Phish Bowl

There is no reason for anyone to open the attachment in this email as it is clearly a phish. It is not clearly stated what this invoice is for, or which organization is sending this invoice. Everything in this email is generic, be it the sender name, salutation, signature, subject and file name.

Never be curious about email attachments as opening those can lead to malware on your device. Hence, only open attachments which are coming from your known sources and you were expecting it.

Subject: Check attached invoice as requested
Sender: Administrator <****debiz.com>
Attached file: INVOICE0001.html

Hello,

I hope you’re well. Please see attached invoice number [40433] for Order MT476/2023, due on 12/16/2023. Don’t hesitate to reach out if you have any questions.

Yours truly
Sarah.

 

Another run of the high volume phish encountered yesterday. To spot the phishing signs check out the post below:

IMPORTANT: Verification

Below is the sample of the new variant:

Subject: UVIC IMPORTANT VERIFICATION!
Sender: University of Victoria <****>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Your UVIC Google account has been filed under the list of accounts set for deactivation due to retirement / graduation or transfer of the concerned account holder. But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your University of Victoria account.

Please Verify your UVIC account immediately to avoid Deactivation. Verify Here [Phishing link]

Please note the one-time submission and entry only..

Warm Regards,

3800 Finnerty Road
Victoria BC V8P 5C2 Canada
UVIC IT Help Desk

This phish uses scary tactic to get the user to take action to click on the link. The sender email address is external to UVic, the subject of the email is very generic, link is also external to UVic (check by hovering over it), it has formatting errors, and signature is also very generic. All these are phishing signs.

Always think and look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Subject: IMPORTANT: Verification
Sender: Help Desk IT support <****>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Your UVIC account has been filed under the list of accounts set for deactivation due to retirement / graduation or transfer of the concerned account holder. But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your University of Victoria account.

Please Verify your UVIC account immediately to avoid Deactivation. Verify Here [Phishing link]

Please note the one-time submission and entry only..

Warm Regards,

Help Desk Support – 24/7

Unlimited remote Help Desk IT support 24 hours a day, 365 days per year

As the holidays approach, phishing attempts related to parcel updates (such as delays, imminent arrivals, tracking information, and requests for confirmation) become increasingly common.
These messages may contain links to malicious sites or fake login pages. An example of such a message that circulated today is shown below. Please resist the urge to click on these links out of curiosity. Instead, hover your mouse over the link to verify that it does not actually lead to the website of the supposed parcel courier.

Hello dear ,

Your DHL Express shipment with waybill number CS/4792938456 is on its way. We will require a signature at the time of delivery. Shipment is subject to delivery duties taxes and clearance fees.

In order to avoid impact on delivery, please complete shipping info safely online to pay, view the calculation and track your shipment here.

Update and Track parcel<link to the malicious cite>

DHL is attempting to maintain a reliable shipping and delivery service for our customers. Thanks for your patience and understanding and wish to thank you so much for using DHL services.

​

Thank you for using On Demand Delivery.

DHL Express – Excellence. Simply delivered.

These types of job scams are not new. As always, impersonating a real UVic professor to make the job offer look legitimate.

Here are some of the red flags:

• The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
• The salary offered is too good to be true, that too for a part-time job.
• The email requests your Google Chat email. Scammers often request alternative contact information to evade UVic detection.
• The sender name does not match the name of the professor supposedly offering the job.

Never reply to such scams, always look for warning signs before taking any action. If you did reply, please stop any further conversation and reach out to helpdesk for assistance.

Subject: Part-Time Job Opening
From: Dr. Stanley Chukwuka Jung <****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

The service of a student assistant is urgently required to work part-time and get paid $400 weekly. Tasks will be carried out remotely and work time is 8 hours in a week.
If interested, submit a copy of your updated resume and a functional google chat email address to our Department of Anthropology via this email address to proceed.

