Author: Laura Chan

An employee of a local vendor had their email address compromised and used to send phishing emails. Notice the part that looks like a file attachment–it actually is a link to a malicious file on OneDrive.

If you receive emails that appear to come from someone you know but don’t quite look right, don’t reply and don’t click on the links. Instead, contact them via a phone number that you already have and know is safe. Also inform your department’s IT support staff and report the phish to the Information Security Office so that we can follow up as necessary.

This is not a legitimate UVic email; it is yet another phish that spoofs a UVic email address. Replies actually go to a Hotmail address.

Reminder: legitimate UVic communications will never ask you to send your login information via email.

This email was not sent by UVic; do not click on the link. The sender addresses of Outlook.Team@uvic.ca, Outlook-Web-App.Team@uvic.ca and Outlook.Web.App@uvic.ca have all been spoofed by the phisher to make the email look legitimate.

This is a spear phishing email pretending to be a notification related to UVic OWA. Subject lines are variable but all of them mention account migration. If you clicked on the link or entered your credentials, contact your department’s IT staff or the Computer Help Desk immediately.

Note the fake trusted sender banner that the phisher added.

This phish tries to imitate the appearance of a Microsoft Teams notification and uses a randomly-generated spoofed UVic sender address. But if you hover over the links for “uvic.ca Teams”, “docs.uvic.ca” and “View | Approve Document”, you will find that those links go to suspicious URLs that are not associated with UVic’s Microsoft Teams service.

This phish tries to get the recipient to send their credentials by email rather than using a link to a phishing website.

Remember: legitimate UVic communications will never ask you to email your password. Passwords should never be sent via email since it is not a secure method of communicating or storing them.

Sometimes an email will look like it came from a legitimate sender, but in reality the sender email was faked. This is called email spoofing, and the phish below gives a good example of that. Here, the phisher spoofed distributions@grants.gov, but a close look at the mail headers revealed that it did not come from grants.gov and replies to the message would actually be sent to a different, very suspicious-looking address.

This carefully-crafted spear phish for the most part looks like it could have been written by Jamie Cassels–but of course it wasn’t. One of my colleagues found that the phisher actually copied much of the wording from an April 22 open letter from the president of McMaster University.

If you recall opening the attached PDF, please contact your departmental support staff or the Computer Help Desk as soon as possible.

The CRA has a reference page on how to recognize scams here: https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html

The UVic email system did not add the “From a trusted sender” banner. The phisher added this fake banner to make the message look legitimate.