Month: June 2023

Job Offer or Job Offered

This phish has no hidden agenda, plain and simple job scam. The phisher has clearly put no effort, whatsoever, into making it look legit.

There is no mention of who this person is and what organization they work for, not even their last name. Salutation is generic and formatting of the text is weird along with grammatical errors.

Please don’t reply to such job scams and be aware of the phishing signs.

Job scam phish from external sender.

Subject:Job Offer
From: [external sender]@gmail.com

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear Job seeker,
My name is Alec . I have an urgent need to replace my representative across Canada. I am looking for a friendly, simple & trustworthy individual . Someone with a good sense of humor that can take the company to the next level.
Do get back if you are available to work so I can give you details of the job required as this will not disturb your other work .

Sincerely
Alec

[Someone] shared “FILE REVIEW 2023” with you

This phish is an actual SharePoint Online file sharing email, but that doesn’t mean the file it goes to is legitimate. Phishers are known to use compromised Microsoft 365 accounts at other organizations to create a phishing document. Instead of creating their own phishing email, they instead send out the phish by sharing that phishing document with the other people they want to target. That can potentially make the phish harder to detect because the emails have the same look and feel as legitimate SharePoint Online file sharing emails.

Despite all that, there are still some red flags:

  • The message claims that the file is from the UVic president, but the file wasn’t shared by him or someone from the UVic President’s Office. Inconsistencies like this can often be a sign of a phish or scam.
  • The message is very vague. This may be a trick to make you curious and go to the file to find out what’s actually in it.
  • There is incorrect grammar and capitalization in the message.
  • At the bottom-right corner of the message, you’ll see a different university’s logo. This is a sign that the file did not come from within UVic’s Microsoft 365 tenant. An actual file from the UVic President should not be coming from a different university’s Microsoft 365 service.

A SharePoint Online file sharing email from a compromised account at another organization. It pretends to be a file from President Kevin Hall but actually goes to a phishing document.

From: E********** <noreply@sharepointonline.com>
Subject: E********** shared “FILE REVIEW 2023” with you.

E********** shared a file with you

FWD: President Kevin Hall you a file using one drive.

[Word document icon] FILE REVIEW 2023

This link will work for anyone.

Open

[Microsoft logo]
[Other university’s logo]

2023 Employee Assistance Program

Alas, scammers and phishers have no hesitation about taking advantage of events like the COVID-19 pandemic and preying on people who are in financial need. This phish does just that, using the lure of financial assistance to get people to click on the link. Look closely at the email and you will find a number of red flags that indicate that this is not a legitimate offer from UVic:

  • The sender is not from UVic.
  • The signature block is generic and does not mention UVic at all. It also contains an American city and zip code, which does not fit for a Canadian university.
  • Hovering over the link reveals a destination that is not on uvic.ca.

Therefore, do not click on the link from this email and do not enter login credentials on the page. Also, avoid rushing to approve MFA pushes when they come. If an MFA push is unexpected or it’s coming from a weird/unexpected location, it’s safest to deny the attempt, then report it as a suspicious login so that the UVic Information Security Office can investigate. You should also change your password as soon as possible.

Phishing email making a fraudulent offer of financial assistance to employees in light of the COVID-19 pandemic.

Subject: 2023 Employee Assistance Program
From: [redacted]@******xusa.com

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

I want to let you know about the 2023 Employee Assistance Program [EAP], which will be available to help employees and their families with financial assistance.

Most families have had trouble over the past few years because of the COVID-19 pandemic. The goal of the Employee Assistance Program[EAP] is to give workers and their families financial support up to $800.

New applications are being accepted for the Employee Assistance Program. Applications can be submitted via the 2023 Employee Assistance Program [link].

Sincerely,

EAP COVID-19 support team.
Los Angeles, CA 90032.

Email Security Gateway Update

It’s certainly ironic when phishers say something about an increase in spam emails and even say you should be careful when handling emails. That being said, it’s not an uncommon tactic; they do it to make you think it’s from your IT Security staff, hoping that you won’t apply that sense of caution to this particular email. They also create a false sense of urgency by requiring you to act before a fast-approaching deadline.

However, the sender address is not from UVic, which is a sign that the email is not legitimate. Hovering over the link (without clicking on it!) also reveals that the destination is not on uvic.ca. Do not click on the link from this email and do not enter login credentials on the page.

Also, avoid rushing to approve MFA pushes when they come. If an MFA push is unexpected or it’s coming from a weird/unexpected location, it’s safest to deny the attempt, then report it as a suspicious login so that the real UVic Information Security Office can investigate. You should also change your password as soon as possible.

Phishing email pretending to be a security alert and asking you to register for a new email security filter.

Subject: Email Security Gateway Update
From: [redacted] <[redacted]@******xusa.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

The amount of spam emails reaching email inboxes has increased recently, according to the IT department. We wish to warn you to open and respond to any email with caution.

All users must register for the new email security filter on or before June 17, 2023, to use it. To register, go to Barracuda Email Gateway  and log in with your details.

Kind Regards,

[redacted]

Student Research Position

This is a typical job scam that we have been seeing since past month impersonating a faculty member. Following are the red flags:

  1. External sender address as opposed to UVic address.
  2. Sender’s name doesn’t match the faculty member impersonated.
  3. The salary offered is too good to be true.
  4. Contact number is given by the scammer with intent to move the conversation away from UVic email to avoid UVic’s monitoring.

Please do not reply or contact the scammer. If you have replied please contact helpdesk or your DSS.

Always look for warning signs before taking the action mentioned in emails. When in doubt contact helpdesk.

Job scam email from a gmail address with subject Student Research Position.

Subject: Student Research Position

From: INFORMATION SUPPORT SERVICE <sack****99@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information

University of Victoria, The Department of Psychology urgently requires the service of student research assistants, whose engagement will contribute to our interconnected goals of excellence, diversity, equity, and inclusion. They are to work remotely and get paid $350 weekly.
The research position applications are open to students from any academic department, and tasks can be carried out remotely. It gives excellent opportunities for students to study and earn money, including assigned research work, mentorship, travel funding, and program-based professional development opportunities related to scholarship and teaching to prepare them for possible tenure-track appointments in the Institution. All this could be achieved without affecting academic performance or leisure time.
To proceed with the application process and other eligibility descriptions, submit a copy of your resume via email or text me on (424) ***-**** to receive the job description and further application requirements.

Best regards,

[impersonated professor]

Associate Professor

Psychology

Office: [Office location]

[Professor’s joining information]

Clinical Psychology

 

RE: Technical service – Mailbox authentication Updates

Many UVic addresses received this phish today.
The sender is clearly external, the body does not make too much sense and contains mistakes. The link points to a fake login page that will be turned down soon. (Please do not be curious and do not click on these links, because they may contain malware to infect your computer instantaneously).

Subject: RE: Technical service – Mailbox authentication Updates

All Employee, Student And Staff

We are currently running an upgrade on all active OWA Outlook accounts, in order to complete the upgrade automatically, you must initiate the upgrade manually by visiting the OUTLOOK WEB PORTAL[link to the fake login page]. The upgrade will take effect 4 Working Day

Any Outlook accounts that have not been upgraded during this time will be classified as inactive, which may result in account deactivation/closure.