Author: Arshdeep

If you received an email for a job position offering too good to be true salary, then either report or delete it as it is a job scam. Other signs indicating that it is a phish:

1. Asking to reply on a different email address than the sender email address.
2.  Asking recipient’s reply from their personal email address, it is to evade UVic detection.
3. Sender name is different than the signature name.
4. The text of the email is in an image.
5. Formatting and grammatical errors.

Subject: WFH
Sender: Tesfaye Moges Teklehaymanot <****@ethiotelecom.et>

I am offering a work from home position as my Personal Assistant in which you can Earn $500 Weekly. For details and Job description kindly contact me only via my personal email (****@outlook.com) with below information

Name:

Age:

Personal Email:

Important Note: This is a non reply email so kindly send your interest to me only via (****@outlook.com) also endeavour to reply to this email via your Personal email(Gmail,Hotmail,yahoo) etc and not your Edu email). This Position demands you to be 100 attentive to details so failure to adhere to this important note will lead to automatic disqualification of your interest in this Job.

I look to hear from you if you are interested.

Thanks
Michael Brunetti

IMPORTANT. This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure of this message is prohibited. Since e-mail messages may not be reliable, ethio telecom shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free.

If you received a UVic job posting from a UVic professor offering flexible work schedule with very high pay, and you are wondering what’s the harm in applying. Think again, because scammers are at play here. The scammers impersonate a real UVic professor to make the job offer look legitimate.

Here are some of the red flags you need to watch out before taking any action given in such scams:

• The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
• The salary offered is too good to be true, that too for a part-time job.
• Grammatical and formatting errors.

Therefore, do not reply to the email with your information. If you did, please reach out to the Computer Help Desk for assistance.

Subject: Part-Time Assistants Needed
Sender: [impersonated professor name]<****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria, Department of Computer Science is currently seeking the services of Research Assistants to work remotely or in person with our research team to support ongoing data collection, and analysis.
Department Required Skills;
– Highly motivated, with strong organizational and communication skills.
-Excellent problem-solving skills
-Team player who is able to work in a fast paced environment with a multidisciplinary team.
Preferred Years Experience, Skills, Training, Education;Experience primarily using Windows operating systems
-Ability to adequately use Microsoft Excel.
This is a part-time position with a flexible schedule, and the successful candidate will work approximately 6- 7 hours for $350 weekly. The position offers valuable research experience, and the opportunity to work with a dynamic and collaborative research team on campus.
To proceed with the application process and other eligibility descriptions, submit your resume for review .

Best regards,

c/o

[impersonated professor name]
Professor
Computer Science
Office: ****

This phish uses a lot of vague language to describe the purpose, like “partnership in a business project”, no information about what the proposal is and what kind of business project. Nevertheless, if you are not expecting an email, it is probably a phish. The subject of the email uses “RE:” to appear as ongoing email thread, and the subject doesn’t match the context in the email body. Signature does not give any information about the sender except for the name. All these signs indicate that this email is a phish along with formatting mistakes.

Hence, always look for warning signs in an email before taking any action and, think whether you were expecting such email. Never reply back to the scammers asking for more information as they intentionally give vague or no information. Whenever in doubt, contact helpdesk or your departmental IT contact.

Subject: RE: YOUR OFFICIAL CONSENT LETTER! PLEASE READ!!
Sender: Tulub Serhiy <****@ctb.ne.jp>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Date: Friday 27, October 2023

Compliment of the day, and I hope my Email finds you in good health.

I got your reference in my search for someone who suits my proposed
business relationship.

I am contacting you to seek your partnership in a business project,
I have all the modalities fashioned out to give this business an
excellent outcome.

I am confident that you will give your consideration to this proposal
and respond positively within a short period of time.

As soon as you give your positive response to this proposal, I will not
hesitate in sending you the details information of this great investment
partnership opportunity.

Regards.

I wait for your quick reply for more details.

Yours Truly
Dr. Serhiy Tulub

If you received an email claiming to give away piano for free, it is a scam. Keep in mind, if it is too good to be true offer, it probably is. The scammer is impersonating UVic members to make the offer look legit, nevertheless, it is a scam. The email address of the sender is external to UVic and also asking the users to reply to another external address with your personal email, this tactic is to evade UVic network detection.

