Multiple Phishing Campaigns: "New Gateway" or "Payroll Schedule is Available!"

Threat Level: Medium
Threat Type: Phishing
Advisory Date: 07/13/2023


Multiple phishing campaigns have been detected.

Campaign 1:

The inbound emails to users attempts to entice you to click on a link to enroll ina new gateway for faculty and students. This is fradulent.

The emails originate from non addresses, and appear stimilar to:

"Welcome to the new Gateway for Faculty and Staff

Login to The Staff Gateway: is the new home for on-line self-service and information.
Click on Gateway <LINK TO PHISHING PORTAL> and login to:
Access the new staff directory
Access your pay slips and P0s
Update your photo ID
E-mail and Calendar Flexibility
Connect mobile number to e-mail for Voicemail
Contact ITS Help Desk for email issues?​"

Clicking the link "Gateway" will take you to a page hosted external to the university (not located on a website) which asks for username and passwords. Do not click on this link or enter credentials.

Campaign 2:

Using the subject line similar to "Payroll schedule is available!", which is sent by an external party (such as an email account ending in , many staff and faculty email addresses were targeted.
This email appears as:

"1 New Notification Regarding Your 2018 Payroll


Copyright © 2018 University of Regina"

While the link looks like a website, hovering your mouse cursor over the link shows that it leads to a website. In this case, clicking the link takes you to a cloned login portal, but is hosted on a website which is not operated by the university. The address in the browser once the link is clicked is not a valid website address. Do not enter any credentials.


Phishing is an online fraud technique used by criminals to entice you to disclose personal information. It is the fastest rising online crime method used for stealing personal financial information and perpetrating identity theft.

Phishers use many different tactics to lure you, including email and web sites that resemble well-known, trusted institutions. A common phishing practice involves spamming recipients with a fake message under the name of a trusted institution. The purpose of this fake message is to trick you into providing personal information, such as user name and password.

People who respond to phishing e-mails, and input the requested financial or personal information into e-mails, websites, or pop-up windows put themselves and their institutions at risk.


If you received this message, please delete it immediately if you have not already done so. This message did NOT come from Information Services or Payroll.
If you inadvertently clicked a link and entered your credentials, please change your password right away to something you have not used recently:

Go to the Information Services homepage at and click "Change Password" in the Quicklinks on the right side


See the Phishing Resources page. Additionally, phishing is a subject covered in Information Security Awareness Training, which is offered at no charge, online, to the University community.

Please contact the IT Support Centre if you require assistance:
Phone 306-585-4685

In person at ED 137 or Archer Library Main Floor Commons