Phish Bowl

We’ve been seeing several variations of these fake research assistant job offers, each one impersonating a real UVic faculty member to make the opportunity look legitimate. However, there are several red flags that indicate these are scams:

• The emails come from Gmail addresses, not from the faculty members’ UVic email addresses.
• The scammer asks you to respond using a different communication method (SMS or Google chat). This is an attempt to evade our monitoring systems by moving the conversation away from UVic email.
• The versions that request responses via SMS don’t provide a local phone number; the 323 area code corresponds to Los Angeles, California.
• The pay offered is several times higher than the minimum wage in BC and therefore too good to be true, especially for part-time/casual work.
• The messages contain errors in grammar, spacing and/or punctuation.
• The name of the sender of the email may differ from the professor mentioned in the message.

If you replied to one of these emails, contact the Computer Help Desk immediately for assistance, especially if you sent money or personal information.

Subject: Office of Research Assistants
From: [name redacted] <csdepartment.uvic.***@gmail.com>

University of Victoria is currently seeking a Research Assistants to join the Department of computer science, under the supervision of professor: [name redacted].
The hours are flexible and students will be required to work not more than 6 hours weekly. The position can be carried out remotely and the pay is $300 weekly. Salary increment will be reviewed after gaining more training and experience on the position. The position is open for any student of the institution.
Major skills needed are ; Maintaining effective working relationships, Ability to establish effective working relationships and to prioritize tasks and projects, Ability to work independently. Basic Knowledge of Microsoft Word and Excel will be an added advantage.
If interested , submit your full name, department and year of study to me directly via text message on (323) [scammer’s phone number redacted].

Best regards,
[name redacted]
Professor in the department
of Computer Science.
(323) [scammer’s phone number redacted].

Subject: Office of Research Assistants
From: Prof. Colette Coco <ac****mo@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria is currently seeking a Research Assistants to join the Department of computer science, under the supervision of professor: [name redacted].
The hours are flexible and students will be required to work not more than 6 hours weekly. The position can be carried out remotely and the pay is $300 weekly. Salary increment will be reviewed after gaining more training and experience on the position. The position is open for any student of the institution.
Major skills needed are ; Maintaining effective working relationships, Ability to establish effective working relationships and to prioritize tasks and projects, Ability to work independently. Basic Knowledge of Microsoft Word and Excel will be an added advantage.
If interested , submit your full name, department and year of study to me directly via text message on (323) [scammer’s phone number redacted].

Best regards,
[name redacted]
Professor in the department
of Computer Science.
(323) [scammer’s phone number redacted].

Subject: Student Research Assistant Urgently Needed
From: Larry Grace <lg3****9@gmail.com>

The service of a student research assistant is urgently required to work part-time and get paid $650 bi-weekly.Tasks will be carried out remotely and work time is 8 hours/week.
If interested, submit a copy of your updated resume and a functional google chat email address to our Department of Psychology via this email address to proceed further.

Regard
[name redacted]
Associate Professor of Psychology
Department of Psychology
Office: COR [room redacted]

This high volume phish applies the tactic of curiosity. It impersonates regular sharing of files done using OneDrive. But looking at the sender address reveals it is not coming from a Microsoft domain and the sender name is also fake.

The phisher has sent this phish without any context and  in the hope that a curious mind would click the link and fell for it. Hence, never be in a hurry to click the links in the email and take a moment to consider if you were expecting a sharing of file. If such emails are sent from someone you know, always confirm with them. Whenever in doubt, consult helpdesk.

This phish was observed today by many at UVic. There is no context mentioned, whatsoever, about the attached docx file. This phish is merely to attract the curious to open the attachment.

Never open/download any attachments given in suspicious emails. Even though the file may seem benign but attachments in phish are infected with viruses and other malware, which will get executed as soon as you click on the file.

 

Many UVic recipients reported this phish today.

It clearly comes from an external address, uses the usual scary tactics to make you act fast and as usual leads to a fake login page designed to steal your UVic credentials.
Please do not be curious and do not click on such links as they may contain malware to infect your computer instantly.

Many uvic recipients reported this phish today. In all cases it uses the recipient address to spoof the actual sender. This way the email looks like coming from the recipient themselves. The “ticket number” in the subject is using some sort of random number generator, so it is also different every time.
There are other variations of the subject, for example:

Your E-mail (netlink@uvic.ca) will expire soon -[Ticket ID: xxxxxx]

Your E-mail (netlink@uvic.ca) Requires Verification -[Ticket ID: xxxxxx]

In all cases there is a malicious .shtml file attached.
The name of that file is:  uvic.ca-update-form.shtml
(but could be different of course)

Please do not open these attachments, they contain malware.

