This is a particularly deceptive Canada Post phish. As you can see, the phisher spoofed a canadapost.ca sender address. But in addition to that, hovering over the link revealed a destination that looked extremely similar to the real Canada Post site.
This spear phish used the recipient’s UVic email address as the spoofed sender. While the link looks like it goes to a page on www.uvic.ca, if you were to hover over it you would see that it actually goes to a phishing site on a third-party hosting provider.
Update: security scanners indicate this link may trigger a malware download. Definitely do not click on it; if you did, contact your department’s IT staff or the Computer Help Desk immediately.
In this case, the phisher used admin@uvic.ca as the display name to make this message look legitimate. However, the sender address clearly shows that the message did not actually come from UVic.
This email claims to come from the UVic no reply address but that has been spoofed. The password expiry notification is fake and did not originate from either Microsoft or UVic. Do not click on that link–if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.
This message has a sender address of noreply@uvic.ca but that was spoofed; this message definitely did not come from UVic and the links all go to a phishing page.
This phish has a spoofed sender of no-reply@secure.outlook.com, but in reality it did not come from Outlook.com. The link goes to a fake OWA login page on a site that is not affiliated with either Microsoft or UVic. Do not click on that link–if you did, contact your department’s IT support staff or the Computer Help Desk immediately.
The link in this spear phish may look like a UVic site, but if you hover over it you will discover that it actually goes to some other site that isn’t affiliated with UVic. Do not click on that link–if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.
The phishing link in this message goes to a fake OWA page that is actually a Weebly site. If you clicked on this link, please contact your department’s IT support staff or the Computer Help Desk immediately.
The message in French at the end basically says the message was automatically scanned by an email virus scanner. This was probably added by the phisher in an attempt to make the email look safe. For this reason, notes about antivirus scanning at the end of an email should not interpreted as a sign that the email is actually legitimate or trustworthy.
This phish used a spoofed sender of postmaster@uvic.ca or postmaster@local.uvic.ca, but originated from an external source and is definitely not legitimate. Also note the “trusted source” banner–this was not added by our mail system, but by the phisher to make the message look legitimate.
Do not click on the links in this email; if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.
This type of resume/job application phish is nothing new, but what is somewhat more unusual is the fact that the phisher has made a slight (though not very good) attempt to target UVic. They even tried to address the recipient personally, but in this case they actually got their first name wrong. But what hasn’t changed is the nastiness of the attachment–do not open it as it will contain malware!
