Yamaha Piano donation

If you get an unsolicited email that offers to give away something valuable for free and it’s not from someone you know, it’s probably too good to be true. This is very likely to be the case when someone says they are giving away a late family member’s grand piano–emails of that sort are a common scam. Some versions may even attach photos of the supposed piano, but they’re probably stock images or ripped off of somebody else’s listing. If you are told to reply from personal email or a different communication method, that is a red flag as well; scammers do this to move the conversation away from UVic email to avoid detection.

If you reply to indicate you’d like the piano, you’ll be told to contact and pay a “moving company” to ship the piano from out of town, but the moving company will turn out to be fake and you’ll never receive a piano after you’ve paid up. In general, it’s extremely risky to pay a random person or moving company for a piano (or other item of value) sight unseen; the item may not actually exist or not be what you were expecting.

Watch out for versions of the scam that impersonate real people at UVic. If the email was not sent from a UVic email address, or you’re instructed to contact an email address that is not from UVic, you can be certain the email is a scam. If in doubt, don’t reply to the email–to determine the email’s legitimacy, contact the person through another method that you know is safe (e.g.: using the contact information on their directory entry or by asking in person). Sometimes, one name will correspond to a real person at UVic but the other one will not, which is another sign of a scam.


A typical scam email offering a free piano

From: Paulina Hagerman <s*********8@gmail.com>
Subject: Yamaha baby grand 05/13/2024

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hello,

I’m offering my late husband’s Yamaha Piano to any music enthusiast who may appreciate it. If you or someone you know might be interested in receiving this instrument for free, please feel free to reach out to me.

Warm regards,
Paulina

A piano scam with photos attached, impersonating a real UVic employee but mentioning a person who doesn't actually work at UVic

From: [impersonated UVic employee] <[redacted]@gmail.com>
Subject: Yamaha Piano donation

Attachments: [Three thumbnail images showing a Yamaha baby grand piano from different angles]

Dear Student /Staff/Faculty,
One of our staff, Mr.Stephen Whitehead. is looking to give away his late dad’s piano to a loving new home. The Piano is a 2014 Yamaha Baby Grand size used but still new. Kindly write to him to indicate your interest on his private email( [redacted]@mail.com) to arrange an inspection and delivery with a moving company. Kindly write Mr. Stephen Whitehead via your private email for a swift response.

[impersonated UVic employee]
Assistant to the Dean
https://www.uvic.ca

University of Victoria_Update

This phish specifically targets UVic and contains many of the classic red flags:

  • The email was sent from someone outside of UVic
  • The greeting is impersonal
  • The message creates a sense of urgency and threatens you with an adverse impact
  • The message contains many grammatical errors
  • The signature is generic and doesn’t mention UVic

Hovering over the link without clicking on it (or holding down your finger on it on a mobile device) will reveal that the link goes to a page from a free online form builder. A legitimate UVic login page would not be hosted on an online form builder.

If you entered credentials on the phishing page, change your password immediately and contact the Computer Help Desk or your department’s IT support person.

Phish email specifically targeting UVic by asking you to update your account


From: [redacted]@h******.se
Subject: University of Victoria_Update

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hello user,

This is the last and final notice or our administrator will disable your access to your email.

Please click here to upgrade your University Of Victoria_Update your account security by completing the required details to avoid the deactivation of your University of Victoria edu account.

A cordial greeting wu,
IT Service Desk (c)2024

Uvic Employee Salary Increase Approval 2024/25

Who wouldn’t like a salary increase, especially when the cost of living continues to be so high? But that’s precisely the feeling that phishers are trying to take advantage of when they create these kinds of phishing emails. Here are some signs that the email is not legitimate:

  • Although the message claims to be from payroll@uvic.ca, the sender information shows the email was actually sent from a non-UVic address.
  • The message greets you with your email address instead of your name.
  • The capitalization of UVic is wrong, there’s a spelling error in the sender name, and the wording of the message is awkward.
  • The email creates a sense of urgency to get you to act hastily.
  • Hovering over the link shows that it does not go to uvic.ca.

