Phish: Notification of salary increase

Published: August 21, 2025

This phishing attempt falsely promotes a U of T-sanctioned notification of salary increase, promising staff a high salary increase, in this case of 16.89%.

This phishing email urges recipients to download an attachment containing a virus. The attachment may steal personal information and login credentials and give attackers unauthorized access to accounts.

Once an attacker has acquired login credentials, they often try to access accounts by sending multiple multi-factor authentication (MFA) requests, hoping one will be approved. Do not approve unexpected Duo, UTORMFA or other MFA requests you did not initiate.

Email details

Subject:

Notification of 16.89% Salary Increase – Documents Attached

Dear University Community,

Following up on last week's announcement, please find attached the official letter outlining your 16.89% salary increase, effective Monday, August 18, 2025.

The enclosed documents include all relevant details regarding this adjustment.

Access Instructions:
To review your salary, increment letter, please use the initial access code: Salary2025.

Should you have any questions, feel free to reach out to the Payroll & Employee Relations team.

Best regards,

Payroll & Employee Relations
University of Toronto

Attachment:

University of Toronto.pdf (125 KB)

Phishing cues

  • Generic greeting

    The email does not address the recipient by name.

  • Too good to be true

    The offer of a 16.89% salary increase is unusually high and unrealistic — a red flag.

  • Poses as a trusted or legitimate source

    The sender poses as U of T to deceive recipients.

  • Unprofessional design or formatting

    The email lacks typical professional formatting, such as a personalized greeting, legitimate signature or contact information.

  • Unsolicited attachments or links

    The email includes an unexpected PDF and instructs recipients to use an initial access code to access it, something not used in standard U of T communications.

Icon for report phishing

Report phishing

If you receive a suspicious email, do not open attachments or click on links. Report phishing attempts to security.response@utoronto.ca.