Phishing Alert: Fake file-sharing phishing campaign directing to fake portal sites

A phishing email is circulating among the McGill community. See details below. If you receive it, please do not interact with it.

If you have already interacted with this email (such as clicking a link or submitting personal information, including your McGill password):

• Call the IT Service Desk at (514) 398-3398.

• Change your McGill Password immediately.

• Follow the McGill Password Reset Checklist.

Example of the phishing email:

From/Alleged Sender: Compromised email contacts are being used for this campaign, including @mcgill.ca email addresses.

Subject of Message: 

The message may use variations of these subject lines:

• [Redacted] has shared "Project Proposal and Payment supporting documents" with you
• [Redacted] has shared “Audits Operations & Payments Supporting Documents” with you

• [Redacted] a partagé avec vous le document « Proposition de project et documents justificatifs de paiement »
• [Redacted] a partagé avec vous le document « Dossier et pièces justificatives »

Description of the Attack:

A phishing email is circulating, asking you to take the following action(s): copy and paste a link to a fake login page that would steal your credentials

Email body uses variations of the following texts in English or French:
“To access the document, visit our portal: [redacted]-portal.pages.dev

If you are having trouble accessing the link directly, please copy and paste the URL into a new browser or on your mobile device to view the document sent to you”
 

“Pour y accéder, visitez notre portail : [redacted]-portail.pages.dev

Si vous rencontrez des difficultés pour accéder directement au line, veuillez copier-coller l’URL dans un nouveau navigateur ou sur votre appareil mobile pour consulter le document partagé”

Engaging with the message could lead to your account being compromised, malware being installed on your device, or other types of cyberfraud.

Key Awareness Information:

• When you find suspicious emails in your Inbox, report them immediately by using the Report Phishing button in Outlook.

• Never click on a link, file share, or open attachments from someone you don't recognize or if you're not expecting the message – people you know can be “spoofed” by attackers or could have their accounts compromised.

• If you previously noticed an email or message but can’t find it anymore, it was likely already removed from your McGill mailbox or Teams chats as part of our continuous efforts to protect the McGill community from attacks.

• If the email is already in your Junk Email folder, you do not need to report it.

Learn more about how to detect phishing attacks at: www.mcgill.ca/phishing