“Research Assistants Needed” or “Job Opening For Research”

Job scammers are once again impersonating real UVic professors when they offer fake research job positions. The red flags that indicate this offer is not legitimate are the usual ones:

  • The emails come from Gmail addresses. A legitimate UVic job offer should be announced from a UVic email address.
  • The salary offered is too good to be true given the very small number of hours per week to be worked.
  • The email contains errors in punctuation, spacing and capitalization.
  • In some cases, the name of the sender may differ from the professor mentioned in the email. Inconsistencies like this can be a sign that something is not right about the email.

Do not reply to these emails with your information. If you did, cease contact with the scammer and reach out to the Computer Help Desk for assistance.

First half of a job scam email from a Gmail address that impersonates a real UVic psychology professor

Second half of a job scam email from a Gmail address that impersonates a real UVic psychology professor

Subject: Research Assistants Needed
From: [professor name] <*******@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University Of Victoria , Department of Psychology requires the services of Graduate and Undergraduate students to assist with research projects on campus. The successful candidates will work closely with our research team to support ongoing data collection, and analysis . They are to work remotely and get paid $400 weekly.

Responsibilities:

Assist with the design and implementation of research projects on campus
Conduct literature reviews and summarize key findings
Collect and analyze data using appropriate statistical methods
Prepare and present findings to the research team
Perform administrative duties such as scheduling, data entry, and record keeping
Assist with writing research reports and manuscripts for publication
Recruit participants and conduct research studies
Qualifications:

Excellent organizational and time management skills
Strong attention to detail
Availability to work on campus or remotely
Proficient in Microsoft Office (Word, Excel, PowerPoint)
This is a part-time position with a flexible schedule, and the successful candidate will work approximately 7 hours per week. The position offers valuable research experience, and the opportunity to work with a dynamic and collaborative research team on campus.

To proceed with the application process and other eligibility descriptions, submit your resume for review.

Best regards,

[Redacted]

Position
Professor
Psychology
Contact
Office: COR ****

Your Ultramar invoice is now available to view

Fake invoices are a common theme for PDF phishing. Be wary if you receive an invoice email that you weren’t expecting, especially if it comes from a company that you don’t have any dealings with. This fake invoice email is relatively well-written, but there are a couple of signs that the attachment isn’t legitimate:

  • The email contains no personalized greeting; this can be a sign of a mass email sent to many recipients, when legitimate invoices are something that are supposed to be individualized.
  • The email is unusually vague and doesn’t give any information about the supposed invoice; it just tells you to look at the attachment. Usually a legitimate invoice or receipt email will mention some basic information about the transaction, such as the total amount or perhaps the billing/order date.

The red flags above are a sign that you shouldn’t open the attachment. InfoSec examined the contents using a secure tool and found that it contains a blurred out picture of an invoice, overlaid with a box that says, “View Protected Document”. If a PDF tells you to click to view protected content, that is a sure sign the PDF is malicious. If you did open the PDF, reach out to your department’s IT support contact immediately for assistance, especially if you clicked on “View Protected Document”.

Fake invoice email directing you to click on a malicious PDF attachment for details

From: Ultramar <support@cobills.com>
Subject: Your Ultramar invoice is now available to view/Votre facture Ultramar est maintenant disponible à la consultation

Attachment: Invoice3421.pdf

Thank you for choosing Ultramar as your product and service provider. We appreciate your business! We would like to remind you that e-Bill is our environmentally friendly billing option.
Please do not reply to this email.
If you have any questions, please see the attached statement for Ultramar contact information.

Merci d’avoir choisi Ultramar comme fournisseur de produits et services. Nous apprécions votre entreprise ! Nous vous rappelons que l’e-Bill est notre option de facturation écologique.
Veuillez ne pas répondre à cet e-mail.
Si vous avez des question, veuillez consulter la déclaration ci-jointe pour les coordonnées d’Ultramar.

Protected Transcript For Staff or Please See Attached File

Phish impersonating Office of the Registrar to lure users into opening the attached file. UVic branding is used by the phisher to gain trust and distract the user away from the red flags.

Sender address used is external as opposed to the UVic address which would be the case if it were coming from a legit UVic office. The sender name used is generic and the salutation is also generic. There is no logical reasoning as to why this email is sent. Hence, beware of such phishing scams, and never open attached files just because the email mentions to do so, not even for your curiosity as attached files can infect your device.

Phishing email from external address with subject "Please see Attached File" that has malicious pdf attached.

Subject: Please See Attached File
From: UNIVERSITY OF VICTORIA <*****ollege.edu>

Attachment: UNIVERISTY_OF_VICTORIA_PROTECTED_STAFF_TRANSCRIPT.pdf

 

Dear Students/Alumni/Staffs/Non-Staffs,

A copy of your record is available for you to look at Look through and keep up to date with your accomplishment
Kindly go through the attached file.

Office Hours: Monday-Friday, 8:00 AM – 5:00 PM
Office of the Registrar.,
[UVic branding logo]

 

Document shared with you:

This phish is circulating today.

The goal, as usual is to steal your UVic credentials by using a fake login page. The sender is external but they may impersonate different internal people.