Please be wary of such scams of unsolicited offers and do not reply to such emails not even to confirm if the offer is legit or not. If you’re not sure about the legitimacy of the email, verify it by contacting the supposed sender through a different mode of contact than given in the email.

 

Subject: Opportunity to own a Grand Baby Piano
Sender: [Redacted sender name] <****@fioptics.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear Faculty/Staff,

One of our Staff Mrs. [redacted name] is giving out a piano to a loving home for free. You can write to her to indicate your interest on her private email (****@outlook.com).

Please write Mrs. [redacted name] via your personal email for a swift response.

Thanks,
[redacted name]
Professor
University of Victoria

 

An obvious phish indicating lack of effort from the phisher. These types of phishes are sent in high volume where it mostly become numbers game, hoping to get at least 1 (if not more) victim out of thousands.

This phish tries to lure users with too good to be true offer of a grant. But there is no context, whatsoever, of what this grant is, which organization is providing it, and why is it being provided. The email subject has no meaningful connection with the text in email body. The name of the sender doesn’t match the name given in email signature. Grammatical mistake is also a factor indicating it is a phish.

Never reply to addresses given in phishes, not even to request unsubscribe from mailing list. Always take a moment to look for phishing signs. Whenever in doubt contact helpdesk or your departmental IT support.

Subject: Dear Email User
Sender: Perry Collin <*****sd73.bc.ca>

You have qualify to receive this month grant pay out check. ( $2800) To process claim,send the following details:
Name –
Address-
Tel-
To the grant co-ordinator
Name- Perry Collin
Contact email – *****@hotmail.com
We await to hear from you.
Salace Anderson
Grant Mat sector.

This phish is for the curious mind, there is no context as to why it is sent as the email body is empty. Subject of the email has no meaning on its own just a vague combination of words. There is no reason for anyone to open the attachment, except if you are curious. When we couple curiosity with ignorance, it can lead to negative results, as would be in this case.

Hence, always look for warning signs in an email before taking any action and, think whether you were expecting such email. Never reply back to the scammers asking for more information as they intentionally give vague or no information. Never open attachments in an email, unless you are sure it is not a phish, as it can lead to malware on your device.

Subject: Student Letter
Sender: Irene Vila Ardiaca <*****.udl.cat>
Attachment: 2023 Student Grant Approval.txt

Today we received another variant of the Red Cross job scam phish. It uses the tactic of too good to be true offer to lure users. The sender email address is not official Red Cross email, signature used is vague and does not represent an official authority, asks users to reply from their personal email which is to evade UVic network detection, and the address to reply back is yet another email address external to Red Cross.

Never send your personal information to such scammers, always take the time to look for warning signs in an email. If you have already replied, and/or sent your resume to this email please reach out to helpdesk.

Subject: Flexible Part-Time Job
Sender: Noval Bawoel <****@iconpln.co.id>

The American Red Cross is hiring a Distribution Assistant for a part-time, home-based role with flexible hours and a weekly salary of $700. You’ll buy items online and deliver them to those in need in your local community, requiring 3 hours per day, three times a week. To apply, send your resume/application to Mathew Mammen at ****careers.com using your frequently used personal email.

Thank you for your interest.

Sincerely,

Mass Care Team
American Red Cross

_______________________________________________________________________
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.

High volume phish from a compromised account of another Canadian univeristy encountered, which tries to lure the user with too good to be true offer of salary increase. Phishing signs:

1. Sender email address external to UVic, which wouldn’t be the case if it was an official UVic notice.
2. Too good to be true offer, way too high an increase in salary.
3.  Generic salutation and signature.
4. Grammatical and capitalization errors, and unnecessary use of accents in the text.

Always look for warning signs in an email, and never open attachments in a phish not even for curiosity as it can lead to infecting your device. Always think if you were expecting such an email, if still in doubt contact your departmental IT support or helpdesk.

