Author: Laura Chan

Job scammers are a truly remorseless bunch–they have no qualms about using the name of a real UVic professor to target students who might be struggling to pay for necessities like rent, groceries and tuition, and who would therefore leap at what looks like an easy and lucrative job opportunity. This latest example shows many of the usual red flags:

• The scam came from a Gmail address. If the person claims to be from UVic but isn’t using their UVic email address, it might not actually be them.
• The sender name doesn’t match the name in the signature block. Inconsistencies like this can be a sign that the offer is a lie.
• The salary is higher than would be expected for casual student work. If it’s sounds too good to be true, it usually is.

Other signs of a job scam that may materialize later on:

• You are offered a job without having to go through an interview.
• You never get to meet your employer/supervisor before you start work. At the very least, you should have the chance to meet them on a video call during the interview or onboarding process.
• You have to pay money or a deposit as part of accepting the job.
• You are told to use your own funds to transfer money to someone, or buy gift cards and send photos with the PIN cover scratched off. This may occur after you are sent a picture of a cheque to deposit–it will eventually bounce.

In general, if a job offer comes out of the blue from someone you don’t know, it’s probably a scam.

From: A******** <a********@gmail.com>
Subject: Flexible Work Opportunity

You don’t often get email from a********@gmail.com. Learn why this is important

The service of a student research assistant is urgently required to work part-time and get paid $320 weekly. Tasks will be carried out remotely and the work hours are 8hrs/week.

To apply for this role, kindly submit a cover letter and your updated resume to the Department of Psychology via this email. Once we receive your application, we will send further details about the offer and next steps to proceed.

Sincerely
B********
[Title redacted]
Department of Psychology
Office: [redacted]

This item giveaway scam was sent from a compromised account at another Canadian university. It claims that a faculty member is giving away a number of high-value items for free and you just have to pay the delivery cost. That last part is the catch–you’ll be told to send money to a mover that the scammer specifies, but you’ll never receive the items after paying the considerable sum.

The faculty member named in this email is actually fictitious. Do a search on the name of the person who is supposedly giving away the items; finding nothing to indicate that there is actually someone by that name at that university is a strong sign that the whole thing is a scam. But even if they are real, look for signs of impersonation, such as the use of a freemail address (e.g.: Gmail, Outlook.com, Hotmail or Yahoo), or a sender address that seems to belong to someone else. When in doubt, do not reply to the email or use any contact information from it; contact the person via a phone or video call using official contact information from their directory listing.

Also note how the scam tells you to reply by sending a text message. Asking to switch to SMS or messaging apps is often a sign of a scam; scammers do this to move the conversation to a place that can’t be monitored by our security systems. Additionally, the phone number has a Washington, D.C. area code, which is not something that a real faculty or staff member from a Canadian university would be likely to use.

As the old saying goes, if it sounds too good to be true, it probably is.

You don’t often get email from [redacted]. Learn why this is important

Dear Students and Staff,

I hope this message finds you well.

Dr. Hannah Brezesky recently completed a successful business venture and has since moved into a new home. As part of this transition, she has generously decided to give away several high-quality personal items—completely free of charge, to members of our community, with a special focus on students and staff.

The available items include:

Leica Q2 47.3 MP Digital Camera (Black)

Schecter Electric Guitar

Yamaha G2 Grand Piano

PlayStation 5 (Used, Like New)

Kaabo mantis x plus electric scooter

Drone SWELLPRO FD1

All items are in excellent condition. The only requirement is that interested individuals cover the delivery cost to their preferred address.

If you’re interested in receiving any of these items, please contact Dr. Hannah Brezesky directly via text at +1 (202) ***-**** for more details. Items will be gifted on a first-come, first-served basis.

Warm regards,
On behalf of Dr. Hannah Brezesky

This scam email impersonates the university’s acting president. In all likelihood, this will turn out to be a gift card scam, where the scammer tells the recipient to purchase several hundred dollars’ worth of gift cards (typically for Apple iTunes or some other major brand). The recipient is then supposed to send photographs of the cards with the PIN cover scratched off, which gives the scammer enough information to redeem the balance. Here’s an example of how this type of scam might play out.

