Author: Arshdeep

This job scam phish was received over the weekend, observed various subjects such as “APPLY FOR A RESEARCH ASSISTANT POSITION”,  “Job Opportunity At UNIVERSITY OF VICTORIA”, “STUDENT EMPLOYMENT OPPORTUNITIES”, “APPLY FOR A RESEARCH ASSISTANT POSITION”, “UNIVERSITY OF VICTORIA Student Employment Openings”, “Research Assistants Needed At UNIVERSITY OF VICTORIA”.

Phishing signs:

1. Impersonates a Professor from a UVic department. Sender name is different from the impersonated professor.
2. Sender email address is external.
3. Too good to be true offer.
4. Asking to contact via phone, to evade UVic detection.
5. Formatting and grammatical errors.

Never be in hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.

This is a job scam phish. These type of phishes usually try to trick students by giving “too good to be true” offer. This phish impersonates a professor in a UVic department but looking at the email address confirms that this is an external address which wouldn’t be a case if coming from a UVic employee in their professional capacity. The scammer is asking for a gmail address, which is a red flag, to evade UVic detection.

Never be in a hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.

 

This is a job scam that lures users using big organization names such as ‘UNICEF’ in this case. The same phish has also been observed with different subjects such as ‘internship Opportunity’, ‘Paid engagement internship!’ or maybe more.

Although, it is a well written and well-structured email but still the warning signs remain the same as with usual phishes. The sender email address is not on UNICEF domain, generic salutation and no signature. The job posting mentions about a job that starts from January but we are already at the end of February, which is a big red flag.

For more information on how to be aware of such UNICEF job scams, visit here: https://www.unicef.org/careers/beware-fraudulent-job-offers

This phish is a re-run of the phish given in the post below, with a different subject. To spot the phishing signs follow this post:

[*Suspicious Email*] Quota Warning!!!

Screenshot of the current phish:

The phish email with this subject have been circulating every day this week,  phishers keep changing the phishing link provided in the email. All the links encountered in such phish emails are external to UVic. The sender email address is not UVic account and no salutation along with vague signature. The content of the email uses scary tactic to bait you into clicking the link.

Always take a moment to look for phishing signs before clicking links or opening attachments given in an email. When in doubt, consult helpdesk.

Another run of the phish mentioned in post below, difference is in the subject and the sender address.

[*Suspicious Email*] Quota Warning!!!

This phish is pretending to be coming from Microsoft office but there are red flags that suggest otherwise. The sender email domain is not Microsoft and the link given is also not hosted on Microsoft domain. Other warning signs are no salutation, generic signature and most of all the subject itself gives warning.

Always be on the look out for warning signs and never be in hurry to take actions suggested in the email. Whenever in doubt please contact helpdesk for advise.

A regular phish with scary tactic that you won’t receive new messages until you click on the link to upgrade. By looking at the recipients one may notice it is a mass send email. The senser address is external and sender name is vague. The salutation and signature are generic. The link given (check by hovering over it) is also external. All these warning signs point this email to be phishing.

Never be in a hurry to click the links, think and try to spot the phishing signs. Whenever in doubt, check with helpdesk.

Re-run of the following phish, with subject changed to ITS_DESK:

2023-ITS

Read the above post to spot the phishing signs for this phish.

This phish uses scary tactic to get you to click on the link by stating that your account would be deactivated otherwise.

To spot phishing signs, you can imagine what should the email look like if it were to be true. In this case, sender is an external entity, which would not be the case if it came from UVic helpdesk. The reason for deactivating the account is not specified as to what lead to the situation, it is not to say that if the phisher had given the reason it would make it legit but in this case it calls for additional red flag. Generic signature and salutation. The phisher hid the link by giving it the name “University of Victoria” so that users think it is genuine, actual link can be seen by hovering over it and you would notice it is an external link.

Always, pay attention to the red flags and never be in a hurry to click the links.

Please be aware of this phish as it impersonates a UVic faculty member to make the job offer believable. The sender’s email address is not a UVic email and the sender’s name is generic “CAMPUS JOB”. The phisher asks particularly for your Gmail address which is to avoid detection by UVic network and could also lead to tricking you into giving your google credentials. This phish also has a usual tactic of too good to be true offer.

One can confirm such emails by contacting the person or department or organization from a known contact information (like in this case, from UVic website). Never use contact information given in the email to confirm the legitimacy of that email.

 

 

This is a re-run of the phish spotted last week, again with different subjects, “Final Reminder for Federal College Relief Fund”, “Federal College Relief Funds Reminder” and “Personal Assistant Job Position at $500”.

Please review the post below to spot the phishing signs:

Re: Student Job Available Immediately

This phish creates a sense of urgency by stating that your mailbox is full, and you need to update it. It also uses scary tactic, which is common with these phishes, that if you don’t take the action mentioned then your account will be “restricted”.

This email has clear signs of phishing, external sender, no salutation, generic signature, using an image to make you believe that your mailbox is full, external link. Never be in a hurry to take the action mentioned in the email, take your time to think and look for phishing signs.

This phish tries to get attention by pretending to be coming from payroll office, which is clearly not the case. The subject is too generic, and the sender’s name is fake “payroll Team” with external sender address (not on uvic.ca domain). The link in the email is also external to the services used in UVic. There is no context whatsoever as to why this email is sent to you.

This phish is to steal your credentials. Once you click on the link to download the attachment it asks for credentials. This was observed by Infosec team in an isolated environment. You should never be adventurous about these emails and refrain from the curiosity of clicking on the links. Always check the link by hovering over it.

If in doubt, you can always confirm with the payroll dept by calling them directly from a known contact information (never from the one given in the phish email).

This phish was received over the weekend but there are others received over the weekend as well as received this morning from related threat actor with different senders with these subject lines ‘Re: Covid Funds Relief’ or ‘Re: College $1000 benefit check available’ or ‘Re: NOV COLLEGE GRANT/FUNDS APPROVED FOR PAYMENT 2022’ or ‘Re: COLLEGE GRANT/FUNDS APPROVED FOR PAYMENT 2022’. All these are scam phishes asking for your cell number to evade the communication from UVic network.

The sender’s name is too generic ‘COLLEGE BOARD’ or ‘STUDENT JOB BOARD’, generic salutation and no signature, too good to be true offer. All these are signs of a phishing email.

Please do not give your personal information and do not correspond with the phisher on any mode of communication. These scams usually lead to stealing confidential information and/or duping you into giving money. Always pay attention to the phishing signs and think before taking any mentioned action.