Dial Active Recording

In this case, the phishing link is not in the email body but in the attachment. As always, if you receive an unsolicited email and it looks suspicious, don’t open any attachments; they may contain malware or redirect you to a dangerous site (this one would have done the latter).

The sender email address is also a giveaway that this is not a UVic email, despite what the sender display name and email body claim.

“Confirm your password” phish

Today’s phish pretends your password was going to expire today.
Note that we don’t have a policy to expire passwords.

The phish message asks you click the button in order to keep you password. As usual that leads to an external i.e. non-UVic webpage which contains the UVic logo. There, the final goal as always is to steal your UVic credentials. Below is a screenshot of that phish. The “button” is very light, almost invisible. (We added the red arrow pointing to it)

If you receive an email like that, please do not be curious and do not click on the link. Such pages might be loaded with malware so that even if you don’t enter any credentials you are at risk.

 

 

Fake Webmail /Roundcube Phish

Another scare tactic suggesting your account has been blacklisted. On occasion you may have challenges with your account due to forgotten passwords, password changes or potential compromise from clicking on links in emails such as these but typically this can be rectified with a quick call to the Computer Help Desk.

Pay attention to your sender email as well.

If in any doubt whether there is a problem, instead of opening attachments or clicking links, check to see if you can use it as  you normally would for UVic service access. You can always contact the Computer Help Desk to verify its authenticity as well.

Thank you for continuing to report these.

Final Notification

This is another spoof phish; the phishing email that claims to come from UVic but is actually from an external source. Fake Outlook and Microsoft notifications are a perpetually popular theme for phishes. As always, do not click on links or attachments from such emails.

Covid-19 Aid

Do not reply to unsolicited emails about COVID-19 aid or click on any links in them (not that there are any in this particular one). In the vast majority of cases, they are scams sent out by malicious people trying to take advantage of the pandemic.

There are a couple of variations of this campaign that use different Gmail addresses from the one in the screenshot. If you see an email of this sort and the sender is using a free email provider like Gmail, you can be pretty certain it’s a scam.

For official information about government COVID relief:

Notification “your email@uvic.ca” – Extortion messages

Over several years now we have seen various versions of extortion type emails where the criminal attempts to scare you into thinking they have some sort of damaging or embarrassing piece of information about you. Over the weekend we saw a such emails, that happen to be in French and reporting they have hacked your system, stole your photos etc and are using a Bitcoin Exchange to have you reply to their ransom. The included link is a link to a bitcoin exchange service.

These weekend versions also spoof/fake your email address and lead you to believe that perhaps your email account was hacked or is being misused. It can happen, yes, but those we’ve seen in this run are fake messages that only look like they were sent via your email address.

These two examples are only some of the variants you may see. Next week they may be in English or another language. Sometimes they capture an old password you used from old password breaches and scare you by putting a copy of that password in the subject line.

Important: If you haven’t changed your passwords in a long time and you reuse, please change them now to longer and unique passphrases for every service.

It is scary to see that someone has discovered an old password but less scary when you know you are now practicing better passphrase and account management.

Second sample email and English translation below:

English Translation:

Dear victim.

 I hacked your computer and your smartphone for a period of 3 months, I followed your activities well and I recorded a lot of things about you, even your intimate moments and other sexual stuff, I copied all of them your friends and family contacts, I want you secret to stay between you and me, but you would have to pay me for that 

Send me 1500 € by BitCoin to this address: bc1q9mzfz7kg6gefn057c82gdmprd5rmda4m5p25xu 

This Bitcoin address is automatically linked to the storage server to give you (Your photos and videos) After receiving the funds, all your data will be deleted on my server automatically, you have a 48 hour deadline to send the money, if you exceed this deadline my server will automatically share all your data with your contact list and directory, and your photos and videos will automatically be published on pornography sites, and on social networks (Facebook, Instagram, Twitter, Snapchat, TikTok, ...). 

here is where to buy bitcoin https://<redacted>==============================

“You have voicemail” phish

Today’s phish pretends you had voice mail. In order to hear it, you have to click the button, navigate to some external i.e. non-UVic webpage which contains the UVic logo.  There, the final goal as always is to steal your UVic credentials. Below is a screenshot of that phish. If you receive an email like that, please do not be curious and do not click on the link. Such pages might be loaded with malware so that even if you don’t enter any credentials you are at risk.

Your Password is not expiring!

Fake password expiry notice encouraging a webmail logon.

Attempted to encourage you to click as soon as possible by giving you a deadline and scaring you into thinking you won’t be able to access your account.

Account and password management processes will always follow known UVic procedures and any hiccups with accounts can typically be alleviated relatively quickly by contacting the Help Desk at helpdesk@uvic.ca or calling them directly when you encounter a problem. We do not encourage or force changes via email or phone calls.

 

“Incoming\Pending” & “Action needed” phish

One more phish of this kind is circulating today. It tries to persuade you there were delayed messages in your mailbox. In fact the sender is external and their ultimate goal is to steal your credentials. For that purpose they created a copy of the UVic OWA (Outlook Web Access) page.  Please do not be curious and do not click on the link.  Such pages might be loaded with malware so that even if you don’t enter any credentials you are at risk.

In a second phish (second screenshot) the malicious actor spoofed the address of the UVic Helpdesk. The subject is “Action Needed”. The body of the phish is similar and it links to the same fake OWA page.

Tutor Scam – Cheque Overpayment

A student recently reported a variation of a cheque overpayment scam involving an advertisement seeking a tutor for a high school student.  This tutor scam began with an innocent-looking email to the department, which was forwarded to interested students.

When the student emailed the supposed parent, the response seemed fairly believable but already contained signs of the typical scam.  The short-term nature and the involvement of a nanny, while plausible, are scam characteristics.



Next the scammer asked for some personal information, and indicated payment would be made in advance.  Both of these are additional warning signs of the scam.



Finally, the scammer indicated the cheque would have more than the agreed-upon fee due to some extenuating circumstance, and that the student/tutor would be expected to give the additional money to someone else (the nanny, in this case).



Thankfully the student realized this was a scam and reported it to their department.  Victims of these scams can lose thousands of dollars when the cheques eventually bounce.

If you are a UVic student and have seen these scams, report them to the Computer Help Desk.

Uvic Has Shared Meeting Contract Documents / Uvic Finance Has Shared A New Contract Documents For Your Approval

This is a spoof phish; the phisher tried to make this email look like it came from a UVic sender but it really came from an external source. The second half of the subject line varies between recipients but follows the same pattern. Hovering over the links would show that they do not go to UVic SharePoint and should not be clicked.

A few people received the variant below. This version had a spoofed sender of accounts@uvic.ca.