 

Regards
[impersonated professor name]
Assistant Professor Of Anthropology
Department of Anthropology
Office: ****

Job scams that pretend to be from the Red Cross seem to becoming more common. As with many other job scams that we’ve seen before, the scammer tempts people with a generous salary for a minimal amount of work. If a job offer arrives unsolicited and the compensation is too good to be true, you can be sure it’s a scam.

Other red flags that indicate that the offer is fake:

• The email was sent from an address that does not belong to the Red Cross. A legitimate email from the Canadian Red Cross would come from a redcross.ca email address.
• The message contains multiple grammatical errors.
• You are asked to reply from your personal email–this is a trick to move the conversation off UVic email to evade detection.
• Replies are to be sent to a different address from a Red Cross lookalike domain.
• The confidentiality notice is not from the Red Cross.

If you replied to this email, cease contact with the scammer and reach out to the Computer Help Desk immediately for assistance.

Subject: Remote Flexible Job
From: [redacted] <********@iconpln.co.id>

Distribution Assistant is vacant at the National Red Cross with a weekly pay of $500. 3 hrs. per day, 3 times a week is required for purchasing of online items and delivering them to foster/disable homes in your local community. To apply, send cv/application to Mammen at jobs@arc-******.com with your personal email.

NRC

---

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus ( ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.

This phish uses scary tactic to get the user to take action to click on the link. The sender email address is external to UVic, the subject of the email is very generic, mention of “College Email account”: mistakes like these indicate the same phish could have been used for other institutes, it has formatting errors, and signature are also very generic. All these are phishing signs.

Always think and look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Subject: UPDATE
Sender: JARUNEE KONGSAWAT <****psu.ac.th>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear Student,

Your College Email account will be Deactivated shortly.
To stop Deactivation, CLICK HERE[Phishing link] and log in

Thank you,
IT Helpdesk

If you received an email for a job position offering too good to be true salary, then either report or delete it as it is a job scam. Other signs indicating that it is a phish:

1. Asking to reply on a different email address than the sender email address.
2.  Asking recipient’s reply from their personal email address, it is to evade UVic detection.
3. Sender name is different than the signature name.
4. The text of the email is in an image.
5. Formatting and grammatical errors.

Subject: WFH
Sender: Tesfaye Moges Teklehaymanot <****@ethiotelecom.et>

I am offering a work from home position as my Personal Assistant in which you can Earn $500 Weekly. For details and Job description kindly contact me only via my personal email (****@outlook.com) with below information

Name:

Age:

Personal Email:

Important Note: This is a non reply email so kindly send your interest to me only via (****@outlook.com) also endeavour to reply to this email via your Personal email(Gmail,Hotmail,yahoo) etc and not your Edu email). This Position demands you to be 100 attentive to details so failure to adhere to this important note will lead to automatic disqualification of your interest in this Job.

I look to hear from you if you are interested.

Thanks
Michael Brunetti

IMPORTANT. This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure of this message is prohibited. Since e-mail messages may not be reliable, ethio telecom shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free.

We received a report of an interaction with a scammer from an employee who was aware of the scam from the outset. We strongly advise against engaging with scammers, even ‘for fun’. Such interactions can inadvertently reveal valuable information, such as the active status of your email account, your work schedule, and more. We’ve redacted the name used by the scammer in this instance, as they were impersonating a real university professor.
The thread begins with a succinct email body, the subject line merely containing the name of the impersonated professor, typically someone in an executive position such as a department chair, dean, or director.

The employee responded as follows:
At this juncture, many individuals might feel a twinge of guilt for overlooking the initial email. This is precisely the reaction the scammer is banking on, despite the fact that there was no previous email. The scammer swiftly replied, revealing their true intent:
There’s always a reason why they can’t purchase the cards themselves. It could be a technical issue, illness, an ongoing meeting, or any number of pretexts.
The employee responded:
A scammer, realizing their ruse has been seen through, might typically abandon their efforts at this point. However, this scammer persisted, sticking to their script as shown below:
Perhaps they believe persistence pays off statistically? That they might eventually convince a potential victim? Unfortunately, we do occasionally encounter victims who purchase gift cards and send photos of the scratched-off numbers to the scammer. This is another telltale sign. Since the scammer can’t physically collect the cards, they request photos of the ID numbers. It’s a good idea to discuss this scenario with your supervisor and confirm that they would never ask you to purchase gift cards.

