Undelivered mail notification

This phish was received by UVic users today. It tries to persuade the victim there was a “configuration error” and as a result some mails could not be delivered. The goal is the same¬† – to make you click on a malicious link which opens a fake OWA page in order to steal your credentials. Please do not click on the link.
The email and the fake OWA page are shown in the next screenshots:



Undelivered Mail

This phish used a spoofed sender of postmaster@uvic.ca or postmaster@local.uvic.ca, but originated from an external source and is definitely not legitimate. Also note the “trusted source” banner–this was not added by our mail system, but by the phisher to make the message look legitimate.

Do not click on the links in this email; if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.

Job Application

This type of resume/job application phish is nothing new, but what is somewhat more unusual is the fact that the phisher has made a slight (though not very good) attempt to target UVic. They even tried to address the recipient personally, but in this case they actually got their first name wrong. But what hasn’t changed is the nastiness of the attachment–do not open it as it will contain malware!

Non delivered messages phish

Another version of the popular phish that claims some of your email messages were blocked and you needed to click on that link in order to “unblock” them is circulating around.
The sender is clearly non-UVic. Please do not be curious and do not click on such links even just for a quick peek. They may contain malicious load. The email looks like this:


and the page looks like this:

A UVic-targeted variant of the usual advance fee scam

No doubt you’ve all seen a classic advance fee scam. A stranger emails you asking for assistance in transferring a large amount of wealth that they say they own but can’t access, offering you a cut of it in return. Most of the time, these scams are sent en masse and not targeted to the recipient.

However, a bunch of UVic employees recently received a more targeted variant of this scam where the writer poses as someone wanting to come to UVic:

Those who reply will receive a lengthy letter back. For brevity’s sake I won’t post the whole thing, but here’s the part that makes it clear that this is just another advance fee scam. Note: you can right-click on the image and choose to open it in a new tab or window to view it at full size if the font is too small for your liking.

Phish from a compromised vendor email address

An employee of a local vendor had their email address compromised and used to send phishing emails. Notice the part that looks like a file attachment–it actually is a link to a malicious file on OneDrive.

If you receive emails that appear to come from someone you know but don’t quite look right, don’t reply and don’t click on the links. Instead, contact them via a phone number that you already have and know is safe. Also inform your department’s IT support staff and report the phish to the Information Security Office so that we can follow up as necessary.