Author: Laura Chan

Job scams aren’t the only way that scammers try to take advantage of students in financial need–they are also sending out scam emails claiming to offer grant money. In this case, the tantalizing offer of a few thousand dollars that don’t need to be paid back is very likely to be a pretext for a cheque overpayment scam.

Notice how the email says you are supposed to use almost half of the funds for “humanitarian service for a disabled student”. In all likelihood, that means that the scammer will tell you to cash the cheque and then send some of the money to another person or bank account specified by the scammer. A few days after you do that, the cheque will bounce and the money you transferred will effectively come out of your own funds, meaning you’ll have lost a non-trivial amount of money. (Also, the scammer’s math doesn’t add up; $2700 + $2200 = $4900 and that’s more than the amount on the cheque!)

In addition to the above, there are many other red flags:

• The email was not sent from UVic, a provincial government (such as gov.bc.ca), or the federal government (canada.ca or something ending in gc.ca).
• You are told to apply by emailing an Outlook.com email address. If you are told to contact an address from a free email provider, the grant is very likely to be a scam.
• The scammer wants you to reply from your personal email and provide your mobile phone number. Scammers use this tactic to move the conversation away from UVic’s monitoring and security controls.
• The scammer also asks you to email other personal information like your address and where you bank.
• The greeting is impersonal.
• The email contains awkward wording and grammatical errors.
• The signature of “Canada Student Grant” is vague/generic and does not mention UVic or a specific government department.
• While the message looks like normal text, the whole thing is actually an image–that’s a strong sign that the message is not legitimate and the scammer has done that to evade spam filters.

If you replied to this email, cease contact with the scammer and reach out to the Computer Help Desk immediately for assistance.

From: [redacted]@[redacted].net
Subject: Dear Qualified Student

You don’t often get email from [redacted]@[redacted].net. Learn why this is important.

Dear Qualified Student,

Your 2024 Grant has been approved and payment check is ready for immediate disbursement

Take note this is a grant, and you’re not obligated to pay back. We believe this will help students in containing educational fees and personal bills.

The payment will come via Check for MOBILE DEPOSIT, and this is because of theft and loss of pay checks in the mail delivery by Canada Post, UPS/FedEx etc.

The grant board will issue you a check of $4,700.00. However, your approved grant amount is $2,700.00 and $2,200.00 slated for you to carry out a humanitarian service for a disabled student whose details will be sent to you once the grant funds have been made available. This is a general outreach to support students and to also support other disabled/less privileged individuals within the student Community.

Kindly reconfirm the below to begin the immediate claims process.

Full Names:
Mobile Number:
Address (Postal code included)
Specify name of Bank (TD, RBC, BOM, CIBC SCOTIA ETC)
Age:
Personal email:

Important Note: you are to contact the claims officer Mr Neil Trotter on ([redacted]@outlook.com) and your email to him must come from your personal email account (Gmail, Yahoo, Hotmail, iCloud etc) and not your school email. Failure to comply to this simple instruction means your eligibility for this grant will be disregarded.

Contact Person: Neil Trotter
Contact Email: [redacted]@outlook.com

Only send application to the above email address [redacted]@outlook.com

I await your prompt response.

Regards,
Canada Student Grant

Like we’ve seen many times before, job scammers are impersonating real UVic professors or staff and targeting students looking for extra income to help pay for essentials when the cost of living remains so high. This latest batch is more elaborately written than many of the previous ones we’ve seen and may have been composed with the help of generative AI. Despite that, many of the typical red flags are still present:

• The email came from a Gmail address and instructs you to apply by contacting a separate Mail.com address. If you receive an unsolicited job offer where either the sender or the reply address are from free email providers, it’s probably a scam.
• The salary is too good to be true–$350 per week for only 6-7 hours of remote work is well above the typical wage for co-op or other student jobs.
• The scammer requests your phone number, which may be a ploy to move the conversation away from email to evade our security controls.
• There are still a few errors in the message text, such as incorrect capitalization, awkward wording, and the lack of a name in the signature block.