A screenshot of the phish is shown below:

Please be aware of this phish as it impersonates a UVic faculty member to make the job offer believable. The sender’s email address is not a UVic email and the sender’s name is made to look legit “Office of Human Resources” but it is fake. The scammer is asking for a gmail address, which is a red flag, to evade UVic detection. This phish also has a usual tactic of too good to be true offer.

One can confirm such emails by contacting the person or department or organization from a known contact information (like in this case, from UVic website). Never use contact information given in the email to confirm the legitimacy of that email. Never be in a hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.

This is another very “popular” phish today.

It made effort to sound legit, it contains helpdesk@uvic.ca at the bottom and the sender may appear as an internal one to add to the sense of legitimacy.

Similarly to the job scam we posted about below, this phish uses the trick to put the whole message in a bitmap. It only looks like text with a link, but the whole body is a single picture. That picture is linked to the malicious website. This way
the victim may click somewhere on what looks like text, thinking it was safe. That would immediately trigger their web browser to open the malicious web page.
Please be careful with clicks and don’t be curious. If in doubt – ask your desktop support person or the Helpdesk.

This job scam is circulating today. It contains an attachment and tries to persuade victims to reply  back to some external address. The actual sender could be different. The body of the email message is not text but actually a bitmap picture. (the body is shown below).

The pdf also contains the email address of the scammer.

Many UVic people received this phish today. It uses the usual “scary” tactic to make you act quick and eventually provide malicious actors with your UVic credentials. The link points to a fake login page.

Please don’t be curious and don’t click on links in phishing emails since some of them may contain malware to infect your computer instantaneously.

If in doubt, ask your desktop support person or the Helpdesk.

A screenshot of the phish message is shown below.

 

Recently UVic students and employees receive a lot of phish containing html attachments. The attachments might be very small or larger, may contain malware directly or redirect to malicious sites, including but not limited to fake UVic login pages.

There are numerous variations of the text in the email.  In many cases it is short as in the example below.

Please do not be curious and do not open html attachments from untrusted senders. If in doubt – ask the helpdesk or your desktop support person or give the sender a phone call and ask whether they sent you the suspicious attachment.

Recently, there has been an increase in job scam phishes. This one also impersonates a professor at UVic to make the job seem legit. This phish is similar to the one encountered earlier this month. To spot the phishing signs checkout the post below:

Student Research Assistant Urgently Needed

This job scam is similar to what we have seen back in Feb 2023 just with different subject and sender. To know about the phishing signs, check the post below:

UNICEF is recruiting students

Screenshot of the latest phish:

Seems to be job scam season, this is the fourth job scam phish seen this week. Tactics are same as other job scams trying to lure people with too good to be true offers. The sender email and the email to contact are different, moreover this email pretends to be coming from WHO but the sender email address is clearly not from this organization. The email given, to contact, is clearly made to seem that it belongs to WHO but it is a fake domain. The phisher is asking to contact using personal email address, this a major red flag, as it is to evade UVic detection.

Please don’t be in a hurry to respond or click on attachments. Always look for red flags and when in doubt contact helpdesk.

 

This job scam phish was received over the weekend, observed various subjects such as “APPLY FOR A RESEARCH ASSISTANT POSITION”,  “Job Opportunity At UNIVERSITY OF VICTORIA”, “STUDENT EMPLOYMENT OPPORTUNITIES”, “APPLY FOR A RESEARCH ASSISTANT POSITION”, “UNIVERSITY OF VICTORIA Student Employment Openings”, “Research Assistants Needed At UNIVERSITY OF VICTORIA”.

Phishing signs:

1. Impersonates a Professor from a UVic department. Sender name is different from the impersonated professor.
2. Sender email address is external.
3. Too good to be true offer.
4. Asking to contact via phone, to evade UVic detection.
5. Formatting and grammatical errors.

Never be in hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.

This is a job scam phish. These type of phishes usually try to trick students by giving “too good to be true” offer. This phish impersonates a professor in a UVic department but looking at the email address confirms that this is an external address which wouldn’t be a case if coming from a UVic employee in their professional capacity. The scammer is asking for a gmail address, which is a red flag, to evade UVic detection.

Never be in a hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.