Uvic Employee Salary Increase Approval 2024/25

Who wouldn’t like a salary increase, especially when the cost of living continues to be so high? But that’s precisely the feeling that phishers are trying to take advantage of when they create these kinds of phishing emails. Here are some signs that the email is not legitimate:

  • Although the message claims to be from payroll@uvic.ca, the sender information shows the email was actually sent from a non-UVic address.
  • The message greets you with your email address instead of your name.
  • The capitalization of UVic is wrong, there’s a spelling error in the sender name, and the wording of the message is awkward.
  • The email creates a sense of urgency to get you to act hastily.
  • Hovering over the link shows that it does not go to uvic.ca.

Fake salary increase email with a link to a phishing site

From: HR Deparment | uvic.ca e-Sign <yonet926@********.ne.jp>
Subject: Uvic Employee Salary Increase Approval 2024/25

This message was sent with high importance.

Hi ********@uvic.ca,

HR Department (payroll@uvic.ca) shared a new pdf file “Uvic Employee Salary Increase Approval Letter.pdf”  with you securely for your urgent attention.

VIEW DOCUMENT [phishing link]
1 item, 54.5 KB in total · Expires on 29 March, 2024

Report to uvic
© 2024

ADVANCE (WARNING)

This phish is circulating today. It applies the usual tactics of scammers to scare the potential victims that something is wrong and should should act fast.  The sender is external, the link points to an external site designed to look like a UVic login page with the goal to steal your UVic credentials. Please do not be curious and do not click the links because sometimes they may contain malware to infect your computer instantly.

Here is a screenshot and transcription of the phish:

Your University of Victoria account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder. But the record shows you are still active in service and so advised to confirm this request otherwise give us reason to deactivate your account.

Please Verify your UVIC account immediately to avoid Deactivation Click

UVIC<link to external site>

Please note this one-time submission and entry only..

Warm Regards,
Office of the Registrar

Research Opportunity Available

Job scams are on the rise and UVic keeps getting newer and newer campaigns of such scams. There has already been a lot of posts in the past about spotting job scams. Here are a few that can be checked out:

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/03/14/your-invitation-to-participate/

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/01/10/work-study-opportunity/

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/01/29/stmicroelectronics-ltd-looking-for-representative-in-your-area/

Job scam impersonating UVic professor with subject "Research Opportunity Available".

 

Subject: Research Opportunity Available
Sender: Prof. Cl**** Ca**** <****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria, Faculty of Engineering and Computer Science is currently seeking the services of Research Assistants to join the Department of Computer Science under the supervision of Professor **** at the Software Engineering Global Interaction Laboratory for 6 hours weekly.
The primary Research is in the area of Natural Language processing (NLP) where our goal is to develop algorithms and systems that will vastly improve a users ability to find, absorb and extract information from online- text .
The group’s research generally proceeds at two levels; We focus both on building real systems for large-scale natural language processing tasks and on developing techniques to address underlying theoretical problems in the syntactic, semantic and pragmatic analysis of natural language
Responsibilities:
Assist with the design and implementation of research projects on campus
Conduct literature reviews and summarize key findings
Collect and analyze data using appropriate statistical methods
Graduate and Undergraduate students interested in working with Professor **** should submit a copy of their current course schedule and resume for review.

 

Best regards,

[redacted professor name]
Position
Professor
Computer Science
Contact
Office: ****

Notification for Refund Return

The tax return season has started, and scammers have begun exploiting this period again. Typically, they try to persuade you to click on a link by pretending that something was wrong with your tax return, or you need to “sign” something, as in today’s example.

Please stay vigilant, do not click on these links. They may contain malware to infect your computer instantly or they might be designed to steal your credentials.

Your request has been processed successfully and is now ready to be signed

Document online <link>

Please view your document securely using the following confirmation code :
050916

#Your Invitation to participate..

Job scammers are continuing to try to take advantage of students looking for extra cash to help pay for tuition, housing and other essentials in these times when the cost of living is so high. Below is yet another job scam that impersonates a real UVic professor.

For more information on job scams and how to spot them, see also these guides from CBC News and TD Bank.

Red flags to watch out for
  • The email came from a Gmail address. A real UVic job opportunity should be announced from a UVic email address. Ones that come from a free email provider like Gmail or Outlook are probably scams.
  • The pay is too good to be true for a part-time student job that requires no prior experience and is open to anyone.
  • The offer implies that there will be no job interview before you get assigned a work schedule. A legitimate job should give you a chance to meet the employer in person or on a video call before you accept an offer. If you are accepted without an interview, the job is very likely to be a scam.
  • The email asks you for an alternate email address and cell phone number. Scammers often do this to shift the conversation away from UVic email and evade monitoring.
  • The subject line contains punctuation errors.
Common methods that the scammers use to steal money from people who reply
  • They ask you to purchase gift cards from a local store and send photos of the cards with the PINs revealed. That gives the scammer the information needed to use the funds on the cards. The scammer either will not reimburse you at all or give you a cheque that will ultimately bounce a few days later.
  • They give you a cheque to deposit and tell you to transfer some of the funds to another person and keep the remaining funds (cheque overpayment scam). A few days later, the cheque will bounce, meaning the amount you transferred is gone from your own funds.

If you replied to the scammer, reach out to the Computer Help Desk immediately for assistance.

From: Dr. [redacted] PhD.
Subject: #Your Invitation to participate..

You don’t often get email from dg3******@gmail.com. Learn why this is important.

Hello,

If you may be interested in working as a temporary research aide collecting data remotely and earning $300 weekly, indicate interest by providing the required information below and I will send you a follow-up email detailing your work schedule.

This is an adaptable job that requires no prior experience irrespective of your major discipline.

Full Name:
Cell #:
Alternate email:

Regards,

Dr. [redacted] PhD.
Professor,
Health Information Science
HSD Building, A***
Victoria BC   Canada

Payment Confirmation

Always be wary of unexpected or unsolicited emails that contain attachments as they may contain malware. The vagueness and generic nature of this message should be a red flag and may be a ploy to get you to click on the attachment. Since the message does not address the recipient by name and provides no information about the supposed payment, it’s likely that it was a mass mailout and therefore not a legitimate invoice.

If you’re inclined to think that the attachment should be harmless because SVG is an image format, think again! SVG files can actually contain embedded scripts, meaning they can be laced with malware, which is definitely the case for this sample. If you clicked on this attachment, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

Vague email claiming to be an invoice but the SVG attachment actually contains malware

From: allen.lopez@o******.com
Subject: Payment Confirmation

Attachment: [Generic file icon] RTVBAS05GDBA09.svg (2 KB)

Payment Received, attached is your invoice.