If you apply for a job and are told you were the successful candidate without going through an interview or otherwise meeting your employer first, it’s very likely to be a scam. And if you are told to buy and send gift cards or transfer money to someone else, definitely do not proceed!

If you replied to the scammer, cease contact and reach out to the Computer Help Desk immediately for assistance.

From: CAMPUS JOBS <[redacted]@gmail.com>
Subject: Research Assistant Position

You don’t often get email from [redacted]@gmail.com. Learn why this is important.

HR Job title: Remote Research Assistant

Supervisor: Dr. [redacted]

Work Study: Applicants can be work-study or non-work-study students. Both undergraduate and graduate students are encouraged to apply. University of Victoria, Centre for Social and Sustainable Innovation is currently hiring Undergraduate or Graduate Students to fill the position of Research Assistant Position on a part time basis of $350 weekly.

Department Required Skills

– Highly motivated, with strong organizational and communication skills.
-Excellent problem-solving skills
-Team player who can work in a fast-paced environment with a multi-disciplinary team.

Preferred Years Experience, Skills, Training, Education

-Experience primarily using Windows operating systems
-Ability to adequately use Microsoft Excel.

This is a part-time position with a flexible schedule, and the successful candidate will work approximately 6-7 hours for $350  weekly. The position offers valuable research experience, and the opportunity to work with a dynamic and collaborative research team on campus.  As a Part-Time Remote Assistant Position you will play a crucial role in supporting me as I work with our partners and stakeholders to ensure that our programs and initiatives are making a real different in the lives of children around the world. Your responsibilities will include assisting with administrative tasks, organizing meetings and events, helping to manage communications and correspondence, handle mailing, making payments and purchasing Items when needed.

To proceed with the application process and other eligibility descriptions, submit your resume for review, functional phone number and year of study via this email address ([redacted]@mail.com) to receive further information on the position.

Best regards,
(he/his/him)
3800 Finnerty Road,
Victoria BC  V8P 5C2 Canada
https://www.uvic.ca/

This phish makes a tantalizing offer of up to $3,500 in financial assistance to tempt people to click on the link. However, the form that appears is a phishing site that first requests your username and password, and then tries to defeat MFA by telling you to be ready to confirm the login on your device.

The email is better-written than most phish, but there are still a few red flags that indicate that this offer is not genuine:

• The email did not come from a UVic email address
• The signature is generic and impersonal
• The message does not mention UVic anywhere–there is only a generic reference to “the University”
• Hovering over the link reveals that it goes to a non-UVic website

If you clicked on the link, contact the Computer Helpdesk or your department’s IT support staff immediately for assistance.

---

From: [redacted]@[redacted].us
Subject: FW: University Support Program

You don’t often get email from [redacted]@[redacted].us. Learn why this is important.

In response to the economic challenges we’re all facing, I’m excited to announce the launch of a Financial Support Program designed to help both staff and students at the University.

PROGRAM DETAILS:

• Start Date: October 8, 2024
• Eligibility: All university staff and students
• Financial Assistance: Up to $3,500 per eligible applicant
• Duration: Program available through December 31, 2024

We understand how overwhelming these times can be, and we’re committed to providing support where it’s needed most.

HOW TO APPLY:

1. Visit the Support Program [link] webpage.
2. Follow the simple step-by-step application process.
3. Ensure all required information is submitted.

If you think this program could benefit you, don’t hesitate to apply! We hope it brings some relief and reassurance.

Sincerely,

Employers Support Services

UNESCO job scams are making the rounds once more. Here are the signs that the job offer is not legitimate:

• The emails did not come from UNESCO or the UN (the scammer seems to have abused compromised accounts belonging to a national government).
• The emails tell you to contact a different address on Outlook.com. Job offers that tell you to apply by contacting an email address from a free email provider are very likely to be scams. Also, it’s suspicious that they did not provide a full name for the contact person.
• The message contains awkward wording and poor grammar.
• The salary is likely to be too good to be true for part-time remote work, especially if there turns out to be no interview or no knowledge/experience requirements.

