May 2025 – Phish Bowl

A phishing campaign circulates that targets victims with fake Zoom meeting invites from colleagues.

Links open what appears to be a live Zoom meeting with ‘real’ participants – which are pre-recorded videos of fake participants

Invite emails imply urgency with carefully constructed subject lines and meeting details – and closely mimic legitimate Zoom invites.

Malicious login pages look legitimate but are there to harvest the victim’s UVic credentials.

The Information Security Office suggests:

Report suspicious emails: If you receive a questionable Zoom invite, report it by the “phishing” button in Outlook to help prevent further attacks.

Verify the sender: Always check the email address carefully. Scammers often use addresses that look similar to legitimate ones but contain subtle misspellings or extra characters.

Avoid clicking on links: Instead of clicking directly, hover over the link to inspect the full URL. If in doubt, navigate to Zoom manually by typing its official website into your browser.

Be wary of urgency tactics: Phishing emails often create a sense of urgency to pressure victims into acting quickly. If an invite seems rushed or unexpected, take a moment to verify its legitimacy.

Check for inconsistencies: Look for spelling errors, unusual formatting, or odd phrasing in the email. Legitimate Zoom invites are typically well-structured and free of mistakes.

These phishing emails claimed to be from various UVic department chairs in an attempt to make the emails look legitimate and important. However, looking at the sender information raises some red flags: not only does the name not match the name of the department chair, but the email address is also not from UVic. That’s a strong sign that this is an impersonation attempt and you should not open any links or attachments in the email.

Not surprisingly, salary increases and bonuses, or important internal documents, are some email themes that phishers regularly use to lure people into clicking links and attachments. If you are sharp-eyed, you might also notice that there’s a zero instead of an O in “B0NUS”. This is a further sign that the email is not legitimate.

If you opened the attachment, run a full malware scan on your device as a precaution, and contact the Computer Helpdesk or your department’s IT support staff immediately. Be wary of documents that ask you to click on a link to login or access the real content. Also, watch out for and report any MFA pushes that come from outside of the country that you’re in, and change your password immediately if that sort of MFA push comes your way.

Phishing email impersonating a department chair, with a phishing document called "Faculty & Staff B0nus" attached

From: N********@*****.edu
Subject: Dr. J***** ****** shared a file with you- FACULTY & ᏚTAFF B0NUS

Attachment: [Word Document icon] FACULTY & ᏚTAFF B0NUS.docx

Some people who received this message don’t often get email from n********@*****.edu. Learn why this is important

Dr. J***** ****** shared a file with you- FACULTY & ᏚTAFF B0NUS

Phishing email impersonating a department chair, with a phishing document attached called "Essential Departmental Interview"

From: N********@*****.edu
Subject: Dr. M****** ******* shared a file with you- Essential_Departmental_interview

Attachment: [Word document icon] Essential Departmental Inter…

Some people who received this message don’t often get email from n********@*****.edu. Learn why this is important

Dr. M****** ******* shared a file with you- Essential_Departmental_interview

Month: May 2025

Urgent Zoom meeting

Someone shared a file with you – “FACULTY & ᏚTAFF B0NUS” or “Essential_Departmental_interview”