The link in this spear phish may look like a UVic site, but if you hover over it you will discover that it actually goes to some other site that isn’t affiliated with UVic. Do not click on that link–if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.
Scammers use multiple tactics to avoid detection. In this example, a likely gift card scam attempted to pivot to using SMS (text messaging) by asking for a staff member’s personal cell phone number. If successful, it would move the conversation with the scammer away from email systems to avoid detection of the conversation, and may have resulted in disclosing of a personal phone number to a scammer.
Signs this might be a scammer include a fake external email address, the urgency of the subject line, and the request for a personal number. The email warning banner at the top also indicates it didn’t originate from a UVic email address.
Someone who sent their cell phone number might have received a text message conversation starting out like this:
To see what a typical gift card scam email conversation might look like, check out a recent CISO Blog story detailing an interaction with a President Jamie Cassels impersonator.
The phishing link in this message goes to a fake OWA page that is actually a Weebly site. If you clicked on this link, please contact your department’s IT support staff or the Computer Help Desk immediately.
The message in French at the end basically says the message was automatically scanned by an email virus scanner. This was probably added by the phisher in an attempt to make the email look safe. For this reason, notes about antivirus scanning at the end of an email should not interpreted as a sign that the email is actually legitimate or trustworthy.
This phish was received by UVic users today. It tries to persuade the victim there was a “configuration error” and as a result some mails could not be delivered. The goal is the same – to make you click on a malicious link which opens a fake OWA page in order to steal your credentials. Please do not click on the link.
The email and the fake OWA page are shown in the next screenshots:
————————————————————–
This phish used a spoofed sender of postmaster@uvic.ca or postmaster@local.uvic.ca, but originated from an external source and is definitely not legitimate. Also note the “trusted source” banner–this was not added by our mail system, but by the phisher to make the message look legitimate.
Do not click on the links in this email; if you did, please contact your department’s IT support staff or the Computer Help Desk immediately.
This type of resume/job application phish is nothing new, but what is somewhat more unusual is the fact that the phisher has made a slight (though not very good) attempt to target UVic. They even tried to address the recipient personally, but in this case they actually got their first name wrong. But what hasn’t changed is the nastiness of the attachment–do not open it as it will contain malware!
Another version of the popular phish that claims some of your email messages were blocked and you needed to click on that link in order to “unblock” them is circulating around.
The sender is clearly non-UVic. Please do not be curious and do not click on such links even just for a quick peek. They may contain malicious load. The email looks like this:
=================================================================
and the page looks like this:
No doubt you’ve all seen a classic advance fee scam. A stranger emails you asking for assistance in transferring a large amount of wealth that they say they own but can’t access, offering you a cut of it in return. Most of the time, these scams are sent en masse and not targeted to the recipient.
However, a bunch of UVic employees recently received a more targeted variant of this scam where the writer poses as someone wanting to come to UVic:
Those who reply will receive a lengthy letter back. For brevity’s sake I won’t post the whole thing, but here’s the part that makes it clear that this is just another advance fee scam. Note: you can right-click on the image and choose to open it in a new tab or window to view it at full size if the font is too small for your liking.
For more information about work from home scams, see this news article: https://toronto.ctvnews.ca/better-business-bureau-warning-about-these-work-at-home-scams-1.5000409
Note how this spear phish spoofed a UVic email address. While it might look like it came from UVic, it actually came from an external third-party. The link is not a uvic.ca site either, so don’t click on it. If you did, contact your department’s IT support staff immediately.
This spear phishing email pretends to be a notification for the legitimate webmail.uvic.ca service, but hovering over that link reveals that it does not go to a UVic site. Do not go to that site–if you did click on the link, please contact your department’s IT support staff immediately.
