Images

Job scams impersonating UNESCO and other UN agencies are something we see on a regular basis. By offering a generous salary for only a few hours a week of simple remote work tasks, these unscrupulous scammers prey on students looking for extra money to cover the cost of tuition, rent and other necessities. The red flags in the email message are the usual ones:

• The email did not come from a UNESCO or UN email address, nor did it come from a UVic sender.
• The salary is too good to be true for part-time remote work.
• The email contains grammatical errors and awkward wording.
• You are told to send replies to an Outlook.com email address. If a job offer asks you to contact an address from a free email provider, there is a very high chance that the offer is a scam.
• You are asked to reply from your personal email address. Scammers do this to shift the conversation away from UVic’s email security controls and avoid detection.

If you contacted the scammer, reach out to the Computer Help Desk or your department’s IT support person immediately for assistance. If you opened the attachment, update your computer’s antivirus and perform a full scan as a precaution.

If there is no job interview before you’re accepted into the position, or you never get to meet your supposed employer (either in person or by video call) before you start working, that is a very strong sign of a job scam. If any of the following occur, do not proceed!

• You are told to share your UVic or other login credentials–never share those with anyone!
• You are asked to purchase gift cards, then send photographs of them with the PIN revealed. Don’t do this even if you were given a cheque beforehand–that cheque will probably bounce and you’ll lose the money used to purchase the cards.
• You are given a cheque to deposit in your account and told to send part of the amount to someone else. This may be a cheque overpayment scam (the cheque you received would eventually bounce, meaning the money you sent would come from your own funds), or the scammer may be trying to use you as an unwitting money mule to launder money.

---

From: N****** <[redacted]@quadro.net>
Subject: Part-Time job.
Attachment: [Word document icon] UNESCO JOB (1).docx

You don’t often get email from [redacted]@quadro.net. Learn why this is important.

—
Job opportunity information to anyone who might be interested in a paid UNESCO Part-Time job with a weekly pay of $750.00. If interested, kindly contact Cargill on his email address. ([redacted]@outlook.com) with your alternate non-educational email address I.e., Gmail, yahoo, Hotmail etc.) for further details of employment.

N.B, this job is strictly a work from home position.

If you get an unsolicited email that offers to give away something valuable for free and it’s not from someone you know, it’s probably too good to be true. This is very likely to be the case when someone says they are giving away a late family member’s grand piano–emails of that sort are a common scam. Some versions may even attach photos of the supposed piano, but they’re probably stock images or ripped off of somebody else’s listing. If you are told to reply from personal email or a different communication method, that is a red flag as well; scammers do this to move the conversation away from UVic email to avoid detection.

If you reply to indicate you’d like the piano, you’ll be told to contact and pay a “moving company” to ship the piano from out of town, but the moving company will turn out to be fake and you’ll never receive a piano after you’ve paid up. In general, it’s extremely risky to pay a random person or moving company for a piano (or other item of value) sight unseen; the item may not actually exist or not be what you were expecting.

Watch out for versions of the scam that impersonate real people at UVic. If the email was not sent from a UVic email address, or you’re instructed to contact an email address that is not from UVic, you can be certain the email is a scam. If in doubt, don’t reply to the email–to determine the email’s legitimacy, contact the person through another method that you know is safe (e.g.: using the contact information on their directory entry or by asking in person). Sometimes, one name will correspond to a real person at UVic but the other one will not, which is another sign of a scam.

---

From: Paulina Hagerman <s*********8@gmail.com>
Subject: Yamaha baby grand 05/13/2024

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hello,

I’m offering my late husband’s Yamaha Piano to any music enthusiast who may appreciate it. If you or someone you know might be interested in receiving this instrument for free, please feel free to reach out to me.

Warm regards,
Paulina

From: [impersonated UVic employee] <[redacted]@gmail.com>
Subject: Yamaha Piano donation

Attachments: [Three thumbnail images showing a Yamaha baby grand piano from different angles]

Dear Student /Staff/Faculty,
One of our staff, Mr.Stephen Whitehead. is looking to give away his late dad’s piano to a loving new home. The Piano is a 2014 Yamaha Baby Grand size used but still new. Kindly write to him to indicate your interest on his private email( [redacted]@mail.com) to arrange an inspection and delivery with a moving company. Kindly write Mr. Stephen Whitehead via your private email for a swift response.

