Remote Flexible Job

Job scams that pretend to be from the Red Cross seem to becoming more common. As with many other job scams that we’ve seen before, the scammer tempts people with a generous salary for a minimal amount of work. If a job offer arrives unsolicited and the compensation is too good to be true, you can be sure it’s a scam.

Other red flags that indicate that the offer is fake:

  • The email was sent from an address that does not belong to the Red Cross. A legitimate email from the Canadian Red Cross would come from a redcross.ca email address.
  • The message contains multiple grammatical errors.
  • You are asked to reply from your personal email–this is a trick to move the conversation off UVic email to evade detection.
  • Replies are to be sent to a different address from a Red Cross lookalike domain.
  • The confidentiality notice is not from the Red Cross.

If you replied to this email, cease contact with the scammer and reach out to the Computer Help Desk immediately for assistance.

Job scam email that pretends to be from the Red Cross


Subject: Remote Flexible Job
From: [redacted] <********@iconpln.co.id>

Distribution Assistant is vacant at the National Red Cross with a weekly pay of $500. 3 hrs. per day, 3 times a week is required for purchasing of online items and delivering them to foster/disable homes in your local community. To apply, send cv/application to Mammen at jobs@arc-******.com with your personal email.

NRC


This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.

UPDATE

This phish uses scary tactic to get the user to take action to click on the link. The sender email address is external to UVic, the subject of the email is very generic, mention of “College Email account”: mistakes like these indicate the same phish could have been used for other institutes, it has formatting errors, and signature are also very generic. All these are phishing signs.

Always think and look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Phish with subject "UPDATE" with phishing link to steal credentials.

Subject: UPDATE
Sender: JARUNEE KONGSAWAT <****psu.ac.th>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear Student,

Your College Email account will be Deactivated shortly.
To stop Deactivation, CLICK HERE[Phishing link] and log in

Thank you,
IT Helpdesk

WFH

If you received an email for a job position offering too good to be true salary, then either report or delete it as it is a job scam. Other signs indicating that it is a phish:

  1. Asking to reply on a different email address than the sender email address.
  2.  Asking recipient’s reply from their personal email address, it is to evade UVic detection.
  3. Sender name is different than the signature name.
  4. The text of the email is in an image.
  5. Formatting and grammatical errors.

Job scam phish with subject "WFH" and the email text is in attached image.

Subject: WFH
Sender: Tesfaye Moges Teklehaymanot <****@ethiotelecom.et>

I am offering a work from home position as my Personal Assistant in which you can Earn $500 Weekly. For details and Job description kindly contact me only via my personal email (****@outlook.com) with below information

Name:

Age:

Personal Email:

Important Note: This is a non reply email so kindly send your interest to me only via (****@outlook.com) also endeavour to reply to this email via your Personal email(Gmail,Hotmail,yahoo) etc and not your Edu email). This Position demands you to be 100 attentive to details so failure to adhere to this important note will lead to automatic disqualification of your interest in this Job.

I look to hear from you if you are interested.

Thanks
Michael Brunetti

IMPORTANT. This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure of this message is prohibited. Since e-mail messages may not be reliable, ethio telecom shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free.

GIFT Card example

We received a report of an interaction with a scammer from an employee who was aware of the scam from the outset. We strongly advise against engaging with scammers, even ‘for fun’. Such interactions can inadvertently reveal valuable information, such as the active status of your email account, your work schedule, and more. We’ve redacted the name used by the scammer in this instance, as they were impersonating a real university professor.
The thread begins with a succinct email body, the subject line merely containing the name of the impersonated professor, typically someone in an executive position such as a department chair, dean, or director.

The employee responded as follows:
At this juncture, many individuals might feel a twinge of guilt for overlooking the initial email. This is precisely the reaction the scammer is banking on, despite the fact that there was no previous email. The scammer swiftly replied, revealing their true intent:
There’s always a reason why they can’t purchase the cards themselves. It could be a technical issue, illness, an ongoing meeting, or any number of pretexts.
The employee responded:
A scammer, realizing their ruse has been seen through, might typically abandon their efforts at this point. However, this scammer persisted, sticking to their script as shown below:
Perhaps they believe persistence pays off statistically? That they might eventually convince a potential victim? Unfortunately, we do occasionally encounter victims who purchase gift cards and send photos of the scratched-off numbers to the scammer. This is another telltale sign. Since the scammer can’t physically collect the cards, they request photos of the ID numbers. It’s a good idea to discuss this scenario with your supervisor and confirm that they would never ask you to purchase gift cards.

Remember: It’s always best to avoid giving scammers any information, no matter how insignificant it may seem.

REMINDER: Benefits Open Enrollment 2024. Review & Sign

HR or payroll-themed lures are commonly used for phishing emails. While this email claims to be from a UVic system, notice how the capitalization of UVic in the sender name is incorrect and the actual sender address is from outside of UVic. Both are red flags that indicate that this a phishing email; a genuine UVic Payroll or HR email should be coming from a UVic email address. Another bad sign is the fact that there is nothing in the message body except for a disclaimer and confidentiality notice that mentions some other external organization but not UVic.

This email also contains a .htm attachment. Do not open unsolicited or unexpected attachments whose names end in .htm or .html. These files are webpages, meaning that they could contain code that downloads malicious content or that redirects you to a malicious site. UVic InfoSec used a special secure environment to examine this file’s contents and found that it contains code to redirect you to a malicious site after a few seconds’ delay. If you opened the attachment, reach out to the Computer Help Desk or your department’s IT support staff for assistance.

Phishing email claiming to be benefits enrollment paperwork but that actually contains a malicious .htm attachment.

Subject: REMINDER: Benefits Open Enrollment 2024. Review & Sign
From: Uvic e-Service System <okita@****okita.com>
This message was sent with high importance.
Attachment: [webpage file] Open Enrollment 2024.htm (1018 bytes)

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Disclaimer: Confidentiality Notice: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the originator of the message. Any views expressed in this message are those of the individual sender, except where the sender specifies and, with authority, states them to be the views of A********x

Part-Time Assistants Needed

If you received a UVic job posting from a UVic professor offering flexible work schedule with very high pay, and you are wondering what’s the harm in applying. Think again, because scammers are at play here. The scammers impersonate a real UVic professor to make the job offer look legitimate.

Here are some of the red flags you need to watch out before taking any action given in such scams:

  • The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
  • The salary offered is too good to be true, that too for a part-time job.
  • Grammatical and formatting errors.

Therefore, do not reply to the email with your information. If you did, please reach out to the Computer Help Desk for assistance.

Job scam with subject "Pert-Time Assistants Needed" offering part-time job with high pay and impersonating a UVic professor.

Subject: Part-Time Assistants Needed
Sender: [impersonated professor name]<****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria, Department of Computer Science is currently seeking the services of Research Assistants to work remotely or in person with our research team to support ongoing data collection, and analysis.
Department Required Skills;
– Highly motivated, with strong organizational and communication skills.
-Excellent problem-solving skills
-Team player who is able to work in a fast paced environment with a multidisciplinary team.
Preferred Years Experience, Skills, Training, Education;Experience primarily using Windows operating systems
-Ability to adequately use Microsoft Excel.
This is a part-time position with a flexible schedule, and the successful candidate will work approximately 6- 7 hours for $350 weekly. The position offers valuable research experience, and the opportunity to work with a dynamic and collaborative research team on campus.
To proceed with the application process and other eligibility descriptions, submit your resume for review .

Best regards,

c/o

[impersonated professor name]
Professor
Computer Science
Office: ****