The red flags in this particular email:

• The email claims to be from someone from UVic but came from an external email address–this is typically a sign of impersonation.
• The request for assistance is vague and the sender asks for confidentiality. The scammer is probably trying to isolate the recipient to stop them from telling someone who might let them know it’s a scam.
• The message says to send text messages to a phone number with a 401 area code, which is from Rhode Island. The non-Canadian phone number and the refusal to take phone calls indicates this number is fraudulent. Shifting the conversation away from UVic email is often done to move it to somewhere that can’t be caught by our security systems.

Therefore, do not reply and do not contact the phone number in the email. Reach out to the Computer Help Desk or your department’s IT support staff if you need assistance.

From: Robina Thomas <office******7@gmail.com>
Subject: University of Victoria

[Recipient name],
Please let me know if you’re available. I have something I need your assistance with, and I would appreciate your confidentiality. Kindly reply to this email or, preferably, send me a text message only (no calls) at +1 (401) ***-**** for a quicker response.

Thank you,
Robina Thomas
President and vice-chancellor
www.uvic.ca
+1 (401) ***-****

Confidentiality Notice: This message, including any attachments, is intended solely for the use of the individual(s) to whom it is addressed. It may contain confidential and/or legally privileged information. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution, copying, or action taken in relation to the contents of this message any any attachments is strictly prohibited and may be unlawful

This piece was originally written by Nav Bassi on September 17, 2020, for the now-defunct UVic CISO Blog. Reposting it here as much of the content remains relevant. The sad truth is that we’ve recently been seeing a lot of phishing emails coming from compromised accounts belonging to people the recipient knows. Even if the email is from someone you know, check for signs of phishing, like messages that don’t sound right for that person/organization or links that don’t go where they say they go.

If you get an email from someone you know but it feels a bit off, don’t reply to the email. The mailbox could be compromised or the email may have been crafted to send replies to a different, fraudulent email address. Either way, you could get a reply from the phisher saying that the email is legitimate when it really isn’t. Instead, verify in person, or reach out to a different contact method (such as by phone or video call) that you already have and know is legitimate.

---

Way back in 1993, Peter Stiener drew his “On the Internet, nobody knows you’re a dog” cartoon. It was referring to Internet anonymity but I think today, 27 years later, it is also relevant for impersonation email scams.

Most people understand that phishing is a form of social engineering conducted via email, and that it is often used to trick you into revealing your username and password. But what happens after you reveal your username and password? This depends on the attacker and their motivation. Some are loud and fast, they immediately use your username and password to log into your email account and use your account to send spam or more phishing emails. Others are quiet and fast, they immediately try to use your username and password to access services on your behalf to see what useful data they can steal. At UVic, just log into your online services and think about what an attacker could do if they could see and access everything as you! Some are both quiet and slow – hard to detect, and often patient enough to try something bold.

If you receive an email from someone out of the blue, and it doesn’t sound like them, you might get suspicious. Maybe it’s the wording or language, or maybe it’s even the topic of the message, but you might use your phishing awareness training to take a closer look at the From: address or even report it to your IT personnel and discover the sending address is wrong. This is an impersonation email, and we get them all the time: An email exchange with the President (not really).

What if you are already in an email conversation with someone, having a series of back and forth exchanges? Would you notice if suddenly the response to your last email was not from them? In this case, what has happened is an attacker has accessed a person’s email account and spent time, perhaps many days or weeks, monitoring emails going in and out of the mailbox until they see something of interest. For example, a conversation about payments, and perhaps direct deposit account information:

[Attacker has access to Person A’s email account]
Person A: “Sounds good, are you ready to transfer funds?”
Person B: “Yes, can you send me your direct deposit information?”
[At this point, the attacker takes Person B’s message and deletes or files it, and responds on their behalf]
Attacker as Person A: “Yes, here it is.”

The attacker also sets up a mail rule so all emails from Person B are no longer visible to Person A; from this point on, Person B is corresponding with the attacker impersonating Person A. How long before they can tell? Do they deposit the information in the wrong account? Does Person A catch on and decide to call Person B?

Takeways:

1. Your username and password protect your accounts and the information they contain; protect them by making sure they are long and hard to guess. Expect attackers are phishing you, so take phishing awareness training and if in doubt, pick up the phone and call the sender.
2. Do not share sensitive, confidential or highly confidential information via email without password protecting it (and don’t put the password in email either!); the example above was direct deposit information but it could have been any password – e.g. Interact e-Transfer password. If your email account is compromised, sensitive information is visible to attackers and they could impersonate you to anyone you’ve corresponded with previously.
3. Check each email, even replies to emails you have sent, for signs of phishing. If you see any suspicious behaviour, pick up the phone and call the person you are corresponding with to verify.

