Document shared with you: “Summer Faculty Bonus.docx”

Another massive phish today comes from google docs and points to a malicious document. The subject contains the name of the document.

Please do not open the document and do not enter any credentials.
A screenshot of the phish is shown below.

 

 

Andrew Shepherd shared a document
Andrew Shepherd (***.edu) added you as an editor. Verify your email to securely make edits to this document. You will need to verify your email every 7 days. Learn more[link to the malicious document]

Vasco Gabriel shared a file with you.

Summer Faculty Bonus.docx

Open[link to the malicious document]

Use is subject to the Google Privacy Policy[link to the google policy].

Account Storage

This phish is circulating since yesterday. It is clearly coming from some external email address. There is no personal greeting, and the whole text is pretty common, it does not even try to imply it was UVic related. The goal of course is to harvest credentials. Please do not be curious and do not click these links because sometimes they may contain malware to infect your computer instantly.

Screenshot of the phish message with subject "Account Storage"

Subject: Account Storage

We have noticed some unusual activity and the warning limit of your storage email account. To ensure the security and increasing your mail storage, please click the button below:

Increase Mail Storage[link to phish]

If you cannot click the button, please click here.
Administrator
Help Desk

RE: Technical service – Mailbox authentication Updates

Many UVic addresses received this phish today.
The sender is clearly external, the body does not make too much sense and contains mistakes. The link points to a fake login page that will be turned down soon. (Please do not be curious and do not click on these links, because they may contain malware to infect your computer instantaneously).

Subject: RE: Technical service – Mailbox authentication Updates

All Employee, Student And Staff

We are currently running an upgrade on all active OWA Outlook accounts, in order to complete the upgrade automatically, you must initiate the upgrade manually by visiting the OUTLOOK WEB PORTAL[link to the fake login page]. The upgrade will take effect 4 Working Day

Any Outlook accounts that have not been upgraded during this time will be classified as inactive, which may result in account deactivation/closure.

 

Approved request for Uvic.ca on 31 May 2023

This phish is in circulation. There is nothing in the body of the message besides a little image at the bottom which appeals to consider the environment before printing this email. The subject suggests some UVic related business without specifying what. The attachment is a malicious .htm file. Please do not open it.
The sender we see so far is some compromised email address in Germany, but there could be other ones too. In any case – be very cautious with htm attachments – do you know the sender, do you expect a message like that, etc.

Job Vacancy

This is another popular phish today. The subject may vary – “Vacancy”, “Job Vacancy” etc, and the sender can be another UVic address or the recipient’s address.  This is a typical job scam. What they rely is the “Reply-to” address,
that’s the address were your reply goes and in this case it is an address in gmail.

Please do not reply and do not open the attachment.
Do not engage with the scammer via email or SMS and do not forward these emails around. If you responded to the scam, contact the Computer Help Desk immediately for assistance, especially if you sent personal information or money.

 

Transcript:

Sender: some @uvic.ca address
Subject: Job Vacancy
Attachment: (1) Work From Home.docx

I am sharing a job vacancy with students, staff and individuals who might be interested in UNICEF paid job of 500 per week. See attachment for details.

Kind regards

—-end of the transcript—

Attention

This phish is circulating today. The sender shown on the screenshot is clearly external but there could be internal spoofed senders. The goal, as usual, is to apply scary tactics so that the victim acts quick, clicks the fake login link and enters their UVic credentials.

Transcript of the message:
Sender: <some external address in .vn>
Subject: ATTENTION

Your Email account has exceeded the storage limit set by the administrator due to hidden files, Kindly click UPDATE to validate your account.

Copyright (C) 2023 Web Admin

—end of the transcript—

ALL Staff Application

Many UVic recipients reported this phish today.

It clearly comes from an external address, uses the usual scary tactics to make you act fast and as usual leads to a fake login page designed to steal your UVic credentials.
Please do not be curious and do not click on such links as they may contain malware to infect your computer instantly.