Fake salary increase email with a link to a phishing site

From: HR Deparment | uvic.ca e-Sign <yonet926@********.ne.jp>
Subject: Uvic Employee Salary Increase Approval 2024/25

This message was sent with high importance.

Hi ********@uvic.ca,

HR Department (payroll@uvic.ca) shared a new pdf file “Uvic Employee Salary Increase Approval Letter.pdf”  with you securely for your urgent attention.

VIEW DOCUMENT [phishing link]
1 item, 54.5 KB in total · Expires on 29 March, 2024

Report to uvic
© 2024

#Your Invitation to participate..

Job scammers are continuing to try to take advantage of students looking for extra cash to help pay for tuition, housing and other essentials in these times when the cost of living is so high. Below is yet another job scam that impersonates a real UVic professor.

For more information on job scams and how to spot them, see also these guides from CBC News and TD Bank.

Red flags to watch out for
  • The email came from a Gmail address. A real UVic job opportunity should be announced from a UVic email address. Ones that come from a free email provider like Gmail or Outlook are probably scams.
  • The pay is too good to be true for a part-time student job that requires no prior experience and is open to anyone.
  • The offer implies that there will be no job interview before you get assigned a work schedule. A legitimate job should give you a chance to meet the employer in person or on a video call before you accept an offer. If you are accepted without an interview, the job is very likely to be a scam.
  • The email asks you for an alternate email address and cell phone number. Scammers often do this to shift the conversation away from UVic email and evade monitoring.
  • The subject line contains punctuation errors.
Common methods that the scammers use to steal money from people who reply
  • They ask you to purchase gift cards from a local store and send photos of the cards with the PINs revealed. That gives the scammer the information needed to use the funds on the cards. The scammer either will not reimburse you at all or give you a cheque that will ultimately bounce a few days later.
  • They give you a cheque to deposit and tell you to transfer some of the funds to another person and keep the remaining funds (cheque overpayment scam). A few days later, the cheque will bounce, meaning the amount you transferred is gone from your own funds.

If you replied to the scammer, reach out to the Computer Help Desk immediately for assistance.

From: Dr. [redacted] PhD.
Subject: #Your Invitation to participate..

You don’t often get email from dg3******@gmail.com. Learn why this is important.

Hello,

If you may be interested in working as a temporary research aide collecting data remotely and earning $300 weekly, indicate interest by providing the required information below and I will send you a follow-up email detailing your work schedule.

This is an adaptable job that requires no prior experience irrespective of your major discipline.

Full Name:
Cell #:
Alternate email:

Regards,

Dr. [redacted] PhD.
Professor,
Health Information Science
HSD Building, A***
Victoria BC   Canada

Payment Confirmation

Always be wary of unexpected or unsolicited emails that contain attachments as they may contain malware. The vagueness and generic nature of this message should be a red flag and may be a ploy to get you to click on the attachment. Since the message does not address the recipient by name and provides no information about the supposed payment, it’s likely that it was a mass mailout and therefore not a legitimate invoice.

If you’re inclined to think that the attachment should be harmless because SVG is an image format, think again! SVG files can actually contain embedded scripts, meaning they can be laced with malware, which is definitely the case for this sample. If you clicked on this attachment, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

Vague email claiming to be an invoice but the SVG attachment actually contains malware

From: allen.lopez@o******.com
Subject: Payment Confirmation

Attachment: [Generic file icon] RTVBAS05GDBA09.svg (2 KB)

Payment Received, attached is your invoice.

“Hello!” or “Greetings!” job scam email

These job scam emails appear to have come from compromised accounts at another Canadian university. Always evaluate whether the content of the email looks legitimate, even if it came from what would normally be a reputable source (even if it came from within UVic!).

This email has many of the typical signs of a job scam:

  • The email directs you to reply to an AOL email address from your personal email. If you are asked to apply to a job by contacting an address from a free email provider, in all likelihood it’s a scam. The request to shift to personal email is a tactic to shift the conversation to a place that UVic can’t monitor.
  • The salary is too good to be true.
  • There are no details about what the job involves.
  • There are grammatical errors including mistakes in capitalization.
  • The email claims to offer a job with the World Food Programme, but they did not send the message and the name of the contact person doesn’t match the name of the sender of the email.