The above post was prompted by a real event which was fortunately detected by a recipient who spotted the signs of phishing and took action.

This piece was originally written by Nav Bassi on February 20, 2020, for the now-defunct UVic CISO Blog. Reposting here as much of the content remains relevant and is referenced by many of our posts on Phish Bowl.

The email warning banner service described below has since been superseded by newer security features. Nowadays, we recommend you keep an eye out for any warning banners that say that you don’t normally get emails from the sender–if you see that banner on an email claiming to be from someone within UVic, that’s a strong sign of an impersonation scam.

---

In late December 2019, we received a number of Gift Card Scam emails. These follow the usual pattern of impersonating someone in authority to compel someone else to purchase gift cards on their behalf and send them the codes electronically. Unfortunately, it is a common fraud and some of our colleagues have been victimized by these criminals.

The best defense to detect someone from outside of the organization impersonating someone from inside is to opt-in to our Email Warning Banner Service; this provides banner warning messages at the top of All External Emails and/or External Spoofed Email (email that claims to be from UVic based on the From: address, but the actual path the email took doesn’t match).

It’s also a good idea to verify requests that involve money, especially spending or transferring, by calling the supposed requester.

The Manager of our Information Security Office received one of these during the Winter Closure and decided to reply. It all began with a single email impersonating our President:

How are you ? Where are you? i need a little assistance from you

President
Jamie Cassels
University of Victoria
Greater Victoria
British Columbia, Canada

Sent from my Device

There are some obvious clues! For example, it is an odd email to receive. It doesn’t address the recipient by name, and the wording doesn’t reflect our articulate President. The signature is also odd, “Greater Victoria” looks like it was picked based on some Googling and not by anyone actually from the city. If you receive a message like this, your best options are to:

1. Delete it (or click the Report Phishing button)
2. Call the President’s office to verify the legitimacy of the message. Since it doesn’t contain any links or attachments, you could also inquire about it’s legitimacy with the Computer Help Desk.

Don’t do this, but our Manager decided to reply:

Hi Jamie.
I am doing super awesome! How are you?
I’d be glad to be of assistance. What can I do for you?
Eric

And got a quick response back:

I’m sorry for bothering you, I really do need your assistance with purchasing (Google Play gift cards) for my friend who is a cancer patient. I promised her a Google Play card as a birthday gift but I can’t do this right now. i tried purchasing it online but unfortunately all effort to no avail.

Wondering if you could get it from any store around you ? I’ll pay back asap. Kindly let me know if you can handle this.

President
Jamie Cassels
University of Victoria
Greater Victoria
British Columbia, Canada

Sent from my Device

Again, don’t do this, but our Manager continued the exchange:

She must be a really special friend for you to splurge on Google play gift cards. But maybe she’d like to be taken out for dinner or given an InstaPot – I hear they’re all the rage right now.
What store should I go to?

The instructions that came back are quick helpful and specific; clearly some more Googling has been done to see where gift cards can be purchased. It’s a common tactic; this person has done it before, and is probably corresponding with a number of other people at the same time. Note the instructions regarding sending a photo of the cards – this is the key: they need this information to redeem the value on the cards. This is how the theft occurs!

I’m checking…from what I can find out they are readily available at the following stores Walmart, Shoppers drug mart & Canadian tire value on google play gift card ($100 denomination) × 5 pcs= 500 CAD

As soon as you pick up cards, CAREFULLY Scratch the back of all 5 cards revealing pin on each card, then take a snap shot of the back of each card showing it’s pin and have photos attached and email me, so i can have it forwarded to her e-mail address. Keep me posted,
I owe you

President
Jamie Cassels
University of Victoria
Greater Victoria
British Columbia, Canada

Sent from my Device

Now our Manager is just having a little fun at the criminal’s expense:

I’m not sure where those stores are, but I’ll look them up. When do you need the cards by?
Why do you need pictures of the cards? I can just run them over to your office in person.
Aren’t you in your office?

Clearly the criminal does not want our Manager to take the gift cards to the actual President’s office…

You could just email me with the photos of card. soon as you pick them up.

i left office, would be back by tomorrow…how soon can you pick it up

President
Jamie Cassels
University of Victoria
Greater Victoria
British Columbia, Canada

Sent from my Device

How long will the criminal keep up the exchange? Our Manager responds:

I will head out to the store shortly and will email them to you when I get them.