Subject: 16.89 % Salary Increase Letter 29 September 2023
Sender: [redacted sender email address]
Attachment: UVIC SALARY_protected.pdf

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear All,

Sequel to last wéék notification, find encloséd héré-undér the létter summarizing your 16.89 percent salary increase starting 29 September 2023

Αll documénts are enclosed héré-undér:

NOTE: Your Αccess is needed to go through the salary increment letter, Initial Αccess is Salary

Payroll & Employee Relations

 

This phish uses sense of urgency trick and demands action from the user. There is no reason for users to be clicking on links in such emails that have obvious phishing signs: there is no context as to why this email was sent, the sender is external to UVic, no signature and salutation, and the link given is external.

Never click on links given in phishing emails, always take a moment to look for warning signs in an email. Whenever in doubt confirm with helpdesk.

Subject: Webmail account validation for uvic.ca user(s)
Sender: ICANN Domain Validation <*****@nwebsupport.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Verify your email address

To continue using your email account (*****@uvic.ca), please verify that this is your email address.

[Phishing link]

This link will expire in 3 days. If you did not make this request, please disregard this email.
For help, contact us through our Help center[Phishing link].

Another run of American red cross job scam with a different subject and sender, nevertheless same agenda, to scam users. Please review the post below on how to spot phishing signs in such scams.

Flexible Part-Time Job

Subject: Part-Time Red Cross
Sender: Ratih Fidiawati <****@iconpln.co.id>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

The American Red Cross is hiring a Distribution Assistant for a part-time, home-based role with flexible hours and a weekly salary of $700. You’ll buy items online and deliver them to those in need in your local community, requiring 3 hours per day, three times a week. To apply, send your resume/application to Mathew Mammen at ****careers.com using your frequently used personal email.

Thank you for your interest.

Sincerely,

Mass Care Team
American Red Cross

_______________________________________________________________________
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.

Job scam impersonating UVic professor to make the job employment look legit. We have been continuously seeing these types of scams, please pay attention to the phishing signs before taking any action. Here are some easy to spot phish signs:

• External email address, which wouldn’t be the case if it was coming from UVic office.
• Salary offered is too good to be true.
• The email contains errors in punctuation and formatting.

Never reply to such scams and take a moment to look for warning signs. Most of these scams are to defraud you of money.

If you responded to the scammer, contact the Computer Help Desk for assistance, especially if you sent money or personal information. If you forwarded the email to other people, recall the message and warn the recipients as soon as possible.

 

Subject: Job Opening
From:[professor name] <*****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria, Department of Psychology requires the services of students to assist with research projects on campus. The successful candidates will work closely with our research team to support ongoing data collection, and analysis . They are to work remotely and get paid $400 weekly.

Responsibilities:

Assist with the design and implementation of research projects on campus
Conduct literature reviews and summarize key findings
Collect and analyze data using appropriate statistical methods
Prepare and present findings to the research team
Perform administrative duties such as scheduling, data entry, and record keeping
Assist with writing research reports and manuscripts for publication
Recruit participants and conduct research studies
Qualifications:

Excellent organizational and time management skills
Strong attention to detail
Availability to work on campus or remotely
Proficient in Microsoft Office (Word, Excel, PowerPoint)
This is a part-time position with a flexible schedule, and the successful candidate will work approximately 7 hours per week. The position offers valuable research experience, and the opportunity to work with a dynamic and collaborative research team on campus.

To proceed with the application process and other eligibility descriptions, submit your resume for review and approval for the position.

Best regards,

[professor name]

–
Professor
Psychology

–
Office: COR ***

Yet another job scam impersonating yet another organization, it is American Red Cross this time. As we have seen with other job scams, this one also offers too good to be true salary for working very few hours.

Other indicators of this being a job scam are: Sender address is not coming from an official Red Cross domain, the signature used is vague and does not represent an official authority, asks users to reply from their personal email which is to evade UVic network detection, and the address to reply back is yet another email address external to Red Cross.

Never send your personal information to such scammers, always take the time to look for warning signs in an email. If you have already replied, and/or sent your resume to this email please reach out to helpdesk.

