Undelivered mail notification
This phish was received by UVic users today. It tries to persuade the victim there was a “configuration error” and as a result some mails could not be delivered. The goal is the same – to make you click on a malicious link which opens a fake OWA page in order to steal your credentials. Please do not click on the link.
The email and the fake OWA page are shown in the next screenshots:
————————————————————–
Undelivered Mail
This phish used a spoofed sender of postmaster@uvic.ca or postmaster@local.uvic.ca, but originated from an external source and is definitely not legitimate. Also note the “trusted source” banner–this was not added by our mail system, but by the phisher to make the message look legitimate.
Do not click on the links in this email; if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.
Office Update
New Microsoft Outlook for Staff/Employee
Job Application
This type of resume/job application phish is nothing new, but what is somewhat more unusual is the fact that the phisher has made a slight (though not very good) attempt to target UVic. They even tried to address the recipient personally, but in this case they actually got their first name wrong. But what hasn’t changed is the nastiness of the attachment–do not open it as it will contain malware!
Non delivered messages phish
Another version of the popular phish that claims some of your email messages were blocked and you needed to click on that link in order to “unblock” them is circulating around.
The sender is clearly non-UVic. Please do not be curious and do not click on such links even just for a quick peek. They may contain malicious load. The email looks like this:
=================================================================
and the page looks like this:
A UVic-targeted variant of the usual advance fee scam
No doubt you’ve all seen a classic advance fee scam. A stranger emails you asking for assistance in transferring a large amount of wealth that they say they own but can’t access, offering you a cut of it in return. Most of the time, these scams are sent en masse and not targeted to the recipient.
However, a bunch of UVic employees recently received a more targeted variant of this scam where the writer poses as someone wanting to come to UVic:
Those who reply will receive a lengthy letter back. For brevity’s sake I won’t post the whole thing, but here’s the part that makes it clear that this is just another advance fee scam. Note: you can right-click on the image and choose to open it in a new tab or window to view it at full size if the font is too small for your liking.
“Job Offer” and “Online Job Offer” work from home scams
For more information about work from home scams, see this news article: https://toronto.ctvnews.ca/better-business-bureau-warning-about-these-work-at-home-scams-1.5000409
Security Alert: Your password will expire in 3 days
Note how this spear phish spoofed a UVic email address. While it might look like it came from UVic, it actually came from an external third-party. The link is not a uvic.ca site either, so don’t click on it. If you did, contact your department’s IT support staff immediately.
Pending messages couldn’t be delivered, Inbox Full 9/7/2020
This spear phishing email pretends to be a notification for the legitimate webmail.uvic.ca service, but hovering over that link reveals that it does not go to a UVic site. Do not go to that site–if you did click on the link, please contact your department’s IT support staff immediately.
Phish from a compromised vendor email address
An employee of a local vendor had their email address compromised and used to send phishing emails. Notice the part that looks like a file attachment–it actually is a link to a malicious file on OneDrive.
If you receive emails that appear to come from someone you know but don’t quite look right, don’t reply and don’t click on the links. Instead, contact them via a phone number that you already have and know is safe. Also inform your department’s IT support staff and report the phish to the Information Security Office so that we can follow up as necessary.
“Important notice” phish
This phish tries to persuade the victim to “activate their anti-spam” by clicking on a link. Both the link and the sender are clearly not UVic addresses. Nevertheless the email is signed “University of Victoria” and the page contains the UVic logo.
As usual the goal is to steal your credentials. Do not click on the link!
Microsoft verification phish
Many UVic users received this phish today. It claims that “Microsoft Verification is required” and supposedly comes from “support service”. However the sender is clearly not a UVic address. The body of the message looks like this:
Please do not be curious and do not click on the link. The goal is to steal your UVic credentials (fake Outlook Web App page is shown below). Besides stealing credentials, these pages may contain malware which is why even opening the page is not a good idea.
x message(s) quarantined
This is another phish that tries to persuade the victim something was wrong with their email account. They are supposed to click a link to “release” quarantined messages. Note that UVic does not have such a practice.
The sender is forged to seem internal, but the links are clearly external.
Please do not be curious and do not click. The links lead to a fake Outlook Web App page that’s designed to steal your credentials: