This phish is pretending to be coming from Microsoft office but there are red flags that suggest otherwise. The sender email domain is not Microsoft and the link given is also not hosted on Microsoft domain. Other warning signs are no salutation, generic signature and most of all the subject itself gives warning.
Always be on the look out for warning signs and never be in hurry to take actions suggested in the email. Whenever in doubt please contact helpdesk for advise.
This is not the first time we’ve posted about piano scams, but this one is unusually well-crafted and also takes the extra step of impersonating President Kevin Hall. The sender email address in the example below even looks like it came from within UVic, but in reality it was spoofed.
The fact that the email tells you to contact someone you don’t know at a different email address from a free email provider is a red flag. If you’re not sure about the legitimacy of the email, verify it by contacting the supposed sender through a different contact method that you know is safe. Do not reply directly to the suspicious email–in this case, the email was crafted to send any replies to yet another Gmail address that is controlled by the scammer. And as always, be wary of unsolicited offers that look too good to be true.
We have observed a large wave of Canada Revenue Agency themed phishing emails sent from a wide variety of addresses (most coming from compromised accounts in Japan. The emails are well-written and contain a link to an Amazon site, which redirects to a phishing domain hosting a convincing CRA look-a-like website.
The subject lines can vary a little.
Please do not be curious and do not open these links as sometimes they may contain malware to infect your computer instantly.
A regular phish with scary tactic that you won’t receive new messages until you click on the link to upgrade. By looking at the recipients one may notice it is a mass send email. The senser address is external and sender name is vague. The salutation and signature are generic. The link given (check by hovering over it) is also external. All these warning signs point this email to be phishing.
Never be in a hurry to click the links, think and try to spot the phishing signs. Whenever in doubt, check with helpdesk.
Re-run of the following phish, with subject changed to ITS_DESK:
Read the above post to spot the phishing signs for this phish.
This phish uses scary tactic to get you to click on the link by stating that your account would be deactivated otherwise.
To spot phishing signs, you can imagine what should the email look like if it were to be true. In this case, sender is an external entity, which would not be the case if it came from UVic helpdesk. The reason for deactivating the account is not specified as to what lead to the situation, it is not to say that if the phisher had given the reason it would make it legit but in this case it calls for additional red flag. Generic signature and salutation. The phisher hid the link by giving it the name “University of Victoria” so that users think it is genuine, actual link can be seen by hovering over it and you would notice it is an external link.
Always, pay attention to the red flags and never be in a hurry to click the links.
