This phish is in circulation today. The same old story – click to prevent deactivation of your account. See below. The sender is external. Please don’t be curious and do not click these links. They are designed to steal credentials but they may contain malware to infect your computer instantly. Our experts open them on dedicated isolated machines.
This is how the phish looks like:
And this is a screenshot of the fake page:
Another try to persuade you to act quick, this phish comes with a subject “Action required”. It may or may not use a forged UVic address as a sender (see the screenshot). To be more convincing the body of the message contains the email address of the recipient.
As usual – do not be curious, do not open these links that point to fake UVic login pages designed to steal your credentials.
An email with a subject “payment confirmation” is circulating today. To avoid detection the malicious actors made a huge executable file (containing the malicious code) then put that executable file into a .iso file and then zipped that .iso.
The zip file is about 2Mb in size and attached in the email.
Please do not open these attachments! If in doubt, first ask your Desktop support person or the Helpdesk.
In the screenshot below it is shown the sender is an external one. As is usual for such campaigns they used many different sender addresses.
This phish is circulating since the early morning today. See a screenshot below.
As usual you are expected to act fast. Your password expires in 3 hours, and if you don’t act your account will be deleted in 4 hours?!? Isn’t that ridiculous?
The sender pretends to be a “System administrator connected to Microsoft Exchange”. They are clearly using some external address somewhere in Germany. They put themselves as a recipient and all other recipients received bcc: copies.
——end of the first screenshot ——
The link is external of course, and points to a fake login page that’s created to steal your credentials.
Please never click on suspicious links, don’t be curious. Sometimes these pages may contain malware to infect your machine instantly. Our experts open these in a dedicated isolated environment.
This particular fake page looks like shown below:
This phish is circulating around today. See a screenshot below.
Of course something must be wrong and of course you have to act fast. The sender pretends to be a “uvic webmail support” but clearly is using some external address. Note how the malicious actor deliberately put space in some words in the message body in order to evade automatic detection of phish, e.g. in the words “vulnerability”, “click”, “below”, “validate”
The link is external of course, and points to a fake roundcube mail page that’s created to steal your credentials.
Please never click on suspicious links, don’t be curious. Sometimes these pages may contain malware to infect your machine instantly. Our experts open these in a dedicated isolated environment.
Same old tactics – scary the user there is something wrong to deal with fast, navigate to a fake page, steal your UVic credentials.
A screenshot of the phish message is shown below. The link in fact points to an external site (that can be seen when hovering with the cursor above the link, without clicking).
A screenshot of the fake page is shown below
Please never click on suspicious links, don’t be curious. Sometimes these pages may contain malware to infect your machine instantly. Our experts open these in a dedicated isolated environment.
This phish is circulating today.
Same old tactics – scary the user there is something wrong to deal with fast, navigate to a fake page, steal your UVic credentials.
A screenshot of the phish message is shown below. The email of the recipient is included in the message. The links pretend to be internal but in fact point to an external site (that can be seen when hovering with the cursor above the link, without clicking).
This is how the fake page looks like:
This phish is circulating today. Nothing really innovative – if you don’t update your password , allegedly your account will be deleted withing 5 hours. Same old scary tactics – act fast, think less.
As usual a fake UVic-like page is designed with the single purpose to steal our credentials. In fact this time it is not quite UVic-like (shown at the bottom)
Please never click on suspicious links, don’t be curious. Sometimes these pages may contain malware to infect your machine instantly. Our experts open these in a dedicated isolated environment.
A screenshot of the phish is shown below. The sender is clearly external and the link is external too (the safe way to see it is to hover on it with the cursor without clicking).
————————-
The fake credentials page:
As the subject suggests this malicious actor employs the trivial scary tactics. You have to act fast or allegedly you will lose emails. As usual a fake UVIc-like page is
designed with the single purpose to steal our credentials.
The sender is clearly external and the link is external too (the save way to see it is to hover on it with the cursor without clicking.
Below you can see the email that many UVic users received today. Please never click on suspicious links, don’t be curious. Sometimes these pages may contain malware to infect your machine instantly. Our experts open these in a dedicated isolated environment.
The fake page looks like this:
Today UVic users are attacked by emails containing infected Excel attachments. In some cases those impersonate UVic people and send to their colleagues (names redacted). In some cases the display name of the sender is just “uvic”. The sender address is clearly external. Note also their 044 phone numbers.
It can pretend to be an invoice or anything else as well.
Do not open these attachments!
Report by the phish button or call your desktop support for assistance.
We see a novel idea in the phish area today. This time they are trying to persuade you that MS Defender prevented delivery of email messages.
The sender is clearly external. The link to “review messages” is also external,
you can see it by hovering over it with the mouse cursor, without clicking.
Please do not click on such links out of curiosity, they may contain malware to infect your machine instantaneously. Our experts open those in a dedicated isolated environment.
The fake login page is pretty much like our regular Outlook Web Access page (aka OWA).
This phish claims roundcube mail was to be upgraded and asks you to click on a link that has nothing to do with UVic. The sender is clearly external and if you hover over the link with the mouse cursor you will notice it is external too. Please do not click on such links out of curiosity, they may contain malware to infect your machine instantaneously. Our experts open those in a dedicated isolated environment.
The fake login page is shown at the bottom.
——————————————————————————–
Apparently the same actors sent the same link in a different phish, which has a different subject line but the same text in the body of the message. It looks like this:
———————————————
Below is the fake login page:
This phish was received by many UVic recipients today. The usual tactic is employed – to scary the recipient to act fast, otherwise their password (allegedly) would expire. We don’t send such emails.
Note also the sender address — clearly external.
If you hover the mouse over the link (without clicking!) you will notice it is not a UVic address there. That link redirects to another which contains a CAPTCHA, to imply legitimacy, and after that you end up with the usual login page designed to steal your UVic credentials. The page contains your UVic email address thus implying you are at the right place. You are not.
=================================================================
This is how the fake page looks like:
It is important to remember that in some cases just loading the web page may get your workstation infected. This is why we always suggest not to be curious and not to click on such links even for a quick look. Our experts open those in dedicated isolated environments.
Similarly to our previous post, this phish was received by many UVic users today.
Such attachments may contain malicious scripts and macro’s. They may come from external senders but they may come also from internal compromised accounts. If unsure, ask your desktop support person for help, don’t be curious and don’t rush to open the attachments.
Many UVic users received a phish with this subject today. The text of the email looks quite trivial (see a screenshot below) but it leads to a very well copied fake UVic login page (also shown below). Another variation leads to a fake VPN login page. Note the address of the sender is external. Also it is easy to spot the links are external if you hover with the mouse cursor on those. Please do not click on them, do not be curious. Your computer may get malware even just by visiting such pages. Our experts investigate them by using specially isolated computers.
The email:
The fake login page:
The fake VPN login page:
