This high volume phish received on Monday morning is a re-run of the following phish:
There could be a different sender, nonetheless still external sender. It could have different link which is still externally hosted. To better spot the phishing signs read the above post.
There is another ‘Notification’ subject phish circulating today. This phish instills a sense of fear “unauthorized login attempts to your email account” so that you would take the bait and click on the link to protect your account. Fear is one of the most common emotion exploited by phishers.
This email has usual phishing signs: external sender (you may have received this email from a different sender than the one in the image below, nevertheless, the sender is external) , generic salutation and signature, fake sense of urgency, and the link is external (not hosted on ‘uvic.ca’).
Never be in a hurry to click on links and take the bait. Always think and look for signs that would make an email illegit. This mind set helps in spotting phishing signs easily.
This is a typical phish creating a sense of urgency that your account would be deactivated. The telltale signs for this phish :
Never click on the links just because the email states it. Take a moment to think and look for phishing signs.
Today we received massive phish which is a re-run of the following:
The difference is the use of two different gmail accounts and the subject of email is changed. The senders are still external and if you hover over the link, it is an external hosted domain. Read the above given phish post to spot phishing signs.
The other subjects for this phish could be ‘UNIVERSITY OF VICTORIA.’ or ‘University of Victoria Webmail’
This phish uses scary tactic to bait you into clicking the link. If you hover over the link you would notice the beginning of the link is made to look like it is from UVic but it is hosted on an external domain and have spelling errors, and most importantly not legit. The sender address is external. Even though the sender address seems to be a legitimate University of Toronto account but these addresses can be spoofed to increase the authenticity of the email. In any case, a sender from a different university would not send legitimate email upgrade notifications, and the link does not go to either www.uvic.ca or a Microsoft site.
Never be in a hurry to click the links in the emails, just because it says so. Always look for signs that would make an email illegit.
A usual scary tactic phish observed this morning. Pretending to be coming from UVic computer helpdesk but the sender email address is external. If you hover over the link you would find that the link is actually external, which will never be the case if the email was from helpdesk.
It creates a sense of urgency that your account is deactivated which you can activate by going to the link provided by the phisher. Always think before being hasty in such situations. Look for phishing signs which are generally easy to spot if thought out in a logical manner. Whenever in doubt, reach out to helpdesk or your DSS support directly for better guidance.
If you received an email with this subject, beware, as this a phishing email looking to steal credentials.
This emails creates a fake sense of urgency by claiming that you need to verify your amazon account as it is inaccessible due to unauthorized login. The email has usual phishing signs: asking to verify amazon account but looking at the sender address you would know it is not from amazon. The link is also not hosted on amazon domain (check by hovering over the link). The salutation is generic “Dear Customer” , the email also have spelling errors, needless capitalization, the subject line doesn’t relate to the content in the email body.
Never be in a hurry to take the bait and click on links. Just be calm and look for phishing signs, you would be able to spot it. If still in doubt, always consult with helpdesk or your desktop support.
Observed a re-run of this phish from Aug 30, 2022. It can be found here:
Many of you might have received this phish today morning. Some might have received from a different sender than the one in the image. This is a high volume phish.
The content of the email is usual phishing tactic, creating a sense of urgency that your incoming emails are pending and recover by clicking on the link. The link given is external link (check by hovering over it), which will never be the case if it were to be a true scenario. The sender address is external, generic salutation, fake signature.
Never click on the links just because the email says so. Always think if it were to be a true situation what would it look like, it will make it easy to spot the phishing signs. Whenever in doubt, confirm with the helpdesk or your DSS.
Fresh phish received today afternoon. Many people have reported it. Kudos to you all!!
This phish has the tactics of scaring you into logging in on the phishers webpage.
Telltale signs:
Always think if it were to be a true scenario what would the legit email look like, if you have the answer then you can easily spot the phishing signs. Whenever in doubt always confirm with helpdesk rather than clicking on links.
Phish with this subject was received on Friday evening. This is a straightforward phish with no context whatsoever. An external sender asking if you want to claim this unbelievably large sum of money. It has nothing in it that would give you even a slightest impression of being legit. There is hardly any content in the email, just one sentence that too lacks formatting and have punctuation errors. The approach by this phisher is simple, lure you in with too good to be true offer.
Never reply to such emails. The large sum of money is always to attract potential victims.
This phish came in slowly over the period of around 3 hrs. Although the subject is to target students but staff also got it. It is very simple and to-the-point phish, creates a sense of urgency, your account will be deactivated if you don’t sign in using the link given. The sender address and the link given are both external. You will never be asked to sign into an external link to authenticate your UVic account.
Never be in a hurry to click on links just because the content of the email says so. Always look for warning signs.
Yesterday evening we received medium volume phish with the given two subjects. The reason these two types of phishes are combined in one post is that phish links are the same in these, presumably same threat actor.
Both these phishes are social engineered to invoke your curiosity as to what the voice message or shared document would be. This curiosity leads to clicking of the links. These are claiming to be Netcall service and Sharepoint but if you check the sender’s email domain its neither of those. The links also doesn’t relate to any of these services. Other giveaways are grammatical errors, salutation is your email account, urgency in the NetCall phish ‘automatically deleted after 48 hours’. The easiest way to recognize these types of phishes is asking yourself were you expecting such an email.
Never be curious and eagerly click on links, you can always check the link by hovering over it. If in doubt, report the email using ‘Report Phishing’ button or reach out to DSS or helpdesk.
Apparently, phishers don’t take the weekend off. We received this high-volume phish over the weekend. It is similar to the other paid part-time job offer phishes we have been receiving.
Phishing signs:
Please be aware of such too good to be true offers. Always pay attention to the little details that can give away it is a phishing scam.
Today, again we saw another paid part-time job offer phish circulating since yesterday evening. The telltale signs of this kind of phish are already covered in these similar phishes: fake unido part time job email and fake UNESCO part-time job offer, please read along to know more.