If you replied to the scammer, contact the Computer Help Desk immediately for assistance.

Job scam email claiming to offer a generously paid part-time job with the World Food Programme

From: [redacted]@**********.ca
Subject: Hello!

I am sharing job opportunity information to anyone who might be interested in a World food programme Part-Time job with a weekly pay of $600.00. If interested, kindly contact Dr. Mattias on his email address. b******b@aol.com for details of employment.

You can contact him from your private E-mail address only.

“Work-Study Opportunity” and similar job scam emails

These job scam emails are very similar to previous ones we’ve written about. Scammers are continuing to try to take advantage of students’ financial need by offering a relatively generous amount of pay for a small amount of remote work.

Other red flags:

  • The email came from a Gmail address. A real UVic job offer would come from a UVic email address. Job offers sent from addresses from free email providers are typically scams.
  • The name of the sender doesn’t match the name of the professor supposedly offering the job. Inconsistencies like this can be a sign of a scam.
  • The scammer wants to shift the conversation to Google Chat. This is a common tactic to move the conversation away from UVic email to evade monitoring.

As always, if you replied to this email, contact the Computer Help Desk immediately for assistance.

Job scam email impersonating a UVic geography professor, sent from a Gmail address

From: Nwabueze Ekene Precious <[redacted]@gmail.com>
Subject: Work-Study Opportunity

The service of a student is urgently required to work part-time as a student assistant and get paid $250 weekly. Tasks will be done remotely and work time is 8 hours/week. To apply, kindly submit your resume and a Google chat email address to the Department of Geography via this email address to proceed.

Sincerely
D***********
Professor
Department of Geography
Office: [redacted]

Please find the attached

Just because a message appears to come from within UVic doesn’t necessarily mean it actually did. This example actually came from an external source but spoofs a UVic sender address.

Always be wary of unsolicited or unexpected emails that contain attachments since the attached file may contain malware, as is the case with this email’s ZIP attachment. The brief, vague message body that gives no indication of what the supposed documents are about is an additional red flag. If you clicked on the attachment, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

Vague email with a spoofed UVic sender that contains a malware-laced ZIP attachment

From: *******@uvic.ca
Subject: Please find the attached

Attachment: [ZIP file] Docs.zip (3 KB)

Please find the attached documents.

Thanks.
Khelmer

You have got an urgent message from The University of Victoria

This targeted phishing email takes the unusual step of asking you to send a text message to a phone number. Trying to quickly shift to a different communication method is often a red flag; phishers (and scammers) do this to move the conversation to a place that UVic can’t monitor. Real UVic communications will never ask you to send a text message to upgrade/keep/secure your account, and the fact that the phisher is using a phone number with a New York City area code is a further sign that the email is not legitimate.

Other red flags include:

  • The email was sent from a Gmail account. Note how the email system has added a warning that you don’t often get email from this address; this can be a sign that the sender is not someone you know already and may not be trustworthy.
  • The greeting is impersonal.
  • The email threatens you with an adverse impact to try and get you to act hastily.
  • There are a few grammatical errors and awkward wording choices.

If you texted the phone number in the email, disregard any instructions in any replies you receive and block the phisher’s phone number. You will also need to keep an eye out for future attempts to phish or scam you via SMS or phone calls as your phone number would now be in the hands of someone malicious.

Spear phishing email claiming to be from UVic when it actually came from a Gmail address. Instead of including a link, it asks you to text an American phone number.

From: ke*****1280@gmail.com on behalf of University of Victoria <g1*****+UniversityofVictoria@gmail.com>
Subject: You have got an urgent message from The University of Victoria

[You don’t often get email from g1*****+universityofvictoria@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification]

Dear User,
This is to let you know that our web-mail server will be upgraded and maintained soon.

If you don’t want your e-mail account to be terminated during the upgrade,

Send your “UV-UPGRADE” to (646) ***-****

You will receive instructions on how to upgrade your account via text message.