We also recommend you check out our other posts on job scams for additional tips.

If you contacted the scammer, reach out to the Computer Help Desk or your department’s IT support staff immediately for assistance.

---

From: [redacted]@****.gov.m*
Subject: Part-Time job

I am sharing job opportunity information to anyone who might be interested in a paid UNESCO Part-Time job with a weekly pay of $750.00. If interested, kindly contact  Sarah on her email address. ([redacted]@outlook.com) for details of employment.

N.B, this job is strictly a work from home position.

In this targeted phish, the phishers use the appeal of a salary increase to get you to open the PDF and click on the link inside it. Red flags to watch out for:

• The email did not come from a UVic email address.
• The greeting is impersonal.
• There are errors in spelling, punctuation and grammar. If you are very sharp-eyed, you might also notice that lowercase a’s have been replaced with lowercase Greek letter alpha.
• Official university emails would not use difficult-to-read light green text.

If you opened the attachment, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

---

From: University of Victoria <*******@*******n.edu>
Subject: Salary Adjustment Acknowledgement
Attachment: [PDF icon] UVIC-protected.pdf [59 KB]

You don’t often get email from ********@*******n.edu. Learn why this is important.

Deαr Emplοyees,

I αm hαppy to let you knοw that yοur salary increase has been apprοved. We appreciate yοur hαrd wοrk and dedicαtion to The University of Victoria, and this αdjustment reflects yοur cοntributions appropriately.

Stαrting from 26 July 2024, your sαlαry will be increαsed by 16⋅82 percent.
This αdjustment αcknοwledges yοur effοrts and αligns with our cοmmitment to recοgnizing αnd rewαrding our vαluαble emplοyees.

NΟTE: Your Αccess is needed to go thrοugh the sαlαry increment letter, Initial Αccess is Salary

We lοk fοrward to yοur cοntinued successful input at The University of Victoria

Pαyrοll & Emplοyee Relαtiοns

Job scams impersonating UNESCO and other UN agencies are something we see on a regular basis. By offering a generous salary for only a few hours a week of simple remote work tasks, these unscrupulous scammers prey on students looking for extra money to cover the cost of tuition, rent and other necessities. The red flags in the email message are the usual ones:

• The email did not come from a UNESCO or UN email address, nor did it come from a UVic sender.
• The salary is too good to be true for part-time remote work.
• The email contains grammatical errors and awkward wording.
• You are told to send replies to an Outlook.com email address. If a job offer asks you to contact an address from a free email provider, there is a very high chance that the offer is a scam.
• You are asked to reply from your personal email address. Scammers do this to shift the conversation away from UVic’s email security controls and avoid detection.

If you contacted the scammer, reach out to the Computer Help Desk or your department’s IT support person immediately for assistance. If you opened the attachment, update your computer’s antivirus and perform a full scan as a precaution.

If there is no job interview before you’re accepted into the position, or you never get to meet your supposed employer (either in person or by video call) before you start working, that is a very strong sign of a job scam. If any of the following occur, do not proceed!

• You are told to share your UVic or other login credentials–never share those with anyone!
• You are asked to purchase gift cards, then send photographs of them with the PIN revealed. Don’t do this even if you were given a cheque beforehand–that cheque will probably bounce and you’ll lose the money used to purchase the cards.
• You are given a cheque to deposit in your account and told to send part of the amount to someone else. This may be a cheque overpayment scam (the cheque you received would eventually bounce, meaning the money you sent would come from your own funds), or the scammer may be trying to use you as an unwitting money mule to launder money.

---

From: N****** <[redacted]@quadro.net>
Subject: Part-Time job.
Attachment: [Word document icon] UNESCO JOB (1).docx

You don’t often get email from [redacted]@quadro.net. Learn why this is important.

