Author: Mario Ivanov

Many UVic recipients received this phish today.  The text is addressing the recipient by name and the sender is internal.  The signature at the bottom “Uvic corporation” is a clear sign that something is not right about this notification.
UVic would not send you a link to validate/update/activate etc.  Instead you would get instructions to navigate to the UVic main web page and how to proceed further. As usual: Do not be curious and do not click that link if you happen to receive the phish. Hovering over the link clearly shows that it is not a UVic address.

 

 

This type of scam is circulating again. See below a screenshot. Typically they are sent to a large number of email addresses retrieved after a certain breach. The scammer demands a payment in Bitcoin threatening to expose your secrets. In most cases they have only your email address and nothing else. In some rare cases they may list an old password (retrieved at some non-UVic breach) of yours in order to convince you.  Do not re-use passwords.  And of course do not answer those scams (even for fun!)

Today’s phish pretends your password was going to expire today.
Note that we don’t have a policy to expire passwords.

The phish message asks you click the button in order to keep you password. As usual that leads to an external i.e. non-UVic webpage which contains the UVic logo. There, the final goal as always is to steal your UVic credentials. Below is a screenshot of that phish. The “button” is very light, almost invisible. (We added the red arrow pointing to it)

If you receive an email like that, please do not be curious and do not click on the link. Such pages might be loaded with malware so that even if you don’t enter any credentials you are at risk.

 

 

Today’s phish pretends you had voice mail. In order to hear it, you have to click the button, navigate to some external i.e. non-UVic webpage which contains the UVic logo.  There, the final goal as always is to steal your UVic credentials. Below is a screenshot of that phish. If you receive an email like that, please do not be curious and do not click on the link. Such pages might be loaded with malware so that even if you don’t enter any credentials you are at risk.

One more phish of this kind is circulating today. It tries to persuade you there were delayed messages in your mailbox. In fact the sender is external and their ultimate goal is to steal your credentials. For that purpose they created a copy of the UVic OWA (Outlook Web Access) page.  Please do not be curious and do not click on the link.  Such pages might be loaded with malware so that even if you don’t enter any credentials you are at risk.

In a second phish (second screenshot) the malicious actor spoofed the address of the UVic Helpdesk. The subject is “Action Needed”. The body of the phish is similar and it links to the same fake OWA page.

Another phish was received by a number of UVic recipients today. It uses the usual tactics – to scary the recipient that something is wrong and the victim needs to fix it. In this case the subject is “UVic Mailbox Quota Warning” and the email claims several messages were pending because the mailbox was full. (see the screenshot below). When the victim clicks on the link a fake Outlook Web Access (OWA) page opens. All designed to steal your UVic credentials.
As we always remind you – please do not be curious and do not click on such links – they may contain other malicious content so that just opening them “for a quick glimpse”  may be dangerous.
Note that they added their own message (the green bar) to fool you that the email originated from UVic.

This phish was received by UVic users today. It tries to persuade the victim there was a “configuration error” and as a result some mails could not be delivered. The goal is the same  – to make you click on a malicious link which opens a fake OWA page in order to steal your credentials. Please do not click on the link.
The email and the fake OWA page are shown in the next screenshots:

————————————————————–

 

Another version of the popular phish that claims some of your email messages were blocked and you needed to click on that link in order to “unblock” them is circulating around.
The sender is clearly non-UVic. Please do not be curious and do not click on such links even just for a quick peek. They may contain malicious load. The email looks like this:
=================================================================

 

and the page looks like this:

This phish tries to persuade the victim to “activate their anti-spam” by clicking on a link. Both the link and the sender are clearly not UVic addresses. Nevertheless the email is signed “University of Victoria” and the page contains the UVic logo.

As usual the goal is to steal your credentials. Do not click on the link!

 

---

 

Many UVic users received this phish today. It claims that “Microsoft Verification is required” and supposedly comes from “support service”.  However the sender is clearly not a UVic address. The body of the message looks like this:
Please do not be curious and do not click on the link.  The goal is to steal your UVic credentials (fake Outlook Web App page is shown below). Besides stealing credentials, these pages may contain malware which is why even opening the page is not a good idea.

This is another phish that tries to persuade the victim something was wrong with their email account. They are supposed to click a link to “release” quarantined messages. Note that UVic does not have such a practice.

---

---

The sender is forged to seem internal, but the links are clearly external.
Please do not be curious and do not click. The links lead to a fake Outlook Web App page that’s designed to steal your credentials:

---

Many users received this “verify your account” phish today.

 

---

Please don’t be curious and do not click on the link!  It leads to a fake OWA page pretending to belong to UVic and designed to steal your passphrase:

---

This phish tries to persuade the user there was a problem with their emails and they need to act immediately in order not to loose the unsent emails.
The sender is clearly external.
Do not click on the link. It leads to a fake OWA page that pretends to belong to UVic and is designed to steal your credentials. See below the screenshots of the email and the fake Outlook Web App page

 

 

This is another phish that tries to persuade the victim to “update their account”.
The message looks like this:

Please do not be curious and do not click the link if you get this phish.
It leads to a page that’s designed to stole your credentials.
One can clearly see in the address bar that it is not hosted at UVic:

The phish tries to persuade the victim that their email was blocked and they need to click the button in order to “restore access”.

After clicking a fake OWA page opens with the intent to steal the victim’s UVic password.  The fake OWA (Outlook Web App) page is in fact hosted on a Russian server (see the address bar).

Do not click on the “restore access” in that email!