Author: Arshdeep

Job scam impersonating UNESCO has been circulating over the weekend.

Please read the given post to learn about spotting such scams and next steps if you have fallen for it:

Part-Time job.

From: [redacted sender address]
Subject: Part-Time job.
Attachment: [Word document icon] UNESCO JOB.docx

You don’t often get email from [redacted sender address] . Learn why this is important.

—
Job opportunity information to anyone who might be interested in a paid UNESCO Part-Time job with a weekly pay of $750.00. If interested, kindly contact Schulz Niels on his email address. ([redacted]@outlook.com) with your alternate non-educational email address I.e., Gmail, yahoo, Hotmail etc.) for further details of employment.

N.B, this job is strictly a work from home position.

Job scam offering too good to be true salary for part-time job.

Following post can be referred to look for red flags in this or any job scam:

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/01/29/stmicroelectronics-ltd-looking-for-representative-in-your-area/

Never send your personal information to such scammers, always take the time to look for warning signs in an email. If you replied to this scam, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

Subject:Part-Time job
Sender: Brown Corman <****@quadro.net>
Attachment: WFP Job Description (1).docx

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

—
I am sharing job opportunity information to anyone who might be interested in a paid World food programme Part-Time job with a weekly pay of $750.00. If interested, kindly contact Mattias on his email address.(****@outlook.com) for details of employment.

N.B, this job is strictly a work from home position.

 

 

 

This phish uses scary tactic to get the user to take action to click on the link. The sender email address is external to UVic, subject of the email is very generic, link given (check by hovering over the link) is external to UVic, it has formatting errors, and signature is also very generic. All these are phishing signs.

Another thing of note in this phish is the mention of next steps where you will receive a call and then press 0, whenever such steps are mentioned beware as the phisher will try to further social engineer you into revealing personal information or confidential information (such as MFA info) via phone call.

Always look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Subject: Dear user
Sender: uvic.ca <****@quadro.net>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

—
2-step login maintenance is required for your email before April 29th, 2024, to avoid login interruption.

Setup maintenance for 2-step login here [external link]

Note: A notification call will come through your phone, kindly answer the call and then press 0 on your phone to complete your new 2-step login setup.

IT Service Center

Regards,

 

This phish came over the weekend and was sent in massive volume. There is only an attachment and no email body, hence, it is mostly to lure the curious users who want to know more what this email is about. Empty email body is a big red flag as there is no context provided about the email itself and the related attachment. The subject used is pretty generic and it is coming from an external sender. Hence, beware of such phishes, and don’t open attachments from unknown senders or even known senders if you were not expecting it.

Subject: Dear Qualified Student
Sender: Jucélio Ribeiro <****@sinaltech.pt>
Attachment: Federal College Relief.docx

Job scams are on the rise and UVic keeps getting newer and newer campaigns of such scams. There has already been a lot of posts in the past about spotting job scams. Here are a few that can be checked out:

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/03/14/your-invitation-to-participate/

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/01/10/work-study-opportunity/

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/01/29/stmicroelectronics-ltd-looking-for-representative-in-your-area/

 

Subject: Research Opportunity Available
Sender: Prof. Cl**** Ca**** <****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria, Faculty of Engineering and Computer Science is currently seeking the services of Research Assistants to join the Department of Computer Science under the supervision of Professor **** at the Software Engineering Global Interaction Laboratory for 6 hours weekly.
The primary Research is in the area of Natural Language processing (NLP) where our goal is to develop algorithms and systems that will vastly improve a users ability to find, absorb and extract information from online- text .
The group’s research generally proceeds at two levels; We focus both on building real systems for large-scale natural language processing tasks and on developing techniques to address underlying theoretical problems in the syntactic, semantic and pragmatic analysis of natural language
Responsibilities:
Assist with the design and implementation of research projects on campus
Conduct literature reviews and summarize key findings
Collect and analyze data using appropriate statistical methods
Graduate and Undergraduate students interested in working with Professor **** should submit a copy of their current course schedule and resume for review.

 

Best regards,

[redacted professor name]
Position
Professor
Computer Science
Contact
Office: ****

Phish with attached excel file has been circulating this morning. It has different subjects such as “Fwd: Products#<random number> “, “PO# <random number>”, or “Scan#<random number>”

These phishes are being send by many different random senders. Email body is also different but generally mentioning about some payment that needs to be remitted. In any case, the attacker is luring the users to open the attachment so that malware can be installed on the devices.

Please be aware of email attachments and open only the ones you are expecting and being send from a known sender. If still in doubt, always confirm with sender using a known contact information.

Subject: PO# W1834414259
Sender: Mariana Benitez <****@minaretmusings.com>
Attachment: scan-28-02-24_591.xlsx

Dear,
Repairs made to both the tire changer and the balancer. 2024 spec updates for the alignment machine.
Your invoice-RCH224-735 for 2,560.31 is attached. Please remit payment at your earliest convenience.
Thank you for your business – we appreciate it very much.
Please make payable to our company.