—
Job opportunity information to anyone who might be interested in a paid UNESCO Part-Time job with a weekly pay of $750.00. If interested, kindly contact Cargill on his email address. ([redacted]@outlook.com) with your alternate non-educational email address I.e., Gmail, yahoo, Hotmail etc.) for further details of employment.

N.B, this job is strictly a work from home position.

If you get an unsolicited email that offers to give away something valuable for free and it’s not from someone you know, it’s probably too good to be true. This is very likely to be the case when someone says they are giving away a late family member’s grand piano–emails of that sort are a common scam. Some versions may even attach photos of the supposed piano, but they’re probably stock images or ripped off of somebody else’s listing. If you are told to reply from personal email or a different communication method, that is a red flag as well; scammers do this to move the conversation away from UVic email to avoid detection.

If you reply to indicate you’d like the piano, you’ll be told to contact and pay a “moving company” to ship the piano from out of town, but the moving company will turn out to be fake and you’ll never receive a piano after you’ve paid up. In general, it’s extremely risky to pay a random person or moving company for a piano (or other item of value) sight unseen; the item may not actually exist or not be what you were expecting.

Watch out for versions of the scam that impersonate real people at UVic. If the email was not sent from a UVic email address, or you’re instructed to contact an email address that is not from UVic, you can be certain the email is a scam. If in doubt, don’t reply to the email–to determine the email’s legitimacy, contact the person through another method that you know is safe (e.g.: using the contact information on their directory entry or by asking in person). Sometimes, one name will correspond to a real person at UVic but the other one will not, which is another sign of a scam.

---

From: Paulina Hagerman <s*********8@gmail.com>
Subject: Yamaha baby grand 05/13/2024

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hello,

I’m offering my late husband’s Yamaha Piano to any music enthusiast who may appreciate it. If you or someone you know might be interested in receiving this instrument for free, please feel free to reach out to me.

Warm regards,
Paulina

From: [impersonated UVic employee] <[redacted]@gmail.com>
Subject: Yamaha Piano donation

Attachments: [Three thumbnail images showing a Yamaha baby grand piano from different angles]

Dear Student /Staff/Faculty,
One of our staff, Mr.Stephen Whitehead. is looking to give away his late dad’s piano to a loving new home. The Piano is a 2014 Yamaha Baby Grand size used but still new. Kindly write to him to indicate your interest on his private email( [redacted]@mail.com) to arrange an inspection and delivery with a moving company. Kindly write Mr. Stephen Whitehead via your private email for a swift response.

[impersonated UVic employee]
Assistant to the Dean
https://www.uvic.ca

This phish specifically targets UVic and contains many of the classic red flags:

• The email was sent from someone outside of UVic
• The greeting is impersonal
• The message creates a sense of urgency and threatens you with an adverse impact
• The message contains many grammatical errors
• The signature is generic and doesn’t mention UVic

Hovering over the link without clicking on it (or holding down your finger on it on a mobile device) will reveal that the link goes to a page from a free online form builder. A legitimate UVic login page would not be hosted on an online form builder.

If you entered credentials on the phishing page, change your password immediately and contact the Computer Help Desk or your department’s IT support person.

---

From: [redacted]@h******.se
Subject: University of Victoria_Update

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hello user,

This is the last and final notice or our administrator will disable your access to your email.

Please click here to upgrade your University Of Victoria_Update your account security by completing the required details to avoid the deactivation of your University of Victoria edu account.

A cordial greeting wu,
IT Service Desk (c)2024

Who wouldn’t like a salary increase, especially when the cost of living continues to be so high? But that’s precisely the feeling that phishers are trying to take advantage of when they create these kinds of phishing emails. Here are some signs that the email is not legitimate:

• Although the message claims to be from payroll@uvic.ca, the sender information shows the email was actually sent from a non-UVic address.
• The message greets you with your email address instead of your name.
• The capitalization of UVic is wrong, there’s a spelling error in the sender name, and the wording of the message is awkward.
• The email creates a sense of urgency to get you to act hastily.
• Hovering over the link shows that it does not go to uvic.ca.

