Author: Laura Chan

This phish may look like it came from the CRA, but don’t trust that sender information–in this email, it is spoofed!

If you were to hover over any of the links, you would see that it although they contain “cra-grc”, the site is not canada.ca or cra-arc.gc.ca, so it is dangerous to click on those links. The destination is actually a very realistic copy of the CRA login page designed to steal your login credentials.

The CRA has some tips on how to recognize scams here: https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html

What appears to be happening here is a phisher created a Google Form and then made a bogus submission where they entered someone else’s email address. The result: that other person is emailed a genuine Google Forms submission receipt  but the content of that email is actually phish.

Phishers often abuse legitimate services like Google Docs or Forms to send and/or host phishy content. If you receive an email notification from a service like that, think about whether it’s related to an action you remember doing or if it’s something you were expecting from someone you know. If not, it’s probably phish, so don’t click on any links.

Package delivery phishes are very common nowadays with the increase in online shopping due to COVID-19.

This phish used the recipient’s own email address as the spoofed sender.

This phish with a spoofed UVic sender address tries to convince you that you need to click on the link to help improve your privacy and security. But hovering over that link shows that it actually leads to a non-UVic site, so of course, clicking it would achieve the opposite outcome.

While this message claims to be from noreply@uvic.ca, that is fraudulent (spoofed sender again). This phish also uses individualized click-tracking links, so don’t click on them–the phisher is probably watching to see who clicked.

This email tries to look legitimate by posing as a UVic SharePoint notification and by adding a fake “secure” banner. However, the sender is not from UVic, nor is the link, so don’t click on it.

A very generic, poorly-targeted phish targeting higher education in general. The sender is probably spoofed.

Yet another fake Outlook notice.

This phish also spoofs a UVic sender address, but also did not come from UVic and actually goes to a fake OWA login page. Remember that the real Computer Help Desk will never send you an unsolicited email telling you to click on a link to do something about your password.

This is yet another spear phish that spoofs a UVic sender but did not come from UVic. It actually goes to a fake OWA login page.

Remember: treat any files that are not from UVic-managed file sharing services with caution, especially if you were not expecting them.

This phish tries to create a sense of urgency to get you to click on the link, which goes to a phishing site that resembles a UVic Microsoft 365 login page. Don’t click on the link–if you did, contact your department’s IT support staff or the Computer Help Desk immediately, and indicate whether you submitted credentials as this site might also be using tactics to trick you into granting ongoing access to your Microsoft 365 account.

This is a particularly deceptive Canada Post phish. As you can see, the phisher spoofed a canadapost.ca sender address. But in addition to that, hovering over the link revealed a destination that looked extremely similar to the real Canada Post site.

This spear phish used the recipient’s UVic email address as the spoofed sender. While the link looks like it goes to a page on www.uvic.ca, if you were to hover over it you would see that it actually goes to a phishing site on a third-party hosting provider.

Update: security scanners indicate this link may trigger a malware download. Definitely do not click on it; if you did, contact your department’s IT staff or the Computer Help Desk immediately.