Last updated: October 28, 2025
Microsoft recently identified a phishing campaign—nicknamed “Payroll Pirates”—targeting universities across North America. This same threat actor has now been confirmed as the source of recent phishing attacks at UBC.
Over the past two weeks, several accounts were compromised. The campaign uses deceptive HR- and payroll-themed emails to trick users into revealing credentials or approving fake MFA prompts.
No UBC systems or Workday have been breached. However, this activity confirms that UBC is actively being targeted.
Examples of phishing email subjects include:
- Paige Capece shared “Employee Salary Adjustment Approval1” with you
- 16.89% Salary Increase Letter – Monday, October 3, 2025
- Q2 Payroll and Compensation Update – Action Needed University of British Columbia
- Bonuses Distribution, Payroll Upgrade, and Health Insurance for All
- [Approval Rejected] Your Annual Leave/Vacation application have been rejected by HR Coordinator (Review & Re-Apply)
Protect yourself
- Treat any unexpected HR or payroll-related email with caution.
- Verify with HR or through Workday before clicking links or approving login prompts.
- Never approve MFA prompts you didn’t initiate.
- Report suspicious messages to security@ubc.ca.
UBC continues to run phishing prevention workshops, self-phishing exercises, and mandatory cybersecurity training that address exactly these types of attacks.
Thank you for helping keep our UBC systems and data safe.