This phish was observed today by many at UVic. There is no context mentioned, whatsoever, about the attached docx file. This phish is merely to attract the curious to open the attachment.
Never open/download any attachments given in suspicious emails. Even though the file may seem benign but attachments in phish are infected with viruses and other malware, which will get executed as soon as you click on the file.
Many UVic recipients reported this phish today.
It clearly comes from an external address, uses the usual scary tactics to make you act fast and as usual leads to a fake login page designed to steal your UVic credentials.
Please do not be curious and do not click on such links as they may contain malware to infect your computer instantly.
Many uvic recipients reported this phish today. In all cases it uses the recipient address to spoof the actual sender. This way the email looks like coming from the recipient themselves. The “ticket number” in the subject is using some sort of random number generator, so it is also different every time.
There are other variations of the subject, for example:
Your E-mail (netlink@uvic.ca) will expire soon -[Ticket ID: xxxxxx]
Your E-mail (netlink@uvic.ca) Requires Verification -[Ticket ID: xxxxxx]
In all cases there is a malicious .shtml file attached.
The name of that file is: uvic.ca-update-form.shtml
(but could be different of course)
Please do not open these attachments, they contain malware.
A screenshot of the phish is shown below:
Please be aware of this phish as it impersonates a UVic faculty member to make the job offer believable. The sender’s email address is not a UVic email and the sender’s name is made to look legit “Office of Human Resources” but it is fake. The scammer is asking for a gmail address, which is a red flag, to evade UVic detection. This phish also has a usual tactic of too good to be true offer.
One can confirm such emails by contacting the person or department or organization from a known contact information (like in this case, from UVic website). Never use contact information given in the email to confirm the legitimacy of that email. Never be in a hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.
This is another very “popular” phish today.
It made effort to sound legit, it contains helpdesk@uvic.ca at the bottom and the sender may appear as an internal one to add to the sense of legitimacy.
Similarly to the job scam we posted about below, this phish uses the trick to put the whole message in a bitmap. It only looks like text with a link, but the whole body is a single picture. That picture is linked to the malicious website. This way
the victim may click somewhere on what looks like text, thinking it was safe. That would immediately trigger their web browser to open the malicious web page.
Please be careful with clicks and don’t be curious. If in doubt – ask your desktop support person or the Helpdesk.
This job scam is circulating today. It contains an attachment and tries to persuade victims to reply back to some external address. The actual sender could be different. The body of the email message is not text but actually a bitmap picture. (the body is shown below).
The pdf also contains the email address of the scammer.
Many UVic people received this phish today. It uses the usual “scary” tactic to make you act quick and eventually provide malicious actors with your UVic credentials. The link points to a fake login page.
Please don’t be curious and don’t click on links in phishing emails since some of them may contain malware to infect your computer instantaneously.
If in doubt, ask your desktop support person or the Helpdesk.
A screenshot of the phish message is shown below.
Recently UVic students and employees receive a lot of phish containing html attachments. The attachments might be very small or larger, may contain malware directly or redirect to malicious sites, including but not limited to fake UVic login pages.
There are numerous variations of the text in the email. In many cases it is short as in the example below.
Please do not be curious and do not open html attachments from untrusted senders. If in doubt – ask the helpdesk or your desktop support person or give the sender a phone call and ask whether they sent you the suspicious attachment.
Recently, there has been an increase in job scam phishes. This one also impersonates a professor at UVic to make the job seem legit. This phish is similar to the one encountered earlier this month. To spot the phishing signs checkout the post below:
This job scam is similar to what we have seen back in Feb 2023 just with different subject and sender. To know about the phishing signs, check the post below:
Screenshot of the latest phish:
Seems to be job scam season, this is the fourth job scam phish seen this week. Tactics are same as other job scams trying to lure people with too good to be true offers. The sender email and the email to contact are different, moreover this email pretends to be coming from WHO but the sender email address is clearly not from this organization. The email given, to contact, is clearly made to seem that it belongs to WHO but it is a fake domain. The phisher is asking to contact using personal email address, this a major red flag, as it is to evade UVic detection.
Please don’t be in a hurry to respond or click on attachments. Always look for red flags and when in doubt contact helpdesk.
This job scam phish was received over the weekend, observed various subjects such as “APPLY FOR A RESEARCH ASSISTANT POSITION”, “Job Opportunity At UNIVERSITY OF VICTORIA”, “STUDENT EMPLOYMENT OPPORTUNITIES”, “APPLY FOR A RESEARCH ASSISTANT POSITION”, “UNIVERSITY OF VICTORIA Student Employment Openings”, “Research Assistants Needed At UNIVERSITY OF VICTORIA”.
Phishing signs:
Never be in hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.
This is a job scam phish. These type of phishes usually try to trick students by giving “too good to be true” offer. This phish impersonates a professor in a UVic department but looking at the email address confirms that this is an external address which wouldn’t be a case if coming from a UVic employee in their professional capacity. The scammer is asking for a gmail address, which is a red flag, to evade UVic detection.
Never be in a hurry to respond, take your time to look for phishing signs and if in doubt consult with helpdesk.
Another phish that is crafted to steal your UVic credentials.
The sender is clearly external and the link is clearly external – you can see it by hovering over it with the mouse cursor.
Remember, if in doubt – never click the links in the email. Instead open the main web page of the organization – whether UVic or your bank, CRA, etc and find your way to the desired setting from there.
Please do not be curious and do not click on the links in phish emails, sometimes they may contain malware to infect your computer instantly. Our experts open them in specialized isolated environment.
Another phish that claims to help you keep your current password. This does not make sense. The UVic Helpdesk would never send you an email it order to keep a password unchanged.
The sender is clearly external and the link is clearly external – you can see it by hovering over it with the mouse cursor. The goal of course is to steal your credentials.
Please do not be curious and do not click on these links, sometimes they may contain malware to infect your computer instantly. Our experts open them in specialized isolated environment.