If you do not comply with the above, your email access will be disabled.
Please accept our apologies for any inconvenience this may cause.

Regards
System Administrator
University of Victoria

Please confirm receipt..

Always be extremely wary if you get an unsolicited email with a ZIP attachment, especially if the sender address isn’t one that you recognize. There’s a good chance the attachment contains malware, and that holds true for this example. The vagueness of the message and poor grammar are also red flags.

Do not click on the attachment–if you did, contact the Computer Help Desk or your department’s IT support person immediately! Also, do not forward these sorts of emails, even if your intent is to warn others, because forwarding the message inline will leave the attachment exposed where someone else can mistakenly click on it (it’s safer to send a screenshot instead).

Malicious email containing a malware-laced ZIP attachment.

From: ga******@******group.com
Subject: Please confirm receipt..

Attachment: [ZIP file] 87645345.zip (4 KB)

Hello,

Please acknowledge upon receipt of my today payment.
via (e-transfer)

Thanks

Irene Cordero.

Uvic Mandatory Multi-factor Authenticator

While it’s true that we are requiring everyone to enrol in UVic MFA, this email is not legitimate and is a case of quishing (QR code phishing). Here are the signs that this email is fraudulent and the QR code is not safe to scan:

  • Although the sender name mentions UVic, the email actually came from an external email address.
  • UVic is capitalized incorrectly and there are some wording errors in the message.
  • The email instills a sense of urgency by threatening expiry within a very short period of time, which is an attempt to trick you into acting hastily. Genuine emails of this nature will usually give you multiple notices well in advance of the deadline.
  • The email contains a QR code. Legitimate QR codes for MFA setup will never be sent by email. If a QR code is in an email, it’s usually because the scammer is using it to disguise a malicious link.

First half of MFA-themed quishing email - includes external sender and urgent language

Second half of MFA-themed quishing email - contains a malicious QR code that should not be scanned


From: Noreply_Uvic <greatfoob@grumpy******.ca>
Subject: Uvic Mandatory Multi-factor Authenticator
This message was sent with high importance.

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

[Microsoft Authenticator icon]

Microsoft 365 sign-in for multi-factor authentication

  • The multi-factor authentication for is set to expire within 24 hours.
  • Scan the barcode below to reauthenticate your multi-factor authentication within 24 hours and stay connected to Microsoft 365 apps and services.

[Malicious QR code]

Contact Microsoft help desk if you have any questions.

This email was sent from an unmonitored mailbox.
You are receiving this email because you have subscribed to Microsoft Office 365.
Privacy Statement
Microsoft Corporation, One Microsoft Way, WA 98052 USA
Microsoft

STATEMENT OF CONFIDENTIALITY The information contained in this email message and any attachments may be confidential and legally privileged and is intended for the use of the addressee(s) only. If you are not an intended recipient, please (1) notify me immediately by replying to this message; (2) do not use, disseminate, distribute or reproduce any part of the message or any attachment; and (3) destroy all copies of

Don’t sleep on this!

In these days when the cost of living is so high, the prospect of getting generous pay for part-time work would be appealing, but scammers are well aware of that and trying to take advantage. The following job scam claims to offer an opportunity with the UN World Food Programme, but in reality the email was sent from a compromised account at another Canadian university.

A major red flag is that the email asks you to reply to a Gmail address. A real UN job offer would not ask you to contact an email address from a free email provider like Gmail, Hotmail/Outlook or Yahoo. Also, the fact that the email contains grammatical errors is another sign that the offer is not legitimate.

Remember, if you receive a job offer out of the blue and it offers a generous salary for a minimal amount of casual part-time work, in all likelihood it is a scam. In general, if an offer sounds too good to be true, it probably is. If you replied to this email, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

Job scam email pretending to be from the UN World Food Programme

From: [redacted]
Subject: Don’t sleep on this!

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

I am sharing job opportunity information to anyone who might be interested in a World food programme Part-Time job with a weekly pay of $600.00. If interested, kindly contact Dr. Mattias on his email address.

