RE: YOUR OFFICIAL CONSENT LETTER! PLEASE READ!!

This phish uses a lot of vague language to describe the purpose, like “partnership in a business project”, no information about what the proposal is and what kind of business project. Nevertheless, if you are not expecting an email, it is probably a phish. The subject of the email uses “RE:” to appear as ongoing email thread, and the subject doesn’t match the context in the email body. Signature does not give any information about the sender except for the name. All these signs indicate that this email is a phish along with formatting mistakes.

Hence, always look for warning signs in an email before taking any action and, think whether you were expecting such email. Never reply back to the scammers asking for more information as they intentionally give vague or no information. Whenever in doubt, contact helpdesk or your departmental IT contact.

Phish with subject "RE: Your OFFICIAL CONSENT LETTER! PLEASE READ!!" that mentions about a vague proposal to attract curious people to reply for more information.

Subject: RE: YOUR OFFICIAL CONSENT LETTER! PLEASE READ!!
Sender: Tulub Serhiy <****@ctb.ne.jp>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Date: Friday 27, October 2023

Compliment of the day, and I hope my Email finds you in good health.

I got your reference in my search for someone who suits my proposed
business relationship.

I am contacting you to seek your partnership in a business project,
I have all the modalities fashioned out to give this business an
excellent outcome.

I am confident that you will give your consideration to this proposal
and respond positively within a short period of time.

As soon as you give your positive response to this proposal, I will not
hesitate in sending you the details information of this great investment
partnership opportunity.

Regards.

I wait for your quick reply for more details.

Yours Truly
Dr. Serhiy Tulub

Opportunity to own a Grand Baby Piano

If you received an email claiming to give away piano for free, it is a scam. Keep in mind, if it is too good to be true offer, it probably is. The scammer is impersonating UVic members to make the offer look legit, nevertheless, it is a scam. The email address of the sender is external to UVic and also asking the users to reply to another external address with your personal email, this tactic is to evade UVic network detection.

Please be wary of such scams of unsolicited offers and do not reply to such emails not even to confirm if the offer is legit or not. If you’re not sure about the legitimacy of the email, verify it by contacting the supposed sender through a different mode of contact than given in the email.

Piano scam with subject "Opportunity to own a Grand Baby Piano" which gives too good to be true offer of free piano.

 

Subject: Opportunity to own a Grand Baby Piano
Sender: [Redacted sender name] <****@fioptics.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear Faculty/Staff,

One of our Staff Mrs. [redacted name] is giving out a piano to a loving home for free. You can write to her to indicate your interest on her private email (****@outlook.com).

Please write Mrs. [redacted name] via your personal email for a swift response.

Thanks,
[redacted name]
Professor
University of Victoria

 

Dear Email User

An obvious phish indicating lack of effort from the phisher. These types of phishes are sent in high volume where it mostly become numbers game, hoping to get at least 1 (if not more) victim out of thousands.

This phish tries to lure users with too good to be true offer of a grant. But there is no context, whatsoever, of what this grant is, which organization is providing it, and why is it being provided. The email subject has no meaningful connection with the text in email body. The name of the sender doesn’t match the name given in email signature. Grammatical mistake is also a factor indicating it is a phish.

Never reply to addresses given in phishes, not even to request unsubscribe from mailing list. Always take a moment to look for phishing signs. Whenever in doubt contact helpdesk or your departmental IT support.

Phish email with subject "Dear Email User" that offers a good sum of money as grant.

Subject: Dear Email User
Sender: Perry Collin <*****sd73.bc.ca>

You have qualify to receive this month grant pay out check. ( $2800) To process claim,send the following details:
Name –
Address-
Tel-
To the grant co-ordinator
Name- Perry Collin
Contact email – *****@hotmail.com
We await to hear from you.
Salace Anderson
Grant Mat sector.

Remote Job Opening

Job scammers are once again trying to take advantage of students who are in need of money to pay for tuition and necessities in these tough economic times. As in previous batches that we have seen and written about, the scammers impersonate a real UVic professor to make the job offer look legitimate. The red flags are the same as before:

  • The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
  • The name in the sender information does not match the name of the professor supposedly offering the job. Inconsistencies like this can be a sign of an impersonation scam.
  • The salary offered is too good to be true. $50/hour is more than triple the minimum wage in BC and a part-time student job is not realistically going to offer pay that high.
  • The email requests your Google Chat email. Scammers often request alternative contact information to move the conversation away from UVic’s defences and monitoring.

Therefore, do not reply to the email with your information. If you did, cease contact with the scammer and reach out to the Computer Help Desk for assistance.

