Images

… but it’s June…!

This one tries to fool recipients by saying “Message from Trusted server”.  It also tries to appear legitimate by making the URL displayed look like a valid UVic Outook Web Access URL (mail.uvic.ca), but the real link goes to a malicious web page sporting a fake OWA login page.1

This phish tries to get the recipient to send their credentials by email rather than using a link to a phishing website.

Remember: legitimate UVic communications will never ask you to email your password. Passwords should never be sent via email since it is not a secure method of communicating or storing them.

This email pretends to provide “additional security” to trick the user to enter their credentials. Clearly the sender is not the UVic Helpdesk, it is an external sender.

Also the link points to an external site:

Please report similar phish by using the phish button. Do not click on the links.

This phish tries to trick the user into thinking they broke the law or violated policy:

It redirects to a phish page complete with UVic Edge branding, logos, and terminology.  While it looks pretty and official, it’s certainly phishing.

Once you enter your NetLink ID and password, it presents you with a nice Thank You page:

Sometimes an email will look like it came from a legitimate sender, but in reality the sender email was faked. This is called email spoofing, and the phish below gives a good example of that. Here, the phisher spoofed distributions@grants.gov, but a close look at the mail headers revealed that it did not come from grants.gov and replies to the message would actually be sent to a different, very suspicious-looking address.

This carefully-crafted spear phish for the most part looks like it could have been written by Jamie Cassels–but of course it wasn’t. One of my colleagues found that the phisher actually copied much of the wording from an April 22 open letter from the president of McMaster University.

If you recall opening the attached PDF, please contact your departmental support staff or the Computer Help Desk as soon as possible.

The CRA has a reference page on how to recognize scams here: https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html

This con is a pure social engineering relying on fear alone and not utilizing any technical means or knowledge.

• Do not click on the links of videos etc.
• Do not respond to these emails. You can safely delete them.

   
   

This phish mentions phishing to trick you into thinking it’s a legitimate email.

However, it goes to a URL that is clearly not a Microsoft site.  Notice how the word “Password” has been changed to use special characters to avoid detection by automatic scanners.