The criminal responds:

keep me posted.

Our Manager is playing along:

Ok, I have a bunch of cards! I’m on my way back to the office. I’ll send you pictures when I get there.

Oops, looks like the criminal is getting impatient:

Still waiting

President
Jamie Cassels
University of Victoria
Greater Victoria
British Columbia, Canada

Sent from my Device

Our Manager provides a classic Canadian response:

Ok, sorry.

The last message of the exchange:

Hello
Could you please send me the photo attachment of the gift cards?
Thanks

President
Jamie Cassels
University of Victoria
Greater Victoria
British Columbia, Canada

Sent from my Device

Takeaways: Gift Card Scams and other forms of Business Email Compromise rely on trying to trick the recipient into believing the criminal is a trusted individual within the organization authorized to make whatever request is being made. The best way to defend yourself is to:

1. Opt-in to our Email Warning Banner Service to give you a visual cue that the message is from outside the organization and/or it is misrepresenting itself from inside when it’s really outside***
2. Pick up the phone and verify any and all requests that involve spending money or transferring funds.

***There are some legitimate situations where a message could be from outside the organization but represent itself as inside. For example, if you are using an external third-party mailing list service to email a newsletter, the email will come from the service outside of UVic but may have a UVic email address appear in the From: field to represent it as from a UVic sender. This is why we generate a banner to inform and empower the recipient instead of just blocking these messages.

Final thought: One of the reasons scams like this work is because they mimic our own practices. If we regularly ask our colleagues to purchase gifts cards via email, and also ask for photos of the redemption codes via email, then it is harder to detect this type of scam as unusual behavior. We should alter our practices to include, for example, telephone verification, so that it’s more difficult for someone to mimic our own practices. It is worth thinking about some of our activities that involve funds, and could therefore be a target for criminals, to see whether they are susceptible to fraud and how we can reduce this risk. Remember the old security saying: Trust, but verify.

This email claims to be a document signing request from UVic. However, the sender (not shown here) was a long, partially randomized address from outside of UVic, which is the first red flag. The grammatical errors (especially the lowercase “victoria”) and the copyright footer’s erroneous reference to “University of victoria Corporation” are further signs that this email wasn’t actually from UVic. Hovering over the link will also reveal that its destination is not UVic or one of the cloud services that UVic has approved for university business.

Always look carefully at the email before you click on anything. Generally speaking, if the email doesn’t look quite right, it probably is a phish.

Signature-Required:University of victoria Resolution Document Completion Notice

Hi [redacted],

University of victoria Completed Document has been assigned to you for timely review and completion report.

File Name: University of victoria_Q4Remittance/Submission.pdf

Assigned To: [redacted]@uvic.ca

Open Document [link in big blue box]

Please take a moment to review this document for University of victoria.

---

Explore more with University of victoria

© Copyright University of victoria Corporation 2025.

Sometimes phishers send phish through OneDrive using compromised accounts, and other times they just create imitation OneDrive emails. This phish falls into the second category. Signs that this is not a real OneDrive file sharing notification include:

• The sender is not from UVic or Microsoft
• The “RECIPIENTS REAL DOMAIN LLC” banner is generic/placeholder content that wouldn’t be present on a real OneDrive email
• There are errors in spelling (e.g., “Adjusment” and “Automatated”) and capitalization
• Hovering over the link shows that it does not go to UVic or Microsoft

You don’t often get email from info@******centre.com. Learn why this is important.

RECIPIENTS REAL DOMAIN LLC

Uvic,

You have one New Document waiting on your OneDrive

Document Details

File:
5894 Adjusment to Fiscal Policies Q4.pdf
Size: 23.12kb
Date
September 01, 2025
Note:
You are required to review the shared document and advise accordingly

[Button/link: View on OneDrive]

3584059-359-6-46-492-693-02035

This is an Automatated OneDrive Communication. Do not reply to this mailbox.

This is a classic account deactivation phish that pretends to be from Microsoft Office 365. It creates a false sense of urgency and threatens you with account deactivation to trick you into hastily clicking the link. However, if you hover over the big red “VERIFY NOW” link, you will find that it goes to a site that isn’t from Microsoft (or UVic). Other signs that something isn’t right about this email include the awkward wording/bad grammar and the long random text in the sender address and subject. If you manage to find the end of the sender address after all that random text, you can then see that the sender is not from UVic or Microsoft.

