is not a UVic service at all, never mind a UVic Sharepoint service.
NOTE: There have been varying versions of this one throughout the day with Shared Contracts, Memos etc.
Thank you for continuing to report these!
Don’t trust the link text that you see in an email. While that link claims to be from amazon.com, if you were to hover over it you’d find it’s actually a shortened URL from bit.ly. Be wary of shortened URL in emails; while the shortening service might be legitimate, phishers often use them to obscure the true destination of the link.
You can try using a URL unshortener like Unshorten.it to see if it can obtain the true destination. Here’s a screenshot of the results I got from running it on the URL from that phish–you can see that bit.ly link definitely doesn’t go to Amazon and shouldn’t be clicked!
This is a fake SharePoint notification. Hovering over the link reveals that it goes to a domain that might be mistaken for the real SharePoint one if you don’t look at it closely.
This is a spoof phish; while it looks like it came from administrator@uvic.ca, it actually came from a non-UVic sender. The green “trusted source” banner is not something that was added by the UVic mail system either; that was added by the phisher in an attempt to make the message look legitimate.
The link goes to a phishing site that made some effort to copy the appearance of the UVic homepage. If you clicked on that link, reach out to the Computer Help Desk or your department’s IT support staff immediately.
Note how the sender display name claims to be from Office 365 but the sender address says otherwise.
This is another phish that uses COVID-19 as a lure. It claims to be a UVic internal communications email, but the non-UVic sender email is an obvious giveaway.
The email tries to convince you to click on the link for important information about COVID-19 protocols, but that link actually goes to a fake M365 page, so don’t click on it. The UVic homepage has a link to the genuine official COVID-19 communications (or you can click here to go there directly).
The number and exact wording used in the subject line will vary between messages but follow the same general pattern. For example, “documents” or “generated” might be used instead of “info” and “prepared”. The sender information will also vary per message as well.
The link goes to Google Docs, but don’t click on it; this is an example of a phisher abusing a legitimate service to host malicious content.
This phish may look like it came from the CRA, but don’t trust that sender information–in this email, it is spoofed!
If you were to hover over any of the links, you would see that it although they contain “cra-grc”, the site is not canada.ca or cra-arc.gc.ca, so it is dangerous to click on those links. The destination is actually a very realistic copy of the CRA login page designed to steal your login credentials.
The CRA has some tips on how to recognize scams here: https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html
What appears to be happening here is a phisher created a Google Form and then made a bogus submission where they entered someone else’s email address. The result: that other person is emailed a genuine Google Forms submission receipt but the content of that email is actually phish.
Phishers often abuse legitimate services like Google Docs or Forms to send and/or host phishy content. If you receive an email notification from a service like that, think about whether it’s related to an action you remember doing or if it’s something you were expecting from someone you know. If not, it’s probably phish, so don’t click on any links.
Package delivery phishes are very common nowadays with the increase in online shopping due to COVID-19.
Another phish was received by a number of UVic recipients today. It uses the usual tactics – to scary the recipient that something is wrong and the victim needs to fix it. In this case the subject is “UVic Mailbox Quota Warning” and the email claims several messages were pending because the mailbox was full. (see the screenshot below). When the victim clicks on the link a fake Outlook Web Access (OWA) page opens. All designed to steal your UVic credentials.
As we always remind you – please do not be curious and do not click on such links – they may contain other malicious content so that just opening them “for a quick glimpse” may be dangerous.
Note that they added their own message (the green bar) to fool you that the email originated from UVic.