[impersonated UVic employee]
Assistant to the Dean
https://www.uvic.ca

Similar to the ‘grand piano’ scam, other large items, such as welding tools, are also being offered in recent scams. The common thread among all these offers is this: if you express interest in the item, you are asked to pay for the shipping costs. The scammers’ goal is to get you to send them a payment using non-refundable money orders or gift cards. However, after you pay the shipping cost, you will never receive the item you were expecting.

From: Dr. <real name of a UVic person>  <****@gmail.com>
Sent: Tuesday, May 7, 2024 3:59 AM
Subject: Disposal of welding machine and tools boxs

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Dear Student/Faculty And, One of our staff in University of Victoria , <redacted name> ( Coordinator, Academic Administration) is downsizing and looking to give away her late dad’s Miller 951937 Dynasty 300 TIG Welder w/ TIGRunner Pkg & Wireless Foot Control, With A Complete Set Of Snap On Tools Box And Accessories. If interested in any of the equipment kindly indicate by sending him a mail via your personal email for a swift response. to indicate your interest in any of the listed items contact him on his private email address (****@outlook.com ) to arrange delivery with a moving company.

Sincerely,

Dr. <redacted real name>

MEMBER OF THE BOARD

This phish specifically targets UVic and contains many of the classic red flags:

• The email was sent from someone outside of UVic
• The greeting is impersonal
• The message creates a sense of urgency and threatens you with an adverse impact
• The message contains many grammatical errors
• The signature is generic and doesn’t mention UVic

Hovering over the link without clicking on it (or holding down your finger on it on a mobile device) will reveal that the link goes to a page from a free online form builder. A legitimate UVic login page would not be hosted on an online form builder.

If you entered credentials on the phishing page, change your password immediately and contact the Computer Help Desk or your department’s IT support person.

---

From: [redacted]@h******.se
Subject: University of Victoria_Update

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hello user,

This is the last and final notice or our administrator will disable your access to your email.

Please click here to upgrade your University Of Victoria_Update your account security by completing the required details to avoid the deactivation of your University of Victoria edu account.

A cordial greeting wu,
IT Service Desk (c)2024

Practically this is the same scam that we posted about last time. It was received by many UVic recipients last night. The text is the same as before, the sender is some compromised account at another organization and the subject this time is just “WPF”.  Please do not be curious and do not open the attachments in such scams, do not click links and do not reply to scammers (even for fun!!!). By replying you supply back information that your email exist, you are not on vacation, etc.

 

—

I am sharing job opportunity information to anyone who might be interested in a paid World food programme Part-Time job with a weekly pay of $750.00. If interested, kindly contact Mattias on his email address (***@outlook.com) for details of employment.

N.B, this job is strictly a work from home position.

Job scam offering too good to be true salary for part-time job.

Following post can be referred to look for red flags in this or any job scam:

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/01/29/stmicroelectronics-ltd-looking-for-representative-in-your-area/

Never send your personal information to such scammers, always take the time to look for warning signs in an email. If you replied to this scam, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

Subject:Part-Time job
Sender: Brown Corman <****@quadro.net>
Attachment: WFP Job Description (1).docx

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

—
I am sharing job opportunity information to anyone who might be interested in a paid World food programme Part-Time job with a weekly pay of $750.00. If interested, kindly contact Mattias on his email address.(****@outlook.com) for details of employment.

N.B, this job is strictly a work from home position.

 

 

 

This phish uses scary tactic to get the user to take action to click on the link. The sender email address is external to UVic, subject of the email is very generic, link given (check by hovering over the link) is external to UVic, it has formatting errors, and signature is also very generic. All these are phishing signs.

Another thing of note in this phish is the mention of next steps where you will receive a call and then press 0, whenever such steps are mentioned beware as the phisher will try to further social engineer you into revealing personal information or confidential information (such as MFA info) via phone call.

Always look for red flags in an email before taking an action. Whenever in doubt contact helpdesk.

