Author: Arshdeep

This phish creates a sense of urgency by pretending to be sent from human resources dept that if you don’t click on the link to update your tax information that could affect your pay. Phishing signs:

1. External sender address
2. The link is external (always check by hovering over the link).
3. Generic signature.
4. Fake sense of urgency.
5. Scary tactic.
6. Formatting issues.

Never be in hurry to click the links just because the email says so. Pay attention to the details and try to look for any red flags. Whenever in doubt, please confirm with the helpdesk.

Another run of Canada post phish.

This phish is quite similar to the below given Canada post phish including the phishing page. Check the following post to spot the phish signs:

Pending Delivery – Canada Post

 

This phish is a re-run of the following phish already encountered by UVic:

RE: ICT-Service-Desk

Check out the above post to learn more about this phish.

 

This high volume phish has been circulating since last evening. The subject of the phish might vary with different department names. This phish has been observed by other institutes as well:

1. https://www.wku.edu/its/phishbowl/emails/index.php?view=article&articleid=8234
2. https://itsecurity.umbc.edu/critical/post/98547/

This phish seems to be a way of spreading fake news. Please don’t respond to this email or forward it to your contacts.

 

This Canada post impersonation delivery phishes have become common occurrence at UVic. But this morning, UVic users received it in bulk.

It claims to be Canada Post but the email address is not from Canada Post domain. The link in the email is also not hosted on Canada Post domain. The email creates a fake sense of urgency that a package is waiting to be delivered. These types of emails can create curiosity in users to know what package they might have received even if they didn’t order it. The delivery cost demanded is quite low which is to let the user’s guard down and the user might take the risk and visit the link. The phisher’s here are not after the amount but the card information that a user might fill out on the phishing page hosted on the given link which is very good imitation of Canada Post page. (The link was investigated by InfoSec in a locked environment.)

Always think whether you were expecting a delivery or not. It is always best to confirm with the organization mentioned in the email via other means of communication before proceeding any further.

Phishing page:

The shared document phishes can get tricky to spot as the sender email address is a standard Microsoft sharepoint address. Hence, it becomes difficult to find out whether the document shared is phish or not. In such cases, first and the foremost thing is to think if you were expecting such document to be shared, do you know the sender (identified by sender name) if yes then confirm with the sender by other means of communication. If a UVic user will send a shared document from their online sharepoint, then the link will be hosted on ‘https://uvic-my.sharepoint.com/’ which is not the case for the link in this phish email. Always check the link by hovering over the link, never by clicking the link.

This high volume phish has clear phishing signs. The subject is to create a false sense of urgency which is a common tactic used by phishers to lure the users. It has a weird and fake sender name and address. No salutation (means it’s a mass send email). The link given is external which will not be the case if it were to be legit.

Although, this email is visibly phishy but it becomes an issue if there is a coincidence, for example someone was actually facing email issues and gets this email, they might correlate. Hence, it is always best practice to think and look for phishing signs and never be in a hurry. If in doubt, confirm with helpdesk or your DSS.

 

If you received this phish, with either of the above subjects, claiming to be from CRA please be cautious and do not click on the link provided. This phish has a usual tactic of phishers to give a too good to be true offer.

Some of the warning signs: Sender name is vague and fake, “Canada”, sender email address is not hosted on CRA domain, generic salutation (CRA know your name beyond just “client”), the link is external to CRA i.e., not hosted on CRA domain.

The best way to confirm such emails is either to call CRA directly or if you have an online account with CRA, sign-in to your CRA account (only on legit CRA website) and check emails or notices in the “Mail” section. Never fall for too good to be true offers, always question the possibility of such offers.

Note: sender address could be different, from the above image, in the phish you may have received.

This phish was received by our organization this morning. Nothing new with this phishing email, the usual tactic asking to update your mailbox.

Phishing signs: external sender asking you to update your UVic mailbox, ‘RE:’ in the subject is to create a fake sense of ongoing email thread, external link (check by hovering over), fake and vague signature, and formatting errors.

Never be in a hurry to click links, always take a moment and think what could make an email, a phish.

This phish, circulating over the weekend, is clear indication that phishers are also humans who make mistakes. It seems this phish was targeted for another university accidentally sent to UVic.

Telltale signs of this phish:

1. External sender. (Which cannot be the case if UVic accounts need update)
2. External link (not hosted on uvic.ca)
3. No salutation and fake signature. (Not from legit UVic Office)
4. Access code is given which needs to be filled out when asked after clicking the link.
5. Outlook logo, is to make the email seem as legitimate.

There is no reason for UVic users to click on this link. Please be aware of phishing tactics and try to spot phishing signs before taking the bait of the phishers.

This phish is clearly a scam email. Eventually this email would either go in direction of romance scam where they will ask for your money for different fake reasons or could be inheritance/beneficiary scam where they inherited money and want your help transferring the money. In any case, if indulging in such scam emails will eventually result in one giving up one’s personal or confidential information (such as bank account details), or duped into giving one’s money.

Be aware of such scam emails and never indulge with unknown external senders.

This phish was received by our organization over the weekend. It is a re-run of the phish we received in August:

Emergency Warning: Mailbox Quota Exceeded

Please check out the above post to spot the phishing signs.

This is a financial scam phish which gives you a too good to be true offer of low rate in times when prime and inflation rates are rising.

Although it is not an easy scam to spot but some phishing signs can be observed: sender’s email address is similar but different from their website domain, the attempt here is to make the address look similar so that sender appears legit. If you google the name of this company, the address and phone number mentioned on google is different from the one mentioned in the email. This is not to say that the company itself is legit. Upon investigation on the company website mentioned in the email, it is a scam website to lure in customers. The website mentions they have decades of experience but this website is only 1.5 yrs old. The physical address given in this website is yet again a different address from google and the email one.

It appears that this scam is related to the scam mentioned in this customer review:  https://www.bbb.org/us/ga/alpharetta/profile/financial-services/watermark-financial-0443-28095495/customer-reviews#1318360557

Disclaimer: We have investigated this website in locked environment. Please never be curious to visit suspicious websites for curiosity or investigating yourself, such websites could be malicious.

Note: One could have received this scam email from a different sender than the one mentioned in the screenshot.

This subject used by this phish is clearly to catch attention and create a fake sense of urgency.

The obvious phishing signs are: external sender asking you to update your UVic account, sender name is clearly fake, grammatical errors, weird formatting and link provided is external (check by hovering over it).

Never be in a hurry to click on links, always think about the plausibility of the email being legit. If in doubt, always confirm with helpdesk or you DSS.

Another fake UNICEF part-time job email spotted at UVic.

This scam email is constructed to look like that a UVic office is informing about this opportunity. The phishers use such tactics to increase the legitimacy of the email. But if you look closely, the signature “Academy Career Opportunity” is a fake office and the sender address is external. Big red flag is when the email states to contact an entity from your personal email and not from your school email, this is to avoid detection from UVic network.

Never respond to such scammers. Always pay attention to the phishing signs. Report such emails via report phishing button or to helpdesk and help protect UVic users from falling prey to such scams.