Month: May 2023

This phish is in circulation. There is nothing in the body of the message besides a little image at the bottom which appeals to consider the environment before printing this email. The subject suggests some UVic related business without specifying what. The attachment is a malicious .htm file. Please do not open it.
The sender we see so far is some compromised email address in Germany, but there could be other ones too. In any case – be very cautious with htm attachments – do you know the sender, do you expect a message like that, etc.

This is another popular phish today. The subject may vary – “Vacancy”, “Job Vacancy” etc, and the sender can be another UVic address or the recipient’s address.  This is a typical job scam. What they rely is the “Reply-to” address,
that’s the address were your reply goes and in this case it is an address in gmail.

Please do not reply and do not open the attachment.
Do not engage with the scammer via email or SMS and do not forward these emails around. If you responded to the scam, contact the Computer Help Desk immediately for assistance, especially if you sent personal information or money.

Transcript:

Sender: some @uvic.ca address
Subject: Job Vacancy
Attachment: (1) Work From Home.docx

I am sharing a job vacancy with students, staff and individuals who might be interested in UNICEF paid job of 500 per week. See attachment for details.

Kind regards

—-end of the transcript—

This phish is circulating today. The sender shown on the screenshot is clearly external but there could be internal spoofed senders. The goal, as usual, is to apply scary tactics so that the victim acts quick, clicks the fake login link and enters their UVic credentials.

Transcript of the message:
Sender: <some external address in .vn>
Subject: ATTENTION

Your Email account has exceeded the storage limit set by the administrator due to hidden files, Kindly click UPDATE to validate your account.

Copyright (C) 2023 Web Admin

—end of the transcript—

Here is yet another job scam email impersonating a real UVic faculty member. This job scam uses a variety of different subject lines; other ones we’ve seen include:

• UVIC STUDENT JOB
• Part-time Student Job
• Administrative Assistants Needed
• Organizational Research

The red flags to look out for are pretty much the same as the ones we’ve seen in previous batches from earlier this month:

• The emails come from Gmail addresses–a real UVic job opportunity should be coming from a UVic email address. Note: if the email appears to have been forwarded by someone at UVic, check to see who sent it to them in the first place, and be very wary if the original sender was using a Gmail or other freemail address.
• The sender’s name may differ from the professor supposedly offering the position.
• The salary offered is too good to be true, especially for a small number of hours of remote casual work. The scammer also can’t seem to get their own facts straight, as they give two different weekly amounts in the same email!
• There are errors in capitalization, spacing and formatting, as well as odd/awkward wording.
• The scammer asks you to reach them via SMS to shift the conversation to a place that UVic can’t monitor. Also, the phone number provided is not local; the 916 area code corresponds to Sacramento, California.

Do not engage with the scammer via email or SMS and do not forward these emails around. If you responded to the scam, contact the Computer Help Desk immediately for assistance, especially if you sent personal information or money.

Subject: UVIC STUDENT EMPLOYMENT
From: Prof. Sarah Gibbons <s*****25@gmail.com>

University of Victoria , Department of Physical and Health Education urgently requires the service of students to work part-time as administrative assistants and get paid $350 weekly.
The hours are flexible and students will be required to work not more than 6 hours weekly. The position can be carried out remotely and the pay is $400 weekly. Salary increment will be reviewed after gaining more training and experience on the position.
Major skills needed are ; Maintaining effective working relationships, Ability to establish effective working relationships and to prioritize tasks and projects, Ability to work independently. Basic Knowledge of Microsoft Word and Excel will be an added advantage.
To proceed with the application process and other eligibility descriptions, contact me directly on ‪(916) ***-**** stating your full name, email address, year of study, and department to receive the job description and further application requirements.

Best regards.