From: HR Deparment | uvic.ca e-Sign <yonet926@********.ne.jp>
Subject: Uvic Employee Salary Increase Approval 2024/25

This message was sent with high importance.

Hi ********@uvic.ca,

HR Department (payroll@uvic.ca) shared a new pdf file “Uvic Employee Salary Increase Approval Letter.pdf”  with you securely for your urgent attention.

VIEW DOCUMENT [phishing link]
1 item, 54.5 KB in total · Expires on 29 March, 2024

Report to uvic
© 2024

Job scammers are continuing to try to take advantage of students looking for extra cash to help pay for tuition, housing and other essentials in these times when the cost of living is so high. Below is yet another job scam that impersonates a real UVic professor.

For more information on job scams and how to spot them, see also these guides from CBC News and TD Bank.

Red flags to watch out for

• The email came from a Gmail address. A real UVic job opportunity should be announced from a UVic email address. Ones that come from a free email provider like Gmail or Outlook are probably scams.
• The pay is too good to be true for a part-time student job that requires no prior experience and is open to anyone.
• The offer implies that there will be no job interview before you get assigned a work schedule. A legitimate job should give you a chance to meet the employer in person or on a video call before you accept an offer. If you are accepted without an interview, the job is very likely to be a scam.
• The email asks you for an alternate email address and cell phone number. Scammers often do this to shift the conversation away from UVic email and evade monitoring.
• The subject line contains punctuation errors.

Common methods that the scammers use to steal money from people who reply

• They ask you to purchase gift cards from a local store and send photos of the cards with the PINs revealed. That gives the scammer the information needed to use the funds on the cards. The scammer either will not reimburse you at all or give you a cheque that will ultimately bounce a few days later.
• They give you a cheque to deposit and tell you to transfer some of the funds to another person and keep the remaining funds (cheque overpayment scam). A few days later, the cheque will bounce, meaning the amount you transferred is gone from your own funds.

If you replied to the scammer, reach out to the Computer Help Desk immediately for assistance.

From: Dr. [redacted] PhD.
Subject: #Your Invitation to participate..

You don’t often get email from dg3******@gmail.com. Learn why this is important.

Hello,

If you may be interested in working as a temporary research aide collecting data remotely and earning $300 weekly, indicate interest by providing the required information below and I will send you a follow-up email detailing your work schedule.

This is an adaptable job that requires no prior experience irrespective of your major discipline.

Full Name:
Cell #:
Alternate email:

Regards,

Dr. [redacted] PhD.
Professor,
Health Information Science
HSD Building, A***
Victoria BC   Canada

Always be wary of unexpected or unsolicited emails that contain attachments as they may contain malware. The vagueness and generic nature of this message should be a red flag and may be a ploy to get you to click on the attachment. Since the message does not address the recipient by name and provides no information about the supposed payment, it’s likely that it was a mass mailout and therefore not a legitimate invoice.

If you’re inclined to think that the attachment should be harmless because SVG is an image format, think again! SVG files can actually contain embedded scripts, meaning they can be laced with malware, which is definitely the case for this sample. If you clicked on this attachment, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

From: allen.lopez@o******.com
Subject: Payment Confirmation

Attachment: [Generic file icon] RTVBAS05GDBA09.svg (2 KB)

Payment Received, attached is your invoice.

These job scam emails appear to have come from compromised accounts at another Canadian university. Always evaluate whether the content of the email looks legitimate, even if it came from what would normally be a reputable source (even if it came from within UVic!).

