Phish Alert - Payroll Notification

Threat Level: Medium

Threat Type: Social Engineering

Advisory Date: 07/13/2023

Description

A payroll phishing campaign may have hit your inbox recently.

We have recieved multiple reports about a message sent to multiple users impersonating an account that appears as a university payroll email address.

The message is similar to this structure:

To All Faculty and Staff Members,

1 New Notification Regarding Your Payroll

www.uregina.ca <links to phishing domain>

Best Regards,

© 2011-2018 University of Regina

Impact

At this time, we have identified and alerted accounts affected by this email directly.

If you have recieved this email to a non-uregina account, please safely ignore this message as it does not originate from our mail servers.

Resolution

We have currently removed these domains from our mail servers and contacted the hosts of the abusive sites, however the phishing form is still live at this time.

If you have interacted with the phishing form, we recommend that you change your password immediately at https://novapp.cc.uregina.ca/perl/chpass.pl and contact us at is.security@uregina.ca so we can take steps to keep your account safe.

If you have not interacted or responded to this phishing message but recieved it, you may safely ignore it and delete it from your inbox.

Resources

Review our phishing website for more information on how to protect yourself from further messages:

https://www.uregina.ca/is/staff/security/resources/resource-phishing.html

If your receive a message that you are unable to determine the legitimatacy of, please contact the IT Support Centre:

Phone 306-585-4685

Email IT.Support@uregina.ca
Webform http://www.uregina.ca/is/forms/ticket.html

In person at ED 137 or Archer Library Main Floor Commons

We thank you for all of your phishing reports!