From: <SysadminSExchangeServerGE8YI27DX[…long random text omitted]
Subject: Authenticate Your Account Activity #42e77c85919f7bec71588667c799a78f

Office 365

Attention [username redacted]

As part of our scheduled security and compliance process, we will be deactivating inactive Microsoft accounts on August 22, 2025

Please verify your account status ([redacted]@uvic.ca), remains active by completing the verification below.

[Link: VERIFY NOW]

To avoid any disruption, complete this verification within 48hrs.

These phishing emails claimed to be from various UVic department chairs in an attempt to make the emails look legitimate and important. However, looking at the sender information raises some red flags: not only does the name not match the name of the department chair, but the email address is also not from UVic. That’s a strong sign that this is an impersonation attempt and you should not open any links or attachments in the email.

Not surprisingly, salary increases and bonuses, or important internal documents, are some email themes that phishers regularly use to lure people into clicking links and attachments. If you are sharp-eyed, you might also notice that there’s a zero instead of an O in “B0NUS”. This is a further sign that the email is not legitimate.

If you opened the attachment, run a full malware scan on your device as a precaution, and contact the Computer Helpdesk or your department’s IT support staff immediately. Be wary of documents that ask you to click on a link to login or access the real content. Also, watch out for and report any MFA pushes that come from outside of the country that you’re in, and change your password immediately if that sort of MFA push comes your way.

From: N********@*****.edu
Subject: Dr. J***** ****** shared a file with you- FACULTY & ᏚTAFF B0NUS

Attachment: [Word Document icon] FACULTY & ᏚTAFF B0NUS.docx

Some people who received this message don’t often get email from n********@*****.edu. Learn why this is important

Dr. J***** ****** shared a file with you- FACULTY & ᏚTAFF B0NUS

From: N********@*****.edu
Subject: Dr. M****** ******* shared a file with you- Essential_Departmental_interview

Attachment: [Word document icon] Essential Departmental Inter…

Some people who received this message don’t often get email from n********@*****.edu. Learn why this is important

Dr. M****** ******* shared a file with you- Essential_Departmental_interview

This email might look like it came from UVic, but in reality it’s a phishing email that leads to a fake CAS login page. Notice how the email threatens you with account deletion if you do not act immediately–the phisher is trying to trigger your fight-or-flight reaction to make you act hastily and do something that isn’t in your best interest. If a message leaves you with a feeling of fear, urgency or panic, try to pause for a moment and take a few deep breaths before you click or reply, then examine the message to see if there are any red flags.

In addition to the urgent and threatening language, other signs that this message is a phish are:

• The sender address: although the email claims to be from UVic, the email came from an educational institution in Poland (probably a compromised account)
• The generic, impersonal greeting
• The link destination: hovering over the link shows it does not go to a site from UVic or Microsoft

If you clicked on the link from this email, contact the Computer Helpdesk or your department’s IT support person immediately, especially if you entered your username and password.

From: University of Victoria <[redacted].edu.pl>
Subject: Action Required – Webmail Account Verification

You don’t often get email from [redacted].edu.pl. Learn why this is important

Dear User,

As part of the update to our Webmail platform for the year 2025, we kindly invite you to verify your account to ensure its proper functionality.

• VERIFY MY ACCOUNT [link]

Please note that all unverified accounts will be considered inactive and will be deleted within 72 hours of receiving this message.

We appreciate your understanding and remain available for any assistance you may require.

Best regards,
IT Support Team University of Victoria

This grant scam impersonates a Canadian non-profit research organization and specifically targets UVic students by claiming to offer monetary grants to students. The attachment even includes MITACS and UVic logos to make the offer look more legitimate. However, there several signs that this is a scam:

• The email came from a Gmail address–UVic or MITACS would send real grant notices from their organizational email email addresses, not using a free email provider.
• The email says you were specifically selected based on your performance, but the email is addressed impersonally.
• The formatting issues within the email and missing signature block give it a less-than-professional look.
• The attachment directs you to apply by contacting a phone number with an American area code. If you are told to apply by SMS, it’s probably a scam. It also uses language that creates a sense of urgency to get you to act hastily.

If you replied to the scammer, contact the Computer Help Desk or your department’s IT support person immediately for assistance.

From: MITACS GLOBALINK <o*******2001@gmail.com>
Subject: CONGRATULATIONS!