 

Subject: Flexible Part-Time Job
Sender: Ayu Kawis Dimarta <****@iconpln.co.id>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

The American Red Cross is hiring a Distribution Assistant for a part-time, home-based role with flexible hours and a weekly salary of $700. You’ll buy items online and deliver them to those in need in your local community, requiring 3 hours per day, three times a week. To apply, send your resume/application to Mathew Mammen at ****careers.com using your frequently used personal email.

Thank you for your interest.

Sincerely,

Mass Care Team
American Red Cross

_______________________________________________________________________
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.

This job scam phish was circulated over the weekend with all the hints of being a fraudulent job offer. This email does not mention which company they are representing. The text gives a very generic and vague information about the job. Generic salutation, and signature are without any mention of who this person is. Also, text has grammatical mistakes.

These fraudulent emails mostly end up either stealing your personal information, or your money. Always, take the time to look for red flags in an email before taking any action mentioned.  Whenever in doubt, confirm with helpdesk.

This reddit post is also a good read, it was recently posted by UVIC to make students aware about such job scams: https://www.reddit.com/r/uvic/comments/16dpau2/be_on_alert_job_scam_reddit_post/

Subject: Job Offer
Sender: Xi Zang <*****sol.net.pk>

Attn

We are currently recruiting companies/individuals on behalf of our textile company located in Chine for a number of account receivable agents in North America. As an Account Receivable agent, you will be responsible for collection of all account receivables due to the Company in North America to directly support sales operations. This position does not affect your current job or business operations. Please email us if interested in the role or have any questions on the role.

Note: Monthly salary/ commission Applied.

Regards,

Xi Zang

This phish points to a latest phish tactic that asks the users to scan the QR code to open the phish url rather than providing the url within the email body. This tactic is used to avoid network security in place. The principles for detecting the phish remains the same, as in this case:

• The sender address is external and the sender name is fake.
• No context in the email body is given as to why this email is sent to you.
• No signature.
• Url of QR code goes to an external site. (Checked responsibly by infosec team)

Always take a moment before taking any action mentioned in an email, look for phishing signs and ask yourself if you were expecting such email. If the doubt still remains then confirm with the department or sender directly using other means of communication rather than replying to the phish email or you can also confirm with helpdesk. It is always better to be safe than sorry.

Subject: Uvic 2FA Salary Report For [redacted username]@uvic.ca Completed 07 September, 2023 09:44:47 AM
Sender: Payroll UPDATE for period ending 07 September, 2023 09:44:47 AM <redacted sender email address>

This message was sent with high importance.

[Image with Microsoft Teams logo and QR code.

Text in the image:
Scan the QR code with your CELL PHONE CAMERA to access your personalized performance review and Complete your salary review for timely payroll processing.

Please review security requirements within 72 hours to avoid delays.]

Confidentiality Notice: This Electronic message, together with its attachments, if any, is intended to be viewed only by the individual to whom it is addressed. It may contain information that is privileged, confidential, protected health information and/or exempt from disclosure under applicable law. Any dissemination, distribution or copying of this communication is strictly prohibited without our prior permission. If the reader of this message is not the intended recipient or if you have received this communication in error, please notify us immediately by return e-mail and delete the original message and any copies of it from your computer system.

Phish impersonating Office of the Registrar to lure users into opening the attached file. UVic branding is used by the phisher to gain trust and distract the user away from the red flags.

Sender address used is external as opposed to the UVic address which would be the case if it were coming from a legit UVic office. The sender name used is generic and the salutation is also generic. There is no logical reasoning as to why this email is sent. Hence, beware of such phishing scams, and never open attached files just because the email mentions to do so, not even for your curiosity as attached files can infect your device.

Subject: Please See Attached File
From: UNIVERSITY OF VICTORIA <*****ollege.edu>

Attachment: UNIVERISTY_OF_VICTORIA_PROTECTED_STAFF_TRANSCRIPT.pdf

 

Dear Students/Alumni/Staffs/Non-Staffs,

A copy of your record is available for you to look at Look through and keep up to date with your accomplishment
Kindly go through the attached file.

Office Hours: Monday-Friday, 8:00 AM – 5:00 PM
Office of the Registrar.,
[UVic branding logo]