Fake UVic Logon Page

Another attempt to toy with your sense of urgency this morning.

We have normal processes through your regular logon and use of UVic Services for any required password changes, if there is ever need for them.

As a general rule, we really do not want you to “keep the same password” or reuse them. If you change your password because you think someone may have guessed it, its time to make it significantly different and more importantly, longer.

Fake Sharepoint Document share

Today’s phish (multiple versions) did land on a fake version of our UVic logon page and some of them have already been taken down.

Sharing this version with email content for reference.

Although many phishing emails will look as if they are coming from a known contact or service, note the sender address here.

There is a link named with the uvic.ca name but if you hold your mouse over the link (without clicking) you will see that this is not a UVic service at all, never mind a UVic Sharepoint service.

NOTE: There have been varying versions of this one throughout the day with Shared Contracts, Memos etc.

Thank you for continuing to report these!

Shared
Shared

 

We’ve suspended your account

Don’t trust the link text that you see in an email. While that link claims to be from amazon.com, if you were to hover over it you’d find it’s actually a shortened URL from bit.ly. Be wary of shortened URL in emails; while the shortening service might be legitimate, phishers often use them to obscure the true destination of the link.

You can try using a URL unshortener like Unshorten.it to see if it can obtain the true destination. Here’s a screenshot of the results I got from running it on the URL from that phish–you can see that bit.ly link definitely doesn’t go to Amazon and shouldn’t be clicked!

Verify your account

This is a spoof phish; while it looks like it came from administrator@uvic.ca, it actually came from a non-UVic sender. The green “trusted source” banner is not something that was added by the UVic mail system either; that was added by the phisher in an attempt to make the message look legitimate.

The link goes to a phishing site that made some effort to copy the appearance of the UVic homepage. If you clicked on that link, reach out to the Computer Help Desk or your department’s IT support staff immediately.

Message To All Uvic Staff

This is another phish that uses COVID-19 as a lure. It claims to be a UVic internal communications email, but the non-UVic sender email is an obvious giveaway.

The email tries to convince you to click on the link for important information about COVID-19 protocols, but that link actually goes to a fake M365 page, so don’t click on it. The UVic homepage has a link to the genuine official COVID-19 communications (or you can click here to go there directly).

Re: Payment 9210579 info prepared

The number and exact wording used in the subject line will vary between messages but follow the same general pattern. For example, “documents” or “generated” might be used instead of “info” and “prepared”. The sender information will also vary per message as well.

The link goes to Google Docs, but don’t click on it; this is an example of a phisher abusing a legitimate service to host malicious content.

New message from Canada Revenue Agency

This phish may look like it came from the CRA, but don’t trust that sender information–in this email, it is spoofed!

If you were to hover over any of the links, you would see that it although they contain “cra-grc”, the site is not canada.ca or cra-arc.gc.ca, so it is dangerous to click on those links. The destination is actually a very realistic copy of the CRA login page designed to steal your login credentials.

The CRA has some tips on how to recognize scams here: https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html