ALL Staff Application

Many UVic recipients reported this phish today.

It clearly comes from an external address, uses the usual scary tactics to make you act fast and as usual leads to a fake login page designed to steal your UVic credentials.
Please do not be curious and do not click on such links as they may contain malware to infect your computer instantly.

Your E-mail (netlink@uvic.ca) is Due For Upgrade -[Ticket ID: 683541]

Many uvic recipients reported this phish today. In all cases it uses the recipient address to spoof the actual sender. This way the email looks like coming from the recipient themselves. The “ticket number” in the subject is using some sort of random number generator, so it is also different every time.
There are other variations of the subject, for example:

Your E-mail (netlink@uvic.ca) will expire soon -[Ticket ID: xxxxxx]

Your E-mail (netlink@uvic.ca) Requires Verification -[Ticket ID: xxxxxx]

In all cases there is a malicious .shtml file attached.
The name of that file is:  uvic.ca-update-form.shtml
(but could be different of course)

Please do not open these attachments, they contain malware.

A screenshot of the phish is shown below:

Part-Time Job Opening

Please be aware of this phish as it impersonates a UVic faculty member to make the job offer believable. The sender’s email address is not a UVic email and the sender’s name is made to look legit “Office of Human Resources” but it is fake. The scammer is asking for a gmail address, which is a red flag, to evade UVic detection. This phish also has a usual tactic of too good to be true offer.

One can confirm such emails by contacting the person or department or organization from a known contact information (like in this case, from UVic website). Never use contact information given in the email to confirm the legitimacy of that email. Never be in a hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.

UVic Alerts

This is another very “popular” phish today.

It made effort to sound legit, it contains helpdesk@uvic.ca at the bottom and the sender may appear as an internal one to add to the sense of legitimacy.

Similarly to the job scam we posted about below, this phish uses the trick to put the whole message in a bitmap. It only looks like text with a link, but the whole body is a single picture. That picture is linked to the malicious website. This way
the victim may click somewhere on what looks like text, thinking it was safe. That would immediately trigger their web browser to open the malicious web page.
Please be careful with clicks and don’t be curious. If in doubt – ask your desktop support person or the Helpdesk.

Opening

This job scam is circulating today. It contains an attachment and tries to persuade victims to reply  back to some external address. The actual sender could be different. The body of the email message is not text but actually a bitmap picture. (the body is shown below).

The pdf also contains the email address of the scammer.

Update

Many UVic people received this phish today. It uses the usual “scary” tactic to make you act quick and eventually provide malicious actors with your UVic credentials. The link points to a fake login page.

Please don’t be curious and don’t click on links in phishing emails since some of them may contain malware to infect your computer instantaneously.

If in doubt, ask your desktop support person or the Helpdesk.

A screenshot of the phish message is shown below.

 

Invoice in a .html attachment

Recently UVic students and employees receive a lot of phish containing html attachments. The attachments might be very small or larger, may contain malware directly or redirect to malicious sites, including but not limited to fake UVic login pages.

There are numerous variations of the text in the email.  In many cases it is short as in the example below.

Please do not be curious and do not open html attachments from untrusted senders. If in doubt – ask the helpdesk or your desktop support person or give the sender a phone call and ask whether they sent you the suspicious attachment.