This email has many of the typical signs of a job scam:

• The email directs you to reply to an AOL email address from your personal email. If you are asked to apply to a job by contacting an address from a free email provider, in all likelihood it’s a scam. The request to shift to personal email is a tactic to shift the conversation to a place that UVic can’t monitor.
• The salary is too good to be true.
• There are no details about what the job involves.
• There are grammatical errors including mistakes in capitalization.
• The email claims to offer a job with the World Food Programme, but they did not send the message and the name of the contact person doesn’t match the name of the sender of the email.

If you replied to the scammer, contact the Computer Help Desk immediately for assistance.

From: [redacted]@**********.ca
Subject: Hello!

I am sharing job opportunity information to anyone who might be interested in a World food programme Part-Time job with a weekly pay of $600.00. If interested, kindly contact Dr. Mattias on his email address. b******b@aol.com for details of employment.

You can contact him from your private E-mail address only.

These job scam emails are very similar to previous ones we’ve written about. Scammers are continuing to try to take advantage of students’ financial need by offering a relatively generous amount of pay for a small amount of remote work.

Other red flags:

• The email came from a Gmail address. A real UVic job offer would come from a UVic email address. Job offers sent from addresses from free email providers are typically scams.
• The name of the sender doesn’t match the name of the professor supposedly offering the job. Inconsistencies like this can be a sign of a scam.
• The scammer wants to shift the conversation to Google Chat. This is a common tactic to move the conversation away from UVic email to evade monitoring.

As always, if you replied to this email, contact the Computer Help Desk immediately for assistance.

From: Nwabueze Ekene Precious <[redacted]@gmail.com>
Subject: Work-Study Opportunity

The service of a student is urgently required to work part-time as a student assistant and get paid $250 weekly. Tasks will be done remotely and work time is 8 hours/week. To apply, kindly submit your resume and a Google chat email address to the Department of Geography via this email address to proceed.

Sincerely
D***********
Professor
Department of Geography
Office: [redacted]

Just because a message appears to come from within UVic doesn’t necessarily mean it actually did. This example actually came from an external source but spoofs a UVic sender address.

Always be wary of unsolicited or unexpected emails that contain attachments since the attached file may contain malware, as is the case with this email’s ZIP attachment. The brief, vague message body that gives no indication of what the supposed documents are about is an additional red flag. If you clicked on the attachment, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

From: *******@uvic.ca
Subject: Please find the attached

Attachment: [ZIP file] Docs.zip (3 KB)

Please find the attached documents.

Thanks.
Khelmer

This targeted phishing email takes the unusual step of asking you to send a text message to a phone number. Trying to quickly shift to a different communication method is often a red flag; phishers (and scammers) do this to move the conversation to a place that UVic can’t monitor. Real UVic communications will never ask you to send a text message to upgrade/keep/secure your account, and the fact that the phisher is using a phone number with a New York City area code is a further sign that the email is not legitimate.

Other red flags include:

• The email was sent from a Gmail account. Note how the email system has added a warning that you don’t often get email from this address; this can be a sign that the sender is not someone you know already and may not be trustworthy.
• The greeting is impersonal.
• The email threatens you with an adverse impact to try and get you to act hastily.
• There are a few grammatical errors and awkward wording choices.

If you texted the phone number in the email, disregard any instructions in any replies you receive and block the phisher’s phone number. You will also need to keep an eye out for future attempts to phish or scam you via SMS or phone calls as your phone number would now be in the hands of someone malicious.

From: ke*****1280@gmail.com on behalf of University of Victoria <g1*****+UniversityofVictoria@gmail.com>
Subject: You have got an urgent message from The University of Victoria

[You don’t often get email from g1*****+universityofvictoria@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification]

Dear User,
This is to let you know that our web-mail server will be upgraded and maintained soon.

If you don’t want your e-mail account to be terminated during the upgrade,

Send your “UV-UPGRADE” to (646) ***-****

You will receive instructions on how to upgrade your account via text message.

If you do not comply with the above, your email access will be disabled.
Please accept our apologies for any inconvenience this may cause.

Regards
System Administrator
University of Victoria