Job scams have become common these days, trying to attract victims looking for part-time jobs to support themselves, especially in today’s tough financial times. Scammers take advantage of prospective candidates/victims by offering higher than expected pay for the amount of work required. If an offer is too good to be true, then probably it is.

The following job scam impersonates STMicroelectronics, offering a part-time job for enormously high pay. No matter what type of job scam it is or which organization is impersonated, the questions to ask yourself to spot these scams remain the same:

1. Why are you receiving this email? Did you even sign up with this organization to send you job offers or did you ever apply with this organization? Try to think of a plausible explanation as to why did you get this email, if you don’t know then it is a scam.
2. If you still somehow think of a reasonable reason to go beyond the first point, then look at the senders email address, which domain (domain is the part of the email address after the symbol “@”) is it coming from? Is it coming from the same domain as the organization claiming to send this job posting? Like, in this case, the domain should have been st.com but the sender email address is coming from a different one. One way of finding the real domain of an organization is to do a google search about it.
3. Salary offered is also one of the strong indicators of spotting a scam. Generally, the salary offered would be much higher than the minimum wage for less amount of work than a regular part-time job. Why are they offering such a high salary? Obvious answer is, to scam you.
4. Try reading the job description, are you able to make sense of what type of position is being offered? Usually, it is described in a very ambiguous manner, just giving you enough that it sounds like some job but not what the job is. And they ask you to reply with details first before revealing any more details. Should you be applying for a job where you don’t know what the job is?
5. Generic salutation which is a sign of mass send email to unknown recipients, which further translates to whoever will take the bait. This ties back to the question in the first point, is there a legit reason for you to be receiving this mass send email? If not, it is a scam.
6. Grammatical and spelling mistakes could be intentional by the scammers to dissuade the people who won’t eventually fall for the scam. If someone proceeds without spotting these mistakes would be their potential victims whom they can easily persuade. Sometimes these minor errors are made to make the email relatable or believable as humans are prone to errors. Should a legit job posting have such errors, especially coming from large organizations, wouldn’t it have been proofread?
7. As is common with scams, they are always urgent. You need to urgently take action, as the people hiring are in urgent need. Such urgency is called upon so that victims don’t have time to think or question the legitimacy of the process. But you should always question yourself before being hasty, always allow yourself time to think before its too late.

Here’s hoping that the above questions would give you perspective on how to judge the legitimacy of job offers and easily spot job scams. If you replied to this scam, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

Subject: STMicroelectronics Ltd Looking for representative in your area
Sender: Robert Smith <****@spcc.edu.hk>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Greetings,

Do you presently live in USA, CANADA or UK and would like to work part-timely from home? Then this is the opportunity you have been waiting for. Come join hundreds of our company representatives and you can earn $1000-$3000 weekly.

STMicroelectronics Ltd urgently requires reliable persons/companies who can act as RECEIVING OFFICERS for us from any of the above mentioned countries. He/she will act as a medium between our customers and us in their established area.

IMPORTANT NOTICE:

Please note that this service is based on part-time and will not affect your present job. Kindly reply with your full details as soon as you receive this notification.

Announcer,
Mr. Robert Smith
Human Resources Dept of STMicroelectonics Ltd
http:****

Yet another job scam is circulating today. As always, impersonating a real UVic professor to make the job offer look legitimate.

Here are some of the red flags:

• The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
• The salary offered is too good to be true, that too for a part-time job.
• The email requests your Google Chat email. Scammers often request alternative contact information to evade UVic detection.
• The sender name does not match the name of the professor supposedly offering the job.

Never reply to such scams, always look for warning signs before taking any action. If you did reply, please stop any further conversation and reach out to helpdesk for assistance.

Subject: Work-Study Opportunity
From: Vania Smith-Oka <****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

The service of a student/graduate student is urgently required to work part-time as a Research Assistant and get paid $400 weekly. Tasks will be carried out remotely, and work time is 8 hours/week.
If interested, submit a copy of your updated resume and functional google chat email address to the Department of Psychology via this email to proceed.

Sincerely
[impersonated professor name]
Assistant Teaching Professor
Department of Psychology
Office: COR ****

If a job offer comes your way claiming to be too good to be true, it probably is. This job scam offers too good a salary for number of hours required for the job. Email doesn’t even mention the name of the post or the organization offering the job. The job description is too vague.

Even if the phish is being sent from an internal address doesn’t necessarily means it is trustworthy, one still needs to pay attention to the phishing signs as the sender address could be spoofed.

Always think and look for red flags in an email before taking any action. Whenever in doubt contact helpdesk.

 

Subject: Tremendous Growth Opportunity!!!
Sender: [redacted sender name]

Looking for a candidate who is detail-oriented and capable of managing flexible tasks at any given time. To help deliver essential products and services to Students and educational workers with disabilities, frustrated with ignorance and lack of moral and other services, receiving, and purchasing Items for foster home, donating to foster home every month etc.