Your E-mail (netlink@uvic.ca) is Due For Upgrade -[Ticket ID: 683541]

Many uvic recipients reported this phish today. In all cases it uses the recipient address to spoof the actual sender. This way the email looks like coming from the recipient themselves. The “ticket number” in the subject is using some sort of random number generator, so it is also different every time.
There are other variations of the subject, for example:

Your E-mail (netlink@uvic.ca) will expire soon -[Ticket ID: xxxxxx]

Your E-mail (netlink@uvic.ca) Requires Verification -[Ticket ID: xxxxxx]

In all cases there is a malicious .shtml file attached.
The name of that file is:  uvic.ca-update-form.shtml
(but could be different of course)

Please do not open these attachments, they contain malware.

A screenshot of the phish is shown below:

UVic Alerts

This is another very “popular” phish today.

It made effort to sound legit, it contains helpdesk@uvic.ca at the bottom and the sender may appear as an internal one to add to the sense of legitimacy.

Similarly to the job scam we posted about below, this phish uses the trick to put the whole message in a bitmap. It only looks like text with a link, but the whole body is a single picture. That picture is linked to the malicious website. This way
the victim may click somewhere on what looks like text, thinking it was safe. That would immediately trigger their web browser to open the malicious web page.
Please be careful with clicks and don’t be curious. If in doubt – ask your desktop support person or the Helpdesk.

Opening

This job scam is circulating today. It contains an attachment and tries to persuade victims to reply  back to some external address. The actual sender could be different. The body of the email message is not text but actually a bitmap picture. (the body is shown below).

The pdf also contains the email address of the scammer.

Update

Many UVic people received this phish today. It uses the usual “scary” tactic to make you act quick and eventually provide malicious actors with your UVic credentials. The link points to a fake login page.

Please don’t be curious and don’t click on links in phishing emails since some of them may contain malware to infect your computer instantaneously.

If in doubt, ask your desktop support person or the Helpdesk.

A screenshot of the phish message is shown below.

 

Invoice in a .html attachment

Recently UVic students and employees receive a lot of phish containing html attachments. The attachments might be very small or larger, may contain malware directly or redirect to malicious sites, including but not limited to fake UVic login pages.

There are numerous variations of the text in the email.  In many cases it is short as in the example below.

Please do not be curious and do not open html attachments from untrusted senders. If in doubt – ask the helpdesk or your desktop support person or give the sender a phone call and ask whether they sent you the suspicious attachment.

UVic Emergency Email Maintenance

Another phish that is crafted to steal your UVic credentials.

The sender is clearly external and the link is clearly external – you can see it by hovering over it with the mouse cursor.

Remember, if in doubt – never click the links in the email. Instead open the main web page of the organization – whether UVic or your bank, CRA, etc  and find your way to the desired setting from there.

Please do not be curious and do not click on the links in phish emails, sometimes they may contain malware to infect your computer instantly. Our experts open them in specialized isolated environment.

IT Helpdesk

Another phish that claims to help you keep your current password. This does not make sense. The UVic Helpdesk would never send you an email it order to keep a password unchanged.

The sender is clearly external and the link is clearly external – you can see it by hovering over it with the mouse cursor. The goal of course is to steal your credentials.
Please do not be curious and do not click on these links, sometimes they may contain malware to infect your computer instantly. Our experts open them in specialized isolated environment.

Dear youremail@uvic.ca

A screenshot of another phish that is circulating today is shown below. It tries to persuade you to click on a link to prevent your password from expiring.  The recipient email is quoted in the subject and then also in the email body.

Remember: Whenever  you receive a suspicious email that sounds plausible, never click any link that’s inside that email and do not call phone numbers listed in the email. Instead find the proper links or phone numbers by other means.

This phish is far from plausible. Currently UVic passwords do not expire. The sender is clearly external and the link is clearly external – you can see it by hovering over it with the mouse cursor. It leads to a fake UVic page – a perfect copy of the real home page of UVic. The goal of course is to steal your credentials.
Please do not be curious and do not click on these links, sometimes they may contain malware to infect your computer instantly.  Our experts open them in specialized isolated environment.