Attachment: [PDF] MITACS STUDENT GRANT SCHEME.pdf

You don’t often get email from o*******2001@gmail.com. Learn why this is important

 

MITACS STUDENT GRANT SCHEME

To whom it may concern _{We are delighted to offer you a grant to support your academic, personal use and research endeavors at University of Victoria (UVic).}

You were selected based on your academic performance and potential to make meaningful contributions in your research aspect.

Find the attached details,

Piano and welder scams are two variations of the same tactic: the scammer claims to offer a large valuable item for free, but then tells anyone who replies that they’ll need to pay to have the item shipped from out of town. At that point, the scammer will provide an email address for a supposed moving company, which will often be from a free email provider like Gmail or Outlook (not exactly a professional look!). That moving company will turn out to be fake–if you contact them to make arrangements and pay them money, you’ll never hear back from them again and never receive the item you were expecting.

The latest batches of these scams are impersonating a real person from UVic to make the offer look more legitimate. Check the sender information and reply address carefully; if the email was sent from or tells you to reply to a non-UVic email address, in all likelihood it’s a scam and not actually from the person it claims to be from. The fact that you are told to reach out using your personal email is another bad sign; that is a common trick used by scammers to move the conversation away from UVic’s monitoring.

Also, in the examples below, the faculty or staff member who is supposedly giving away the piano or welder is actually fictitious. The poor grammar is an additional red flag.

From: [redacted] <[redacted]@optonline.net>
Subject: FREE PIANO DONATION.!!!

Attachments: [three photographs of a black Yamaha baby grand piano sitting on an ornate rug]

You don’t often get email from [redacted]@optonline.net. Learn why this is important

Dear Student/Staff/Faculty,

One of our staff, Mr. Mark Gary is downsizing and looking to give away his late dad’s piano to a loving home. The Piano is a 2014 Yamaha Baby Grand size used like new. You can write to him to indicate your interest on his private email ([redacted]@writeme.com)to arrange an inspection and delivery with a moving company. Kindly write Mr. Mark via your private email for a swift response.

Best regards,

[redacted]
University Advancement
[redacted]@uvic.ca
University of Victoria
https://www.uvic.ca

From: [redacted] <[redacted]@gmail.com>
Subject: Disposal Of Welding Machine And Tools Box

You don’t often get email from [redacted]@gmail.com. Learn why this is important

Dear Student/Faculty And Staff,

One of our staff at University of Victoria Ms Mary Figuerova, Assistant Professor. is downsizing and looking to give away her late dad’s Miller 951937 Dynasty 300 TIG Welder w/ TIGRunner Pkg & Wireless Foot Control, With A Complete Set Of Snap On Tools Box And Accessories.
If interested in any of the equipment  kindly indicate by sending her a mail via your personal email for a swift response.
to indicate your interest in any of the listed items contact her on her private email address ([redacted]@outlook.com) to arrange delivery with a moving company.

Sincerely,

[redacted]
Member Of The Board
University of Victoria

Phishers often try to create a sense of urgency to get people to click the link in haste, and that tactic is on full display in this fake HR email. If you receive an email that claims to be from HR, especially one that seems urgent or feels intimidating, first take a few deep breaths, and then look closely at the email to see if there are signs that it’s fake. This one has quite a few red flags:

• The email did not come from UVic (in fact, the phisher appears to be abusing a compromised account at another university). A real UVic HR email would come from a UVic email address.
• The email was sent to hundreds of people, many of whom were not from UVic. That is a strong sign that this is a non-targeted mass phishing email and not a genuine HR notification.
• The greeting is impersonal, there is no signature block, and the email doesn’t specifically mention UVic.
• Hovering over the link will reveal that it does not go to a page from UVic; it actually goes to a page from a free online form builder.

From: [redacted]@********t.edu
To: [redacted] + 397 more
Subject: October 2024 Staff Report and Individual Assessment

You don’t often get email from [redacted]@********t.edu. Learn why this is important.

Assessment Dear Team,
I am pleased to inform you that the HR Department has recently finalized the Staff Report for October 2024.  It is imperative that you treat this matter with urgency.

Attached below, you will find the relevant file that contains your individual Assessment Report. Please open it to access the information

Click Here [link] To View Report

Thank you for your prompt attention to this matter.