Subject: Dear user
Sender: uvic.ca <****@quadro.net>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

—
2-step login maintenance is required for your email before April 29th, 2024, to avoid login interruption.

Setup maintenance for 2-step login here [external link]

Note: A notification call will come through your phone, kindly answer the call and then press 0 on your phone to complete your new 2-step login setup.

IT Service Center

Regards,

 

This phish came over the weekend and was sent in massive volume. There is only an attachment and no email body, hence, it is mostly to lure the curious users who want to know more what this email is about. Empty email body is a big red flag as there is no context provided about the email itself and the related attachment. The subject used is pretty generic and it is coming from an external sender. Hence, beware of such phishes, and don’t open attachments from unknown senders or even known senders if you were not expecting it.

Subject: Dear Qualified Student
Sender: Jucélio Ribeiro <****@sinaltech.pt>
Attachment: Federal College Relief.docx

Who wouldn’t like a salary increase, especially when the cost of living continues to be so high? But that’s precisely the feeling that phishers are trying to take advantage of when they create these kinds of phishing emails. Here are some signs that the email is not legitimate:

• Although the message claims to be from payroll@uvic.ca, the sender information shows the email was actually sent from a non-UVic address.
• The message greets you with your email address instead of your name.
• The capitalization of UVic is wrong, there’s a spelling error in the sender name, and the wording of the message is awkward.
• The email creates a sense of urgency to get you to act hastily.
• Hovering over the link shows that it does not go to uvic.ca.

From: HR Deparment | uvic.ca e-Sign <yonet926@********.ne.jp>
Subject: Uvic Employee Salary Increase Approval 2024/25

This message was sent with high importance.

Hi ********@uvic.ca,

HR Department (payroll@uvic.ca) shared a new pdf file “Uvic Employee Salary Increase Approval Letter.pdf”  with you securely for your urgent attention.

VIEW DOCUMENT [phishing link]
1 item, 54.5 KB in total · Expires on 29 March, 2024

Report to uvic
© 2024

This phish is circulating today. It applies the usual tactics of scammers to scare the potential victims that something is wrong and should should act fast.  The sender is external, the link points to an external site designed to look like a UVic login page with the goal to steal your UVic credentials. Please do not be curious and do not click the links because sometimes they may contain malware to infect your computer instantly.

Here is a screenshot and transcription of the phish:

Your University of Victoria account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder. But the record shows you are still active in service and so advised to confirm this request otherwise give us reason to deactivate your account.

Please Verify your UVIC account immediately to avoid Deactivation Click

UVIC<link to external site>

Please note this one-time submission and entry only..

Warm Regards,
Office of the Registrar

Job scams are on the rise and UVic keeps getting newer and newer campaigns of such scams. There has already been a lot of posts in the past about spotting job scams. Here are a few that can be checked out:

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/03/14/your-invitation-to-participate/

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/01/10/work-study-opportunity/

https://onlineacademiccommunity.uvic.ca/phishbowl/2024/01/29/stmicroelectronics-ltd-looking-for-representative-in-your-area/

 

Subject: Research Opportunity Available
Sender: Prof. Cl**** Ca**** <****@gmail.com>

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

University of Victoria, Faculty of Engineering and Computer Science is currently seeking the services of Research Assistants to join the Department of Computer Science under the supervision of Professor **** at the Software Engineering Global Interaction Laboratory for 6 hours weekly.
The primary Research is in the area of Natural Language processing (NLP) where our goal is to develop algorithms and systems that will vastly improve a users ability to find, absorb and extract information from online- text .
The group’s research generally proceeds at two levels; We focus both on building real systems for large-scale natural language processing tasks and on developing techniques to address underlying theoretical problems in the syntactic, semantic and pragmatic analysis of natural language
Responsibilities:
Assist with the design and implementation of research projects on campus
Conduct literature reviews and summarize key findings
Collect and analyze data using appropriate statistical methods
Graduate and Undergraduate students interested in working with Professor **** should submit a copy of their current course schedule and resume for review.

