Author: Mario Ivanov

Today a number of UVic recipients received an impersonation email supposedly from the president Jamie Cassels.
The email looked like this:
This is a typical start of a gift card scam. We wrote about those back in November:
https://www.uvic.ca/systems/status/notices/current/gift-card-scam_nov2019.php

and later on the topic was covered with more detail by our Chief Information Security Officer:
https://onlineacademiccommunity.uvic.ca/cisoblog/2020/02/20/an-email-exchange-with-the-president-not-really/

Please do not respond to impersonating emails (even for fun) and report them by using the “phish” button.

This phish pretends to be sending financial statements for 2020 (misspelled in the subject as “satement”). The email body looks like this:
The actual attachment is a html file which redirects the victim to a UVic like OWA page:
with the intention to steal your credentials. That page is clearly external – look at the address bar in the screenshot.

This phish tries to persuade the victim that they need to click a link to verify their account.  It opens a page that pretends to belong to UVic and steals the credentials of the victim. Do not click on that link!
The email looks like this:

 

The page pretends to be UVic, but clearly is external (see the address bar)

This message asks to click on a link to update your email “for increased security”. Note that we would never ask users to click on a link in order to update their email. Moreover with an obscure explanation like the below.  Do not click on the link!

This message pretends to be coming from the helpdesk, while clearly it comes from a random gmail address. Apparently it was designed  to target the UVic audience because it mentions the name of the UVic president. Do not click on the link.
Neither the Helpdesk, nor the president will send a document by using google drive.

This Phish tries to persuade the victim their email account would be terminated. Clicking on the link opens an OWA page that is quite similar to that of UVic.
Do not click on that link.

This email pretends to provide “additional security” to trick the user to enter their credentials. Clearly the sender is not the UVic Helpdesk, it is an external sender.

Also the link points to an external site:

Please report similar phish by using the phish button. Do not click on the links.

This con is a pure social engineering relying on fear alone and not utilizing any technical means or knowledge.

• Do not click on the links of videos etc.
• Do not respond to these emails. You can safely delete them.