Job Offer Details:
This position will be home-based and flexible part time job, You can be working from home, School or any location, but you are required to cover a maximum 7hrs/week.
​
Employment Type: Part-Time Personal Assistant
Location: Remote Base
Hours: 7hrs per week
Weekly Payment: $350

Copy and paste the URL Below into the address bar of your web browser for more details

[redacted phish link]

Thank You.

This phish uses scary tactic to get the user to take action to click on the link. The subject of the email is very generic, link is also external to UVic, it has formatting errors, no signature. The phishng link will clearly ask for the password as its mentioned in the email body, keep in mind, UVic will never ask for your password.  All these are phishing signs. Even if the phish is being sent from an internal address doesn’t necessarily means it is trustworthy, one still needs to pay attention to the phishing signs as the sender address could be spoofed.

Always think and look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Subject:Authenticator To Helpdesk!!!
Sender: [redacted sender name]

Your University Of Victoria Microsoft account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder. But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your university account, We expect you to strictly adhere and address it.

you are advised to keep the same password using the button below to avoid losing your data. kindly indicate if you only have one office 365 email.

(Copy and paste the URL Below into the address bar of your web browser.)

[redacted phish link]

NOTE:KEYWORD Means password

Please note the one-time submission and entry only..

 

There is no reason for anyone to open the attachment in this email as it is clearly a phish. It is not clearly stated what this invoice is for, or which organization is sending this invoice. Everything in this email is generic, be it the sender name, salutation, signature, subject and file name.

Never be curious about email attachments as opening those can lead to malware on your device. Hence, only open attachments which are coming from your known sources and you were expecting it.

Subject: Check attached invoice as requested
Sender: Administrator <****debiz.com>
Attached file: INVOICE0001.html

Hello,

I hope you’re well. Please see attached invoice number [40433] for Order MT476/2023, due on 12/16/2023. Don’t hesitate to reach out if you have any questions.

Yours truly
Sarah.

 

Another run of the high volume phish encountered yesterday. To spot the phishing signs check out the post below:

IMPORTANT: Verification

Below is the sample of the new variant:

Subject: UVIC IMPORTANT VERIFICATION!
Sender: University of Victoria <****>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Your UVIC Google account has been filed under the list of accounts set for deactivation due to retirement / graduation or transfer of the concerned account holder. But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your University of Victoria account.

Please Verify your UVIC account immediately to avoid Deactivation. Verify Here [Phishing link]

Please note the one-time submission and entry only..

Warm Regards,

3800 Finnerty Road
Victoria BC V8P 5C2 Canada
UVIC IT Help Desk

This phish uses scary tactic to get the user to take action to click on the link. The sender email address is external to UVic, the subject of the email is very generic, link is also external to UVic (check by hovering over it), it has formatting errors, and signature is also very generic. All these are phishing signs.

Always think and look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Subject: IMPORTANT: Verification
Sender: Help Desk IT support <****>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Your UVIC account has been filed under the list of accounts set for deactivation due to retirement / graduation or transfer of the concerned account holder. But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your University of Victoria account.

Please Verify your UVIC account immediately to avoid Deactivation. Verify Here [Phishing link]

Please note the one-time submission and entry only..

Warm Regards,

Help Desk Support – 24/7

Unlimited remote Help Desk IT support 24 hours a day, 365 days per year

These types of job scams are not new. As always, impersonating a real UVic professor to make the job offer look legitimate.

Here are some of the red flags:

• The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
• The salary offered is too good to be true, that too for a part-time job.
• The email requests your Google Chat email. Scammers often request alternative contact information to evade UVic detection.
• The sender name does not match the name of the professor supposedly offering the job.

Never reply to such scams, always look for warning signs before taking any action. If you did reply, please stop any further conversation and reach out to helpdesk for assistance.

Subject: Part-Time Job Opening
From: Dr. Stanley Chukwuka Jung <****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

The service of a student assistant is urgently required to work part-time and get paid $400 weekly. Tasks will be carried out remotely and work time is 8 hours in a week.
If interested, submit a copy of your updated resume and a functional google chat email address to our Department of Anthropology via this email address to proceed.

 

Regards
[impersonated professor name]
Assistant Professor Of Anthropology
Department of Anthropology
Office: ****

This phish uses scary tactic to get the user to take action to click on the link. The sender email address is external to UVic, the subject of the email is very generic, mention of “College Email account”: mistakes like these indicate the same phish could have been used for other institutes, it has formatting errors, and signature are also very generic. All these are phishing signs.

Always think and look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Subject: UPDATE
Sender: JARUNEE KONGSAWAT <****psu.ac.th>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear Student,

Your College Email account will be Deactivated shortly.
To stop Deactivation, CLICK HERE[Phishing link] and log in

Thank you,
IT Helpdesk