Remember: It’s always best to avoid giving scammers any information, no matter how insignificant it may seem.

HR or payroll-themed lures are commonly used for phishing emails. While this email claims to be from a UVic system, notice how the capitalization of UVic in the sender name is incorrect and the actual sender address is from outside of UVic. Both are red flags that indicate that this a phishing email; a genuine UVic Payroll or HR email should be coming from a UVic email address. Another bad sign is the fact that there is nothing in the message body except for a disclaimer and confidentiality notice that mentions some other external organization but not UVic.

This email also contains a .htm attachment. Do not open unsolicited or unexpected attachments whose names end in .htm or .html. These files are webpages, meaning that they could contain code that downloads malicious content or that redirects you to a malicious site. UVic InfoSec used a special secure environment to examine this file’s contents and found that it contains code to redirect you to a malicious site after a few seconds’ delay. If you opened the attachment, reach out to the Computer Help Desk or your department’s IT support staff for assistance.

Subject: REMINDER: Benefits Open Enrollment 2024. Review & Sign
From: Uvic e-Service System <okita@****okita.com>
This message was sent with high importance.
Attachment: [webpage file] Open Enrollment 2024.htm (1018 bytes)

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Disclaimer: Confidentiality Notice: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the originator of the message. Any views expressed in this message are those of the individual sender, except where the sender specifies and, with authority, states them to be the views of A********x

If you received a UVic job posting from a UVic professor offering flexible work schedule with very high pay, and you are wondering what’s the harm in applying. Think again, because scammers are at play here. The scammers impersonate a real UVic professor to make the job offer look legitimate.

Here are some of the red flags you need to watch out before taking any action given in such scams:

• The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
• The salary offered is too good to be true, that too for a part-time job.
• Grammatical and formatting errors.

Therefore, do not reply to the email with your information. If you did, please reach out to the Computer Help Desk for assistance.

Subject: Part-Time Assistants Needed
Sender: [impersonated professor name]<****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria, Department of Computer Science is currently seeking the services of Research Assistants to work remotely or in person with our research team to support ongoing data collection, and analysis.
Department Required Skills;
– Highly motivated, with strong organizational and communication skills.
-Excellent problem-solving skills
-Team player who is able to work in a fast paced environment with a multidisciplinary team.
Preferred Years Experience, Skills, Training, Education;Experience primarily using Windows operating systems
-Ability to adequately use Microsoft Excel.
This is a part-time position with a flexible schedule, and the successful candidate will work approximately 6- 7 hours for $350 weekly. The position offers valuable research experience, and the opportunity to work with a dynamic and collaborative research team on campus.
To proceed with the application process and other eligibility descriptions, submit your resume for review .

Best regards,

c/o

[impersonated professor name]
Professor
Computer Science
Office: ****

This phish uses a lot of vague language to describe the purpose, like “partnership in a business project”, no information about what the proposal is and what kind of business project. Nevertheless, if you are not expecting an email, it is probably a phish. The subject of the email uses “RE:” to appear as ongoing email thread, and the subject doesn’t match the context in the email body. Signature does not give any information about the sender except for the name. All these signs indicate that this email is a phish along with formatting mistakes.

Hence, always look for warning signs in an email before taking any action and, think whether you were expecting such email. Never reply back to the scammers asking for more information as they intentionally give vague or no information. Whenever in doubt, contact helpdesk or your departmental IT contact.

