This is another phish that tries to persuade the victim to “update their account”.
The message looks like this:
Please do not be curious and do not click the link if you get this phish.
It leads to a page that’s designed to stole your credentials.
One can clearly see in the address bar that it is not hosted at UVic:
The phish tries to persuade the victim that their email was blocked and they need to click the button in order to “restore access”.
After clicking a fake OWA page opens with the intent to steal the victim’s UVic password. The fake OWA (Outlook Web App) page is in fact hosted on a Russian server (see the address bar).
Do not click on the “restore access” in that email!
Today a number of UVic recipients received an impersonation email supposedly from the president Jamie Cassels.
The email looked like this:
This is a typical start of a gift card scam. We wrote about those back in November:
https://www.uvic.ca/systems/status/notices/current/gift-card-scam_nov2019.php
and later on the topic was covered with more detail by our Chief Information Security Officer:
https://onlineacademiccommunity.uvic.ca/cisoblog/2020/02/20/an-email-exchange-with-the-president-not-really/
Please do not respond to impersonating emails (even for fun) and report them by using the “phish” button.
This phish pretends to be sending financial statements for 2020 (misspelled in the subject as “satement”). The email body looks like this:
The actual attachment is a html file which redirects the victim to a UVic like OWA page:
with the intention to steal your credentials. That page is clearly external – look at the address bar in the screenshot.
This phish tries to persuade the victim that they need to click a link to verify their account. It opens a page that pretends to belong to UVic and steals the credentials of the victim. Do not click on that link!
The email looks like this:
The page pretends to be UVic, but clearly is external (see the address bar)
This message asks to click on a link to update your email “for increased security”. Note that we would never ask users to click on a link in order to update their email. Moreover with an obscure explanation like the below. Do not click on the link!
This message pretends to be coming from the helpdesk, while clearly it comes from a random gmail address. Apparently it was designed to target the UVic audience because it mentions the name of the UVic president. Do not click on the link.
Neither the Helpdesk, nor the president will send a document by using google drive.
This Phish tries to persuade the victim their email account would be terminated. Clicking on the link opens an OWA page that is quite similar to that of UVic.
Do not click on that link.
This email pretends to provide “additional security” to trick the user to enter their credentials. Clearly the sender is not the UVic Helpdesk, it is an external sender.
Also the link points to an external site:
Please report similar phish by using the phish button. Do not click on the links.
This con is a pure social engineering relying on fear alone and not utilizing any technical means or knowledge.