Once again, job scammers are impersonating real UVic professors to target students in need of extra funds to pay for tuition and other necessities. This latest batch isn’t as elaborately written as the last one posted here, but still has some of the usual red flags:

• The email came from a Gmail address. If a job offer comes from or tells you to contact an address from a free email provider like Gmail or Outlook.com, it’s extremely likely to be a scam.
• The name of the sender does not match the signature block. Inconsistencies like that can be a sign that something is not right with the email.
• The scammer may be trying to create a false sense of urgency by saying a student is “urgently required” to trick you into replying hastily.
• The salary is too good to be true–$320 per week for only 8 hours of remote work is well above the typical wage for co-op or other student jobs.
• Although there are no glaring grammatical errors, the wording still comes across as stilted and awkward.

If you replied to the scammer, cease contact and reach out to the Computer Help Desk or your department’s IT support person for assistance.

From: P***** C***** <[redacted]@gmail.com>
Subject: Student Job Opening

You don’t often get email from [redacted]@gmail.com. Learn why this is important.

The service of a student is urgently required to work part-time as a student administrative assistant in the Department of Biology and get paid $320 weekly. This is a remote opportunity and work time is 8 hours in a week.
To apply, please submit your resume to the Department of Biology via this email address to proceed.

Sincerely
Dr. ****** B*****
Professor
Department of Biology
Office: CUN ****

Job scams aren’t the only way that scammers try to take advantage of students in financial need–they are also sending out scam emails claiming to offer grant money. In this case, the tantalizing offer of a few thousand dollars that don’t need to be paid back is very likely to be a pretext for a cheque overpayment scam.

Notice how the email says you are supposed to use almost half of the funds for “humanitarian service for a disabled student”. In all likelihood, that means that the scammer will tell you to cash the cheque and then send some of the money to another person or bank account specified by the scammer. A few days after you do that, the cheque will bounce and the money you transferred will effectively come out of your own funds, meaning you’ll have lost a non-trivial amount of money. (Also, the scammer’s math doesn’t add up; $2700 + $2200 = $4900 and that’s more than the amount on the cheque!)

In addition to the above, there are many other red flags:

• The email was not sent from UVic, a provincial government (such as gov.bc.ca), or the federal government (canada.ca or something ending in gc.ca).
• You are told to apply by emailing an Outlook.com email address. If you are told to contact an address from a free email provider, the grant is very likely to be a scam.
• The scammer wants you to reply from your personal email and provide your mobile phone number. Scammers use this tactic to move the conversation away from UVic’s monitoring and security controls.
• The scammer also asks you to email other personal information like your address and where you bank.
• The greeting is impersonal.
• The email contains awkward wording and grammatical errors.
• The signature of “Canada Student Grant” is vague/generic and does not mention UVic or a specific government department.
• While the message looks like normal text, the whole thing is actually an image–that’s a strong sign that the message is not legitimate and the scammer has done that to evade spam filters.

If you replied to this email, cease contact with the scammer and reach out to the Computer Help Desk immediately for assistance.

From: [redacted]@[redacted].net
Subject: Dear Qualified Student

You don’t often get email from [redacted]@[redacted].net. Learn why this is important.

Dear Qualified Student,

Your 2024 Grant has been approved and payment check is ready for immediate disbursement

Take note this is a grant, and you’re not obligated to pay back. We believe this will help students in containing educational fees and personal bills.

The payment will come via Check for MOBILE DEPOSIT, and this is because of theft and loss of pay checks in the mail delivery by Canada Post, UPS/FedEx etc.

The grant board will issue you a check of $4,700.00. However, your approved grant amount is $2,700.00 and $2,200.00 slated for you to carry out a humanitarian service for a disabled student whose details will be sent to you once the grant funds have been made available. This is a general outreach to support students and to also support other disabled/less privileged individuals within the student Community.

Kindly reconfirm the below to begin the immediate claims process.

Full Names:
Mobile Number:
Address (Postal code included)
Specify name of Bank (TD, RBC, BOM, CIBC SCOTIA ETC)
Age:
Personal email:

Important Note: you are to contact the claims officer Mr Neil Trotter on ([redacted]@outlook.com) and your email to him must come from your personal email account (Gmail, Yahoo, Hotmail, iCloud etc) and not your school email. Failure to comply to this simple instruction means your eligibility for this grant will be disregarded.

Contact Person: Neil Trotter
Contact Email: [redacted]@outlook.com

Only send application to the above email address [redacted]@outlook.com

I await your prompt response.

Regards,
Canada Student Grant