Month: August 2025

This phish often comes from a compromised sender email address that may be known to you or one that is from a local organization. This makes it more difficult to recognize that it’s phish. There are warning signs that this is phish though. The email is unsolicited, the greeting is generic and does not address anyone in particular. If the link goes to a page with a button or a link supposedly for viewing the actual content be wary as that second link or button will probably lead to a fake sign in page.

If you are unsure, do not respond to the sender via email (you may be responding directly to the attacker), rather reach out to the UVic helpdesk for assistance or contact the sender by phone to verify the authenticity of the email.

Hello,

We are pleased to inform you that your organization has been selected to submit a proposal and quote for an upcoming project opportunity. We invite you to review the project details and consider participating in this competitive bid process.

You can access the full package here:

Halifax Partnership- RFI-32-7613-125.pdf (Preview)

The package outlines the scope, expected deliverables, and the terms that will govern the engagement. Please review all materials carefully and submit your completed proposal electronically by 3:00PM on August 30th, 2025.

The contents of this package are confidential and must not be shared or distributed without prior written authorization.

Thank you,

This is a classic account deactivation phish that pretends to be from Microsoft Office 365. It creates a false sense of urgency and threatens you with account deactivation to trick you into hastily clicking the link. However, if you hover over the big red “VERIFY NOW” link, you will find that it goes to a site that isn’t from Microsoft (or UVic). Other signs that something isn’t right about this email include the awkward wording/bad grammar and the long random text in the sender address and subject. If you manage to find the end of the sender address after all that random text, you can then see that the sender is not from UVic or Microsoft.

From: <SysadminSExchangeServerGE8YI27DX[…long random text omitted]
Subject: Authenticate Your Account Activity #42e77c85919f7bec71588667c799a78f

Office 365

Attention [username redacted]

As part of our scheduled security and compliance process, we will be deactivating inactive Microsoft accounts on August 22, 2025

Please verify your account status ([redacted]@uvic.ca), remains active by completing the verification below.

[Link: VERIFY NOW]

To avoid any disruption, complete this verification within 48hrs.

Be on the look out for job recruitment scams like the one below that impersonate real companies to try and lure you into providing personal information or ask you for money before submitting your application.

Spot the RED FLAGS:

• An unsolicited offer that is too good to be true.
• Check the number or email address it came from. The area code is most often out of country and the email address is from a free provider.
• They request you to contact them via WhatsApp or follow peculiar links.
• A job offer without an interview and in some cases requesting payment to process your application.

Do not follow any links or respond to the text message, use the report junk option at the bottom of the text message. Alternately, you can forward the message to 7726. Both will report it to your mobile carrier. If you are unsure, reach out to the UVic helpdesk for assistance at helpdesk@uvic.ca

Hello! I am an HR representative from <redacted>. We recently reviewed your resume and believe you are a great fit for a remote online job opportunity we have available. This is a flexible remote part-time/full-time online job where the role involves assisting merchants with product reviews. The job is simple, and we provide comprehensive guidance to help you get started quickly.

• – Work only 60-90 minutes a day
• – Daily pay ranges from $100 to $300, depending on your working hours
• – Work from anywhere, any time

If you would like to join us, please contact us via WhatsApp: +133<redacted>

(Please note that applicants must be at least 23 years old to be eligible for this role)