This message has a sender address of noreply@uvic.ca but that was spoofed; this message definitely did not come from UVic and the links all go to a phishing page.
Author: Laura Chan
IT helpdesk
Password Expiry Notification
This phish has a spoofed sender of no-reply@secure.outlook.com, but in reality it did not come from Outlook.com. The link goes to a fake OWA login page on a site that is not affiliated with either Microsoft or UVic. Do not click on that link–if you did, contact your department’s IT support staff or the Computer Help Desk immediately.
New Payroll Changes
The link in this spear phish may look like a UVic site, but if you hover over it you will discover that it actually goes to some other site that isn’t affiliated with UVic. Do not click on that link–if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.
Important note: review your packet.DE9712458389
RE:Admin, Staff Self-service 2020
The phishing link in this message goes to a fake OWA page that is actually a Weebly site. If you clicked on this link, please contact your department’s IT support staff or the Computer Help Desk immediately.
The message in French at the end basically says the message was automatically scanned by an email virus scanner. This was probably added by the phisher in an attempt to make the email look safe. For this reason, notes about antivirus scanning at the end of an email should not interpreted as a sign that the email is actually legitimate or trustworthy.
Sync error
Undelivered Mail
This phish used a spoofed sender of postmaster@uvic.ca or postmaster@local.uvic.ca, but originated from an external source and is definitely not legitimate. Also note the “trusted source” banner–this was not added by our mail system, but by the phisher to make the message look legitimate.
Do not click on the links in this email; if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.
Office Update
New Microsoft Outlook for Staff/Employee
Job Application
This type of resume/job application phish is nothing new, but what is somewhat more unusual is the fact that the phisher has made a slight (though not very good) attempt to target UVic. They even tried to address the recipient personally, but in this case they actually got their first name wrong. But what hasn’t changed is the nastiness of the attachment–do not open it as it will contain malware!
A UVic-targeted variant of the usual advance fee scam
No doubt you’ve all seen a classic advance fee scam. A stranger emails you asking for assistance in transferring a large amount of wealth that they say they own but can’t access, offering you a cut of it in return. Most of the time, these scams are sent en masse and not targeted to the recipient.
However, a bunch of UVic employees recently received a more targeted variant of this scam where the writer poses as someone wanting to come to UVic:
Those who reply will receive a lengthy letter back. For brevity’s sake I won’t post the whole thing, but here’s the part that makes it clear that this is just another advance fee scam. Note: you can right-click on the image and choose to open it in a new tab or window to view it at full size if the font is too small for your liking.
“Job Offer” and “Online Job Offer” work from home scams
For more information about work from home scams, see this news article: https://toronto.ctvnews.ca/better-business-bureau-warning-about-these-work-at-home-scams-1.5000409
Security Alert: Your password will expire in 3 days
Note how this spear phish spoofed a UVic email address. While it might look like it came from UVic, it actually came from an external third-party. The link is not a uvic.ca site either, so don’t click on it. If you did, contact your department’s IT support staff immediately.
Pending messages couldn’t be delivered, Inbox Full 9/7/2020
This spear phishing email pretends to be a notification for the legitimate webmail.uvic.ca service, but hovering over that link reveals that it does not go to a UVic site. Do not go to that site–if you did click on the link, please contact your department’s IT support staff immediately.