[impersonated professor]
[impersonated professor]
–
Professor
–
Office: MCK ***

Subject: Organizational Research
From: UVIC Support Services <greg*****522@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria , Department of Physical and Health Education urgently requires the service of students to work part-time as Research assistants and get paid $350 weekly.
The hours are flexible and students will be required to work not more than 6 hours weekly. The position can be carried out remotely and the pay is $400 weekly. Salary increment will be reviewed after gaining more training and experience on the position.
Major skills needed are ; Maintaining effective working relationships, Ability to establish effective working relationships and to prioritize tasks and projects, Ability to work independently. Basic Knowledge of Microsoft Word and Excel will be an added advantage.
To proceed with the application process and other eligibility descriptions, contact me directly on ‪(916) ***-****‬ stating your full name, email address, year of study, and department to receive the job description and further application requirements.

Best regards.

[impersonated professor]
–
Professor
–
Office: MCK ***

This phish tries to lure you in with a payroll-related document. It claims to be from UVic, but there are several signs it’s not from us:

• The sender address is external. Real payroll or HR emails should come from a UVic email address.
• “Uvic” uses incorrect capitalization, and there are other capitalization errors.
• The subject line has incorrect grammar.

Hovering over the link will show that its destination is also not uvic.ca. The phisher also seems to have used individualized click tracking links for this campaign. This highlights another good reason why you shouldn’t click the link out of curiosity–the phisher may be tracking who clicked and send those people more phishing emails.

Subject: You Have 2 New Shared File
From: Uvic Shared Document <file@quadrantpsc.com>

[redacted]@uvic.ca

Please find the attached Document “Staff Payroll”.

Review Document

Note: This email grants access to this Document.

Uvic Docs: Create and edit documents online.
You have received this email because someone shared a document with you from Uvic Docs.

Once again, scammers are sending out fake job offers that are impersonating real UVic faculty. These emails are similar to four previous batches we saw on May 8, 12, 16 and 19. Nevertheless, it’s worth doing a refresher on the red flags to look out for:

• The emails are coming from Gmail addresses. A legitimate UVic job offer should come from a UVic email address.
• The salary offered is too good to be true, especially for only eight hours per week of casual work.
• The scammer tries to move the conversation away from non-UVic email to avoid UVic’s monitoring.
• In some variants, the sender’s name will be different from the faculty member who is supposedly offering the job. Inconsistencies like that can be a sign that something isn’t right about the email.

If you received this email, do not reply to the scammer with your resume or contact information. If you did, cease contact with the scammer and reach out to the Computer Help Desk for assistance. If you forwarded the email to other people, recall the message and contact the recipients immediately to warn them of the scam.

Subject: Part-Time Job Needed
From: CAMPUS JOBS <[redacted]@gmail.com>

The service of a student administrative assistant is urgently required to work part-time and get paid $650 bi-weekly. Tasks will be carried out remotely and work time is 8 hours/week.

If interested, submit a copy of your updated resume and a functional google chat email address to our Department of Sociology via this email address to proceed.

Sincerely
[name redacted]
Professor of Sociology
Department of Sociology
Office: [redacted]

This is yet another job scam impersonating a UN agency, where the scammer has taken the additional step of using a reply address on a fraudulent domain that impersonates UNESCO. Here are the red flags indicating that this email is not legitimate:

• The offer is way too good to be true: $500 for only three hours of casual work per week and no need to go through an interview is not realistic at all.
• The email is poorly-written, with lots of awkward wording and grammatical errors.
• The email asks you to send personal information and reply with your “Alternative Email”. This is a ploy to move the conversation off UVic email to evade monitoring.
• The entire message is actually an image, not text. This is a trick scammers use to evade spam filters and is therefore a bad sign. The image has also been turned into a link that will make your mail app begin a new email with the scammer’s email address prefilled.
• The sender is not from the UN and does not match the representative named in the email. Inconsistencies like this can often be a sign of a scam.

If you replied to this email, cease contact with the scammer and reach out to the Computer Help Desk immediately for assistance.

Subject: Small Duties
From: [redacted] <*****@f***.org>

This job is for university students with academic difficulties and no prior diagnosis are see and assessed through the academic screening and assessment process. You have received this email because we subscribe to the university in general./

I am Matthias Larsen, project coordinator UNESCO’s mission which our aims and objectives is to contribute to the building of a culture of peace, the eradication of poverty, sustainable development and intercultural dialogue through education, the sciences, culture, communication and information.

