Message is advising you that you have pending messages and a warning that you email is blocked. Scare tactic to get you to follow-up quickly
There are two malicious glitch.me links here. One at the time of assessment was broken, the other lands on a Fake Zimbra Email Service logon page.
This is not from the UVic Help Desk.
Multiple recipients received what appeared to be a Word Document shared from OneDrive. Link takes you to a compromised Sharepoint site. If you attempt to open it, you will be sent to a office form requesting your Email ID and Password. We will never ask you to provide your email ID and password, most especially displaying it in plain text or via a form.
Attempting to alarm you into clicking the link before you lose your email service, this phishing campaign lands on fake page asking you to verify a captcha prompt before landing on a fake UVic Web App logon page.
This is not a legitimate UVic mailing nor website. When you hover over the provided link you will see that this is not a UVic email service.
Malicious PDF attached to fake UVic Shared Document phishing campaign.
No content or context included in message. Note the external warning banner and the non UVic email.
We recommend that where possible you configure your email client to not only show the “Friendly Name” of the sender but also the full email address.
Friday Campaign #1: Fake Account Termination campaign with link landing on fake Outlook Web Access (OWA) logon.
Note the sense of urgency this perpetuates.
Reminder that any account access concerns can be remediated with a consult with the Computer Help Desk. This is not a communication from our University Systems team.
This morning’s fake HR/Payroll notice redirects to a suspect logon form in attempt to grab your credentials (username/password). This is not a legitimate mailing from UVic nor our HR/payroll office.
If in doubt, avoid the links and contact the Payroll office directly to verify.
This morning’s phishing campaign is a fake Covid-19 campaign. Although the scammer made use of our logos etc., the link goes to a malicious cabanova.com web page.
This is not a legitimate mailing or UVic funding campaign. Please advise your IT Support contact or the Computer Help Desk if you have clicked this link.
Another abuse of the wix web hosting service. This one is a fake quota warning attempting to cause anxiety about losing your ability to send or receive email. Consider their warning. Why would you have to verify your account because of a quota block? If you want to check anything related to your “account” ignore the link and go straight to the UVic Portal.
Any email processing issues not quickly resolved by a search of our UVic Support pages can quickly be explained by making a call to your IT Support contact or the Computer Help Desk.
Another one from yesterday posing as a remittance payment. For those of you who handle plenty of accounting related processes, you can be a target here. Others of us expecting payment for some service, if curious or assuming the timing is right, may not recognize the red flags right away. Note sender. Note external banner.
Some UVic staff will expect and deal with external vendors and mailings all the time. So it’s particularly important to use caution. Ask yourself if you are expecting payments, is this a known vendor, do you have a purchase order etc. that matches such a payment?
For those of us that would only expect such a payment from a UVic source, using external banner warnings lets you know this was not sent from UVic. Some guidance on the availability of these banners and other options are available here.
In this case, this is not likely a known or expected sender. Always pause, check the accounts that should have or will receive any expected payments. Verify. Verify.
Pause. Receiving an HTML attachment is likely less common and more often not legit at all. Any attachment can be problematic or malicious including the common PDF or Word document. Treat any attachment as suspect.
Downloading and executing this malicious .html attachment eventually leads to a prompt for you to give away your credentials by logging in to a fake logon window.
If you have concerns or questions about such an email and/or attachment, or would like another set of eyes to examine the email, do not hesitate to contact your department IT support or the Computer Help Desk.
One of today’s phishing emails plays on encouraging an urgent response.
There are many flags in this messages.
This site will land on a Fake Outlook Web Access (OWA) logon page. Note that in this case, there is a Wix banner. UVic does not host advertisements on the OWA logon page.
Today’s phish is similar to the Updated Salary Schedule campaign we saw on Wednesday, only, instead of a PDF attachment, you are guided to click a problematic link.
You probably were not expecting a revised salary “schedule” and if you were, always best to check with your payroll service. The linked site is currently down but this is not likely the last of the variants of these malicious benefit and salary campaigns that we will see.
A common tactic used by those sending phishing campaigns is to alarm you with urgent and disruptive messaging. They want you to panic and attempt to rectify quickly urging you to click their link. We do not send these sort of mailings. If you discover problems with your account, you can call the Computer Help Desk for assistance.
Although a UVic email was spoofed here, you’ll notice that in this sample there are two external banner warnings letting you know this was not sent from UVic. Some guidance on the availability of these banners and other options are available here.
If such a mailing does seem or look legitimate, PAUSE and instead of clicking links, go to the UVic Portal to check on your account or contact the Computer Help Desk.
Thank you to those of you who continue to report these suspicious emails.
We are seeing a fake “Unusual Activity” warning asking you to click a non-UVIC link to at 1apps.com. We do not use this service and if ever needing to change or update information with your account, we will not send you a link to do so.
For any account updates, changes, verification, etc, always go directly to your “known good” uvic.ca portal instead of following email links.
You also will not receive abrupt threats indicating your account will be terminated or disabled. Any de-provisioning actions will be tied to regular communication protocols typically with much advanced warning.
The link will bring you to a page that does look like uvic.ca with mask mandate banner and all, but pay close attention to the Internet Address. This is not a UVic service.
Thank you for your continued reports of suspicious emails. If you have any concerns, please do not hesitate to contact your IT Support, or the Computer Help Desk where they will escalate to us as appropriate.
Another scare tactic. Fake IT Help-desk message reporting high-level case/incident and requesting you to fill out of form to acquire new security software.
Again the sender email looks suspicious. You may or may not see that depending on the email client you are using.
The logon page may raise your suspicion as well. If you accidently click and submit your username and password, it will behave as if it was successfully accepted.
You’ll also notice this supposed support site is hosted on *moonfruit.com, another commonly exploited and abused service for phishing campaigns.
Most major software deployments would typically be coordinated with your assigned IT Support person and commonly there would be some internally shared communication as a precursor to such deployment or notice.
Taking advantage of the more recent heightened concerns about the Covid19 Delta variant, this phishing campaign leads to a Fake Public Health Agency of Canada, asks you to logon and then asks you a couple of general health questions.
The intent is to capture your login details and acquire sensitive personal health information.
Hovering over the Internet Address/URL in the body and/or if clicked, looking at the full URL, you can see this page is hosted at 000webhostapp.com, a commonly abused domain for such phish campaigns.
Depending on how you view this email, you may or may not note the suspicious email address as well. See above capture.
If you do not detect this as a phishing scam and do submit information in the form, it will quickly accept your submission and redirect to an IPAC site.
Please continue to be vigilant in reviewing these emails and thank you for all of the phishing submissions. Do not hesitate to contact your support person should you have any concerns.