 

Best regards,

[redacted professor name]
Position
Professor
Computer Science
Contact
Office: ****

The tax return season has started, and scammers have begun exploiting this period again. Typically, they try to persuade you to click on a link by pretending that something was wrong with your tax return, or you need to “sign” something, as in today’s example.

Please stay vigilant, do not click on these links. They may contain malware to infect your computer instantly or they might be designed to steal your credentials.

Your request has been processed successfully and is now ready to be signed

Document online <link>

Please view your document securely using the following confirmation code :
050916

Job scammers are continuing to try to take advantage of students looking for extra cash to help pay for tuition, housing and other essentials in these times when the cost of living is so high. Below is yet another job scam that impersonates a real UVic professor.

For more information on job scams and how to spot them, see also these guides from CBC News and TD Bank.

Red flags to watch out for

• The email came from a Gmail address. A real UVic job opportunity should be announced from a UVic email address. Ones that come from a free email provider like Gmail or Outlook are probably scams.
• The pay is too good to be true for a part-time student job that requires no prior experience and is open to anyone.
• The offer implies that there will be no job interview before you get assigned a work schedule. A legitimate job should give you a chance to meet the employer in person or on a video call before you accept an offer. If you are accepted without an interview, the job is very likely to be a scam.
• The email asks you for an alternate email address and cell phone number. Scammers often do this to shift the conversation away from UVic email and evade monitoring.
• The subject line contains punctuation errors.

Common methods that the scammers use to steal money from people who reply

• They ask you to purchase gift cards from a local store and send photos of the cards with the PINs revealed. That gives the scammer the information needed to use the funds on the cards. The scammer either will not reimburse you at all or give you a cheque that will ultimately bounce a few days later.
• They give you a cheque to deposit and tell you to transfer some of the funds to another person and keep the remaining funds (cheque overpayment scam). A few days later, the cheque will bounce, meaning the amount you transferred is gone from your own funds.

If you replied to the scammer, reach out to the Computer Help Desk immediately for assistance.

From: Dr. [redacted] PhD.
Subject: #Your Invitation to participate..

You don’t often get email from dg3******@gmail.com. Learn why this is important.

Hello,

If you may be interested in working as a temporary research aide collecting data remotely and earning $300 weekly, indicate interest by providing the required information below and I will send you a follow-up email detailing your work schedule.

This is an adaptable job that requires no prior experience irrespective of your major discipline.

Full Name:
Cell #:
Alternate email:

Regards,

Dr. [redacted] PhD.
Professor,
Health Information Science
HSD Building, A***
Victoria BC   Canada

Always be wary of unexpected or unsolicited emails that contain attachments as they may contain malware. The vagueness and generic nature of this message should be a red flag and may be a ploy to get you to click on the attachment. Since the message does not address the recipient by name and provides no information about the supposed payment, it’s likely that it was a mass mailout and therefore not a legitimate invoice.

If you’re inclined to think that the attachment should be harmless because SVG is an image format, think again! SVG files can actually contain embedded scripts, meaning they can be laced with malware, which is definitely the case for this sample. If you clicked on this attachment, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.

From: allen.lopez@o******.com
Subject: Payment Confirmation

Attachment: [Generic file icon] RTVBAS05GDBA09.svg (2 KB)

Payment Received, attached is your invoice.

Phish with attached excel file has been circulating this morning. It has different subjects such as “Fwd: Products#<random number> “, “PO# <random number>”, or “Scan#<random number>”

These phishes are being send by many different random senders. Email body is also different but generally mentioning about some payment that needs to be remitted. In any case, the attacker is luring the users to open the attachment so that malware can be installed on the devices.

Please be aware of email attachments and open only the ones you are expecting and being send from a known sender. If still in doubt, always confirm with sender using a known contact information.

Subject: PO# W1834414259
Sender: Mariana Benitez <****@minaretmusings.com>
Attachment: scan-28-02-24_591.xlsx

Dear,
Repairs made to both the tire changer and the balancer. 2024 spec updates for the alignment machine.
Your invoice-RCH224-735 for 2,560.31 is attached. Please remit payment at your earliest convenience.
Thank you for your business – we appreciate it very much.
Please make payable to our company.