Images

No doubt you’ve all seen a classic advance fee scam. A stranger emails you asking for assistance in transferring a large amount of wealth that they say they own but can’t access, offering you a cut of it in return. Most of the time, these scams are sent en masse and not targeted to the recipient.

However, a bunch of UVic employees recently received a more targeted variant of this scam where the writer poses as someone wanting to come to UVic:

Those who reply will receive a lengthy letter back. For brevity’s sake I won’t post the whole thing, but here’s the part that makes it clear that this is just another advance fee scam. Note: you can right-click on the image and choose to open it in a new tab or window to view it at full size if the font is too small for your liking.

For more information about work from home scams, see this news article: https://toronto.ctvnews.ca/better-business-bureau-warning-about-these-work-at-home-scams-1.5000409

Note how this spear phish spoofed a UVic email address. While it might look like it came from UVic, it actually came from an external third-party. The link is not a uvic.ca site either, so don’t click on it. If you did, contact your department’s IT support staff immediately.

This spear phishing email pretends to be a notification for the legitimate webmail.uvic.ca service, but hovering over that link reveals that it does not go to a UVic site. Do not go to that site–if you did click on the link, please contact your department’s IT support staff immediately.

An employee of a local vendor had their email address compromised and used to send phishing emails. Notice the part that looks like a file attachment–it actually is a link to a malicious file on OneDrive.

If you receive emails that appear to come from someone you know but don’t quite look right, don’t reply and don’t click on the links. Instead, contact them via a phone number that you already have and know is safe. Also inform your department’s IT support staff and report the phish to the Information Security Office so that we can follow up as necessary.

This phish tries to persuade the victim to “activate their anti-spam” by clicking on a link. Both the link and the sender are clearly not UVic addresses. Nevertheless the email is signed “University of Victoria” and the page contains the UVic logo.

As usual the goal is to steal your credentials. Do not click on the link!

 

---

 

Many UVic users received this phish today. It claims that “Microsoft Verification is required” and supposedly comes from “support service”.  However the sender is clearly not a UVic address. The body of the message looks like this:
Please do not be curious and do not click on the link.  The goal is to steal your UVic credentials (fake Outlook Web App page is shown below). Besides stealing credentials, these pages may contain malware which is why even opening the page is not a good idea.

This is another phish that tries to persuade the victim something was wrong with their email account. They are supposed to click a link to “release” quarantined messages. Note that UVic does not have such a practice.

---

---

The sender is forged to seem internal, but the links are clearly external.
Please do not be curious and do not click. The links lead to a fake Outlook Web App page that’s designed to steal your credentials:

---

Many users received this “verify your account” phish today.

 

---

Please don’t be curious and do not click on the link!  It leads to a fake OWA page pretending to belong to UVic and designed to steal your passphrase:

---

This phish tries to persuade the user there was a problem with their emails and they need to act immediately in order not to loose the unsent emails.
The sender is clearly external.
Do not click on the link. It leads to a fake OWA page that pretends to belong to UVic and is designed to steal your credentials. See below the screenshots of the email and the fake Outlook Web App page

 

 

This is another phish that tries to persuade the victim to “update their account”.
The message looks like this:

Please do not be curious and do not click the link if you get this phish.
It leads to a page that’s designed to stole your credentials.
One can clearly see in the address bar that it is not hosted at UVic:

This payroll scam email resembles many we’ve seen the past. Note the non-UVic sender.

The link goes to a Fake OWA page that does not resemble any of our UVic services.

This has nothing to do with UVic. You’ll notice the godaddysite domain in the address bar.

Ignore and delete this email.

The phish tries to persuade the victim that their email was blocked and they need to click the button in order to “restore access”.

After clicking a fake OWA page opens with the intent to steal the victim’s UVic password.  The fake OWA (Outlook Web App) page is in fact hosted on a Russian server (see the address bar).

Do not click on the “restore access” in that email!

Today a number of UVic recipients received an impersonation email supposedly from the president Jamie Cassels.
The email looked like this:
This is a typical start of a gift card scam. We wrote about those back in November:
https://www.uvic.ca/systems/status/notices/current/gift-card-scam_nov2019.php

and later on the topic was covered with more detail by our Chief Information Security Officer:

From the archives: An email exchange with the President (not really)

Please do not respond to impersonating emails (even for fun) and report them by using the “phish” button.

This phish pretends to be sending financial statements for 2020 (misspelled in the subject as “satement”). The email body looks like this:
The actual attachment is a html file which redirects the victim to a UVic like OWA page:
with the intention to steal your credentials. That page is clearly external – look at the address bar in the screenshot.