 

<name of the compromised external account> shared a document
<name> (******.edu) added you as an editor. Verify your email to securely make edits to this document. You will need to verify your email every 7 days. Learn more [link to Google documentation]

Dr. <UVIc person name> shared a file with you
AI Literacy, Assessment, and Fall 2023 Teaching.docx

Open [link to the fake login page]

Use is subject to the Google Privacy Policy [link to Google documentation].
If you don’t want to receive files from this person, block the sender from Drive[link to Google documentation]

 

 

$2,500 Credit Fund

This phish is to steal user’s banking (credit/debit card) information. The phisher is giving a bait of $2500 to lure users into giving their banking details. As always, this email has following phishing signs:

  1. Subject of the email is to attract users to open the email and read further.
  2. This email impersonates Green dot bank as it claims to come from this company but the sender email address is different and no signer name at the bottom.
  3. Link given does not go to Greendot domain (always check links by hovering over it).
  4. The email mentions American Opportunity Tax Credit for which the jurisdiction is US and not applicable in Canada.

Never overlook the warning signs in such emails as even the minor details can lead to detection of scams. Always beware of giving out any personal or confidential information.

Phish to steal banking information with subject "$2,500 Credit Fund".

Subject: $2,500 Credit Fund
From: Bayu Kurniawan <[redacted sender address]>

We are pleased to inform you that the school management and its community in collaboration with @GreenDot, after the recent annual calculation of your educational expenses, you have been determined eligible to receive an education credit from the American Opportunity Tax Credit (AOTC) in the amount of $2,500.

To ensure you receive your education credits, it is important that you fill the bank details for proper verification before remittance into your bank account details.

Connect your account[link to phish] to verify identity and submit your direct deposit details.

Thank you for your attention to this matter.

Sincerely,

Green Dot,
P.O. Box 1070,
West Chester, OH 45071

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.

 

Job Opening

Job scam impersonating UVic professor to make the job employment look legit. There are other similar emails circulating with different subject and different senders. We have been continuously seeing these types of scams this summer. Please pay attention to the phishing signs before taking action on such emails. Here are some easy to spot phish signs:

  • External email address, which wouldn’t be the case if it was coming from UVic office.
  • Sender name doesn’t match with the name of the professor impersonated.
  • Salary offered is too good to be true.

Never reply to such scams and take a moment to look for warning signs. Most of these scams are to defraud you of money.

If you responded to the scammer, contact the Computer Help Desk for assistance, especially if you sent money or personal information. If you forwarded the email to other people, recall the message and warn the recipients as soon as possible.

Job scam email impersonating UVic professor with Subject "Job Opening".

Subject: Job Opening
From: Stanford Psychology.edu <doug****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria ,Department of Psychology requires the services of Undergraduate students to assist with research projects on campus. The successful candidates will work closely with our research team to support ongoing data collection, and analysis . They are to work remotely and get paid $400 weekly.

Responsibilities:

Assist with the design and implementation of research projects on campus
Conduct literature reviews and summarize key findings
Collect and analyze data using appropriate statistical methods
Prepare and present findings to the research team
Perform administrative duties such as scheduling, data entry, and record keeping
Assist with writing research reports and manuscripts for publication
Recruit participants and conduct research studies
Qualifications:

Excellent organizational and time management skills
Strong attention to detail
Experience with research methods and statistical analysis
Strong written and verbal communication skills
Ability to work independently and as part of a team
Availability to work on campus or remotely during weekdays and weekends
Proficient in Microsoft Office (Word, Excel, PowerPoint)
This is a part-time position with a flexible schedule, and the successful candidate will work approximately 7 hours per week. The position offers valuable research experience, and the opportunity to work with a dynamic and collaborative research team on campus.

To proceed with the application process and other eligibility descriptions, submit your resume for review and approval for the position.

 

C/O

[redacted professor name]

Professor
Psychology

Contact
Office: COR [redacted]

 

$500 Weekly Pay

A job scam phish trying to lure users with a lucrative pay offer. There is not much mentioned in the email body itself rather asks for users to open the pdf attachment for details. There is no reason for anyone to open the attachment as it has clear signs of phishing. Email body doesn’t give any information of why someone is sending you this email and subject just states the salary to attract users which is uncommon for legit job emails.

Before opening any attachments, look for phishing signs as those could be infected files. If you have fallen for this scam please contact helpdesk or your IT support contact.

Phish from external sender with subject $500 weekly and a attached pdf file.

Subject: $500 Weekly Pay
From: Tito Tatag Prakoso <[redacted sender address]>

Attachment: $500 Weekly Pay.pdf

View attached for Temp Job details.

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.

You’ve been enrolled in training

Many UVic recipients received this phish in the morning.  It is easy to see that the links point to a site outside UVic (by hovering the mouse cursor on top without clicking).  As usual the goal is to steal your credentials. Please do not be curious and do not click on such links because they may contain malware to infect your computer instantly.

Note that sometimes the sender may look internal (or be indeed internal if a UVic account was compromised). If not sure, whether an email is legit, ask your Desktop support person or the helpdesk.

Dear ,
You are now enrolled in Multi-Factor Authentication . You must complete this training within 24hrs.

The assignments you’ve been enrolled in are displayed below:

– Hacking Multi-Factor Authentication with Roger Grimes[link to the fake login page/

Please use this link to start your training:
https:\\training.knowbe….[link to the fake login page]

It is important that you complete this training within 24hrs. Thank you for helping to keep our organization safe from cyber crime.