Images

Sometimes an email will look like it came from a legitimate sender, but in reality the sender email was faked. This is called email spoofing, and the phish below gives a good example of that. Here, the phisher spoofed distributions@grants.gov, but a close look at the mail headers revealed that it did not come from grants.gov and replies to the message would actually be sent to a different, very suspicious-looking address.

This carefully-crafted spear phish for the most part looks like it could have been written by Jamie Cassels–but of course it wasn’t. One of my colleagues found that the phisher actually copied much of the wording from an April 22 open letter from the president of McMaster University.

If you recall opening the attached PDF, please contact your departmental support staff or the Computer Help Desk as soon as possible.

The CRA has a reference page on how to recognize scams here: https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html

This con is a pure social engineering relying on fear alone and not utilizing any technical means or knowledge.

• Do not click on the links of videos etc.
• Do not respond to these emails. You can safely delete them.

   
   

This phish mentions phishing to trick you into thinking it’s a legitimate email.

However, it goes to a URL that is clearly not a Microsoft site.  Notice how the word “Password” has been changed to use special characters to avoid detection by automatic scanners.

The UVic email system did not add the “From a trusted sender” banner. The phisher added this fake banner to make the message look legitimate.