(k*****02@gmail.com) for details of employment.

N.B, this is strictly a work from home position.

Remote Flexible Job

Job scams that pretend to be from the Red Cross seem to becoming more common. As with many other job scams that we’ve seen before, the scammer tempts people with a generous salary for a minimal amount of work. If a job offer arrives unsolicited and the compensation is too good to be true, you can be sure it’s a scam.

Other red flags that indicate that the offer is fake:

  • The email was sent from an address that does not belong to the Red Cross. A legitimate email from the Canadian Red Cross would come from a redcross.ca email address.
  • The message contains multiple grammatical errors.
  • You are asked to reply from your personal email–this is a trick to move the conversation off UVic email to evade detection.
  • Replies are to be sent to a different address from a Red Cross lookalike domain.
  • The confidentiality notice is not from the Red Cross.

If you replied to this email, cease contact with the scammer and reach out to the Computer Help Desk immediately for assistance.

Job scam email that pretends to be from the Red Cross


Subject: Remote Flexible Job
From: [redacted] <********@iconpln.co.id>

Distribution Assistant is vacant at the National Red Cross with a weekly pay of $500. 3 hrs. per day, 3 times a week is required for purchasing of online items and delivering them to foster/disable homes in your local community. To apply, send cv/application to Mammen at jobs@arc-******.com with your personal email.

NRC


This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.

REMINDER: Benefits Open Enrollment 2024. Review & Sign

HR or payroll-themed lures are commonly used for phishing emails. While this email claims to be from a UVic system, notice how the capitalization of UVic in the sender name is incorrect and the actual sender address is from outside of UVic. Both are red flags that indicate that this a phishing email; a genuine UVic Payroll or HR email should be coming from a UVic email address. Another bad sign is the fact that there is nothing in the message body except for a disclaimer and confidentiality notice that mentions some other external organization but not UVic.

This email also contains a .htm attachment. Do not open unsolicited or unexpected attachments whose names end in .htm or .html. These files are webpages, meaning that they could contain code that downloads malicious content or that redirects you to a malicious site. UVic InfoSec used a special secure environment to examine this file’s contents and found that it contains code to redirect you to a malicious site after a few seconds’ delay. If you opened the attachment, reach out to the Computer Help Desk or your department’s IT support staff for assistance.

Phishing email claiming to be benefits enrollment paperwork but that actually contains a malicious .htm attachment.

Subject: REMINDER: Benefits Open Enrollment 2024. Review & Sign
From: Uvic e-Service System <okita@****okita.com>
This message was sent with high importance.
Attachment: [webpage file] Open Enrollment 2024.htm (1018 bytes)

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Disclaimer: Confidentiality Notice: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the originator of the message. Any views expressed in this message are those of the individual sender, except where the sender specifies and, with authority, states them to be the views of A********x

Remote Job Opening

Job scammers are once again trying to take advantage of students who are in need of money to pay for tuition and necessities in these tough economic times. As in previous batches that we have seen and written about, the scammers impersonate a real UVic professor to make the job offer look legitimate. The red flags are the same as before:

  • The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
  • The name in the sender information does not match the name of the professor supposedly offering the job. Inconsistencies like this can be a sign of an impersonation scam.
  • The salary offered is too good to be true. $50/hour is more than triple the minimum wage in BC and a part-time student job is not realistically going to offer pay that high.
  • The email requests your Google Chat email. Scammers often request alternative contact information to move the conversation away from UVic’s defences and monitoring.

Therefore, do not reply to the email with your information. If you did, cease contact with the scammer and reach out to the Computer Help Desk for assistance.

Subject: Remote Job Opening
From: Emily Rauscher <*****emilyap5@gmail.com>

The service of a student/graduate student  is urgently required to work part-time as a research assistant and get paid $450 weekly. Tasks will be carried out remotely from home and work time is 9 hours/week.

If interested, submit a copy of your updated resume and functional google chat email address to our Department of Psychology via this email to proceed.

Sincerely
[name redacted]
Assistant Teaching Professor
Psychology
Office: COR A***