Phish Bowl

I know what you did / I control your camera

This con is a pure social engineering relying on fear alone and not utilizing any technical means or knowledge.

Do not click on the links of videos etc.
Do not respond to these emails. You can safely delete them.

Final Warning from webmail Administrator

Fake Canada Post delivery notice

Outlook Security Update

This phish mentions phishing to trick you into thinking it’s a legitimate email.

However, it goes to a URL that is clearly not a Microsoft site. Notice how the word “Password” has been changed to use special characters to avoid detection by automatic scanners.

Targeted phish with fake trusted sender banner

The UVic email system did not add the “From a trusted sender” banner. The phisher added this fake banner to make the message look legitimate.

Reconfirm your Uvic Authentication Key

Invoice – with malicious Excel spreadsheet

Blackmail using passwords from other breaches

University Systems has received reports of multiple blackmail-related emails targeting UVic users. The email is a blackmail or extortion attempt which includes a previously-used password and threatens that potentially embarrassing information will be disclosed if the fee is not paid, in a certain amount of time. The tone and content of the email is frightening, but the threat is not credible. The senders of the phishing message retrieved the disclosed password by data-mining past breaches of accounts associated with other services such as Facebook, Twitter, Yahoo, LinkedIn and Adobe.

If you have received one of these emails, here are some steps you can take to protect yourself:

Do not respond to these emails. You can safely delete it.
Use the HaveIBeenPwned service, and submit your email address(es) to see what breaches your email address may have been part of.
Learn of steps you can take to protect your Netlink ID and other accounts:
Take the Phishing Awareness training.