We consider this employment simple for anyone to handle because you will only help me purchase items when needed and clear purchase invoices for donor services. This employment only takes an hour a day and 3 times a week with a $500 (five hundred cad) weekly salary.

There won’t be any interview because i am currently away on an official assignment to helping students in Sudan. You will be paid in advance for all tasks and purchased to be done on my behalf. Upon my arrival we will discuss the possibility of making this a long-term employment if i am impressed with your services while i am away and if you are interested.

My arrival is scheduled for 28th of august 2023. I got your email through a short list from the university human resources department.

To apply, kindly email back with your Alternative Email | your full name | age | Address and mobile number to my email below.

Sincerely,

Matthias Larsen

Project coordinator

Unesco email: work@[scam email domain redacted]

Today we have seen another batch of job scams similar to previously seen job scams this week. This one also uses the name of a real professor from the UVic Department of Computer Science to make the offer seem legitimate. To spot the red flags, please check out these previous posts:

May 16: Part-time Job Opening

May 12: Organizational Research Assistant – University of Victoria

May 8: “Student Research Assistant Urgently Needed” or “Office of Research Assistants” job scam emails

Here’s the screenshot of today’s job scam:

Today’s batch of job scam emails is very similar to the ones we wrote about on May 8 and May 12. Like the previous rounds, the scam uses the name of a real professor from the UVic Department of Computer Science to make the offer seem legitimate. As a refresher, here are the red flags in the email that indicate this offer is a scam:

• The emails come from Gmail addresses. A legitimate UVic research job opportunity should come from a UVic email address.
• The sender of the email differs from the professor named in the signature block. Inconsistencies like this can be a sign that the offer isn’t legitimate.
• The email tries to shift the conversation off UVic email to Google Chat to evade monitoring.
• The offer is too good to be true–$315 for 7 hours of work a week is more than twice the minimum wage in BC.

We have since learned that people who respond to the scammer will be told they got the job without having to go through an interview or even meet the professor (not even virtually). This is yet another sign that the supposed opportunity is a scam.

The scammer will then proceed to build trust by sending tasks for performing market research for office equipment and supplies. Eventually, this will culminate in asking the victim to purchase office supplies by sending their own money to a specified “supplier” (actually the scammer) and that they will be reimbursed later (which of course doesn’t happen).

If you received this email, do not reply to the scammer with your resume or contact information. If you did, cease contact with the scammer and reach out to the Computer Help Desk for assistance. If you forwarded the email to other people, recall the message and contact the recipients immediately to warn them of the scam.

Subject: Part-time Job Opening
From: Dr Henry Garcia <dr[redacted]@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

The service of a Student Assistant is urgently required to work part-time and get paid $315 weekly. Tasks will be carried out remotely and work time is 7 hours in a week.
If interested, submit a copy of your updated resume and a functional google chat email address to our Department of Computer Science via this email to proceed.

Sincerely
[name redacted]
Professor
Department of Computer Science
Office: ECS [room redacted]

Subject: Part-time Job Opening
From: DEPARTMENT OF HUMAN RESOURCES <dr[redacted]@gmail.com>

The service of a Student Assistant is urgently required to work part-time and get paid $315 weekly. Tasks will be carried out remotely and work time is 7 hours in a week.
If interested, submit a copy of your updated resume and a functional google chat email address to our Department of Computer Science via this email address to proceed.

Sincerely
[name redacted]
Professor
Department of Computer Science
Office: ECS [room redacted]

Another job scam impersonating a UVic faculty member to make the job offer look legitimate. Following are the red flags:

1. The sender address name doesn’t match with the Faculty name given in the signature.
2. The email address is a gmail address not a UVic address.
3. The email asks you to contact via text message, which is a tactic to avoid UVic detection.
4. The offer is too good to be true, offering to pay much higher pay for less work.

Please do not reply or contact the scammer. If you have replied please contact helpdesk or your DSS.

Always look for phishing signs before taking the action mentioned in emails. When in doubt contact helpdesk.

We’ve been seeing several variations of these fake research assistant job offers, each one impersonating a real UVic faculty member to make the opportunity look legitimate. However, there are several red flags that indicate these are scams:

• The emails come from Gmail addresses, not from the faculty members’ UVic email addresses.
• The scammer asks you to respond using a different communication method (SMS or Google chat). This is an attempt to evade our monitoring systems by moving the conversation away from UVic email.
• The versions that request responses via SMS don’t provide a local phone number; the 323 area code corresponds to Los Angeles, California.
• The pay offered is several times higher than the minimum wage in BC and therefore too good to be true, especially for part-time/casual work.
• The messages contain errors in grammar, spacing and/or punctuation.
• The name of the sender of the email may differ from the professor mentioned in the message.

If you replied to one of these emails, contact the Computer Help Desk immediately for assistance, especially if you sent money or personal information.

Subject: Office of Research Assistants
From: [name redacted] <csdepartment.uvic.***@gmail.com>

University of Victoria is currently seeking a Research Assistants to join the Department of computer science, under the supervision of professor: [name redacted].
The hours are flexible and students will be required to work not more than 6 hours weekly. The position can be carried out remotely and the pay is $300 weekly. Salary increment will be reviewed after gaining more training and experience on the position. The position is open for any student of the institution.
Major skills needed are ; Maintaining effective working relationships, Ability to establish effective working relationships and to prioritize tasks and projects, Ability to work independently. Basic Knowledge of Microsoft Word and Excel will be an added advantage.
If interested , submit your full name, department and year of study to me directly via text message on (323) [scammer’s phone number redacted].

Best regards,
[name redacted]
Professor in the department
of Computer Science.
(323) [scammer’s phone number redacted].

Subject: Office of Research Assistants
From: Prof. Colette Coco <ac****mo@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria is currently seeking a Research Assistants to join the Department of computer science, under the supervision of professor: [name redacted].
The hours are flexible and students will be required to work not more than 6 hours weekly. The position can be carried out remotely and the pay is $300 weekly. Salary increment will be reviewed after gaining more training and experience on the position. The position is open for any student of the institution.
Major skills needed are ; Maintaining effective working relationships, Ability to establish effective working relationships and to prioritize tasks and projects, Ability to work independently. Basic Knowledge of Microsoft Word and Excel will be an added advantage.
If interested , submit your full name, department and year of study to me directly via text message on (323) [scammer’s phone number redacted].

Best regards,
[name redacted]
Professor in the department
of Computer Science.
(323) [scammer’s phone number redacted].

Subject: Student Research Assistant Urgently Needed
From: Larry Grace <lg3****9@gmail.com>

The service of a student research assistant is urgently required to work part-time and get paid $650 bi-weekly.Tasks will be carried out remotely and work time is 8 hours/week.
If interested, submit a copy of your updated resume and a functional google chat email address to our Department of Psychology via this email address to proceed further.

Regard
[name redacted]
Associate Professor of Psychology
Department of Psychology
Office: COR [room redacted]

This high volume phish applies the tactic of curiosity. It impersonates regular sharing of files done using OneDrive. But looking at the sender address reveals it is not coming from a Microsoft domain and the sender name is also fake.

The phisher has sent this phish without any context and  in the hope that a curious mind would click the link and fell for it. Hence, never be in a hurry to click the links in the email and take a moment to consider if you were expecting a sharing of file. If such emails are sent from someone you know, always confirm with them. Whenever in doubt, consult helpdesk.

This phish was observed today by many at UVic. There is no context mentioned, whatsoever, about the attached docx file. This phish is merely to attract the curious to open the attachment.

Never open/download any attachments given in suspicious emails. Even though the file may seem benign but attachments in phish are infected with viruses and other malware, which will get executed as soon as you click on the file.