Subject: Remote Job Opening
From: Emily Rauscher <*****emilyap5@gmail.com>

The service of a student/graduate student  is urgently required to work part-time as a research assistant and get paid $450 weekly. Tasks will be carried out remotely from home and work time is 9 hours/week.

If interested, submit a copy of your updated resume and functional google chat email address to our Department of Psychology via this email to proceed.

Sincerely
[name redacted]
Assistant Teaching Professor
Psychology
Office: COR A***

Email thread hijacking (replies to old legitimate emails with malicious links or attachments)

If someone you know (or at least had previously written to) had their mailbox compromised, the malicious actor who compromised it may try to target you by taking an old legitimate email thread and sending a new reply with either a malicious link or attachment. This trick is called thread hijacking and attackers use it to make their phishing attempt look more legitimate.

Thread hijacking cases often link to malware, so be extra careful around links or attachments until you’re able to confirm they’re safe. Be wary of unexpected replies to email threads that are very old or replies whose contents don’t seem to match the context of the original email. If the reply seems off to you in any way, don’t click on any links or attachments until you can check with the person through a different contact channel that you know is safe (e.g.: phone, video call or asking in person).

It can also be helpful to check the sender address for the reply. If it is unfamiliar or doesn’t match an email address that you already have for the person you had written to, the email is almost certainly a thread hijacking case.

Email thread hijacking example: a malicious actor has replied to an old legitimate email with a malicious link.

Subject: [EXT] [****-ugrad-dept-****] FW: *UPDATED FORM* [faculty redacted] Undergraduate Achievement Bursaries: Application forms 2021-2022
From: [redacted] Administrative Officer / UVic <EEmard@irorica*****.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hi there,

Please review some latest documents for your department project:

https://outlet******.cl/met/?76539721

If you’ll have any questions, Please contact me.

From: [faculty redacted] Deans Assistant
Sent: September 28, 2021 10:33 AM
To: [redacted]
Cc: [redacted]
Subject: *UPDATED FORM* [faculty redacted] Undergraduate Achievement Bursaries: Application forms 2021-2022

This year, 13 bursaries of $1,500 each will be awarded to exceptional students in the Faculty of [redacted]. Students should be advised to return completed forms to the Office of the Dean by November 1, 2021.

TERMS OF REFERENCE:

Achievement Bursaries recognize undergraduate students who have demonstrated outstanding commitment to the pursuit of excellence in their endeavors. [Redacted] and other areas where individual expression becomes public are recognised through these bursaries. Recipients must have demonstrated financial need and a minimum 3.5 sessional grade point average for students continuing at UVic, or a 70% admission average for students commencing post-secondary studies for the first time.

University officers will distribute application forms to prospective students, who will complete and return them to the Office of the Dean, Faculty of [redacted] by the deadline.

Student Letter

This phish is for the curious mind, there is no context as to why it is sent as the email body is empty. Subject of the email has no meaning on its own just a vague combination of words. There is no reason for anyone to open the attachment, except if you are curious. When we couple curiosity with ignorance, it can lead to negative results, as would be in this case.

Hence, always look for warning signs in an email before taking any action and, think whether you were expecting such email. Never reply back to the scammers asking for more information as they intentionally give vague or no information. Never open attachments in an email, unless you are sure it is not a phish, as it can lead to malware on your device.

Phish with subject "Student Letter" which only has an attachment and no email body.

Subject: Student Letter
Sender: Irene Vila Ardiaca <*****.udl.cat>
Attachment: 2023 Student Grant Approval.txt

Red Cross Part-Time Job

Today we received another variant of the Red Cross job scam phish. It uses the tactic of too good to be true offer to lure users. The sender email address is not official Red Cross email, signature used is vague and does not represent an official authority, asks users to reply from their personal email which is to evade UVic network detection, and the address to reply back is yet another email address external to Red Cross.

Never send your personal information to such scammers, always take the time to look for warning signs in an email. If you have already replied, and/or sent your resume to this email please reach out to helpdesk.

Job scam phish with subject "Red Cross Part-Time Job" that lure users to give personal information.

Subject: Flexible Part-Time Job
Sender: Noval Bawoel <****@iconpln.co.id>

The American Red Cross is hiring a Distribution Assistant for a part-time, home-based role with flexible hours and a weekly salary of $700. You’ll buy items online and deliver them to those in need in your local community, requiring 3 hours per day, three times a week. To apply, send your resume/application to Mathew Mammen at ****careers.com using your frequently used personal email.

Thank you for your interest.

Sincerely,

Mass Care Team
American Red Cross

_______________________________________________________________________
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.