Subject: RE: YOUR OFFICIAL CONSENT LETTER! PLEASE READ!!
Sender: Tulub Serhiy <****@ctb.ne.jp>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Date: Friday 27, October 2023

Compliment of the day, and I hope my Email finds you in good health.

I got your reference in my search for someone who suits my proposed
business relationship.

I am contacting you to seek your partnership in a business project,
I have all the modalities fashioned out to give this business an
excellent outcome.

I am confident that you will give your consideration to this proposal
and respond positively within a short period of time.

As soon as you give your positive response to this proposal, I will not
hesitate in sending you the details information of this great investment
partnership opportunity.

Regards.

I wait for your quick reply for more details.

Yours Truly
Dr. Serhiy Tulub

If you received an email claiming to give away piano for free, it is a scam. Keep in mind, if it is too good to be true offer, it probably is. The scammer is impersonating UVic members to make the offer look legit, nevertheless, it is a scam. The email address of the sender is external to UVic and also asking the users to reply to another external address with your personal email, this tactic is to evade UVic network detection.

Please be wary of such scams of unsolicited offers and do not reply to such emails not even to confirm if the offer is legit or not. If you’re not sure about the legitimacy of the email, verify it by contacting the supposed sender through a different mode of contact than given in the email.

Subject: Opportunity to own a Grand Baby Piano
Sender: [Redacted sender name] <****@fioptics.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear Faculty/Staff,

One of our Staff Mrs. [redacted name] is giving out a piano to a loving home for free. You can write to her to indicate your interest on her private email (****@outlook.com).

Please write Mrs. [redacted name] via your personal email for a swift response.

Thanks,
[redacted name]
Professor
University of Victoria

An obvious phish indicating lack of effort from the phisher. These types of phishes are sent in high volume where it mostly become numbers game, hoping to get at least 1 (if not more) victim out of thousands.

This phish tries to lure users with too good to be true offer of a grant. But there is no context, whatsoever, of what this grant is, which organization is providing it, and why is it being provided. The email subject has no meaningful connection with the text in email body. The name of the sender doesn’t match the name given in email signature. Grammatical mistake is also a factor indicating it is a phish.

Never reply to addresses given in phishes, not even to request unsubscribe from mailing list. Always take a moment to look for phishing signs. Whenever in doubt contact helpdesk or your departmental IT support.

Subject: Dear Email User
Sender: Perry Collin <*****sd73.bc.ca>

You have qualify to receive this month grant pay out check. ( $2800) To process claim,send the following details:
Name –
Address-
Tel-
To the grant co-ordinator
Name- Perry Collin
Contact email – *****@hotmail.com
We await to hear from you.
Salace Anderson
Grant Mat sector.

Job scammers are once again trying to take advantage of students who are in need of money to pay for tuition and necessities in these tough economic times. As in previous batches that we have seen and written about, the scammers impersonate a real UVic professor to make the job offer look legitimate. The red flags are the same as before:

• The email comes from a Gmail address. Emails about real UVic job offers should come from a UVic email address.
• The name in the sender information does not match the name of the professor supposedly offering the job. Inconsistencies like this can be a sign of an impersonation scam.
• The salary offered is too good to be true. $50/hour is more than triple the minimum wage in BC and a part-time student job is not realistically going to offer pay that high.
• The email requests your Google Chat email. Scammers often request alternative contact information to move the conversation away from UVic’s defences and monitoring.

Therefore, do not reply to the email with your information. If you did, cease contact with the scammer and reach out to the Computer Help Desk for assistance.

Subject: Remote Job Opening
From: Emily Rauscher <*****emilyap5@gmail.com>

The service of a student/graduate student  is urgently required to work part-time as a research assistant and get paid $450 weekly. Tasks will be carried out remotely from home and work time is 9 hours/week.

If interested, submit a copy of your updated resume and functional google chat email address to our Department of Psychology via this email to proceed.

Sincerely
[name redacted]
Assistant Teaching Professor
Psychology
Office: COR A***