{"id":2089,"date":"2024-11-19T15:47:56","date_gmt":"2024-11-19T23:47:56","guid":{"rendered":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/?p=2089"},"modified":"2024-11-20T10:33:26","modified_gmt":"2024-11-20T18:33:26","slug":"16-89-salary-increase-letter-2024-11-19","status":"publish","type":"post","link":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/2024\/11\/19\/16-89-salary-increase-letter-2024-11-19\/","title":{"rendered":"16.89% Salary Increase Letter 2024-11-19"},"content":{"rendered":"<p>This email tricks the user into clicking the link in the attached PDF. The link opens a Google form and requests the user to enter their username, password and Duo code. In this case the attacker is impersonating UVic payroll.<\/p>\n<p>This one has the usual red flags:<\/p>\n<ul>\n<li>Take note of the sender email address, it is not from a UVic account.<\/li>\n<li>The salary increase, if it&#8217;s too good to be true, it usually is. 16.89% is far more than a typical yearly increase.<\/li>\n<li>The password to open the PDF was in the same email.<\/li>\n<li>There are spelling and grammar mistakes, &#8220;here-under&#8221; being a glaring one.<\/li>\n<li>The use of homoglyphs, for example the word &#8220;NOTE&#8221;, have a look at the O in the example below and see if you can spot it.<\/li>\n<\/ul>\n<p>If you clicked on the link reach out to the computer helpdesk or your support.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2090\" aria-describedby=\"phishtranscript\" src=\"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-content\/uploads\/sites\/4983\/2024\/11\/2024-11-19-salary-increase-letter.png\" alt=\"Fake salary increase phishing email\" width=\"781\" height=\"464\" srcset=\"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-content\/uploads\/sites\/4983\/2024\/11\/2024-11-19-salary-increase-letter.png 781w, https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-content\/uploads\/sites\/4983\/2024\/11\/2024-11-19-salary-increase-letter-300x178.png 300w, https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-content\/uploads\/sites\/4983\/2024\/11\/2024-11-19-salary-increase-letter-768x456.png 768w\" sizes=\"auto, (max-width: 781px) 100vw, 781px\" \/><\/p>\n<blockquote id=\"phishtranscript\"><p>Subject: 16.89% Salary Increase Letter 2024-11-19<br \/>\nFrom: University of Victoria &lt;[redacted] @***e.edu<br \/>\nAttachment: PDF with file name UVIC Salary- Audit Nov<\/p>\n<p><small>You don&#8217;t often get email from [redacted]@***e.edu. Learn why this is important<\/small><\/p>\n<p>Dear \u0391ll,<\/p>\n<p>Sequel to l\u03b1st week notific\u03b1tion, find enclosed here-under the letter summ\u03b1rizing your 16.89 percent s\u03b1l\u03b1ry incre\u03b1se starting 2024-11-19<\/p>\n<p>\u0391ll documents are enclosed here-under:<\/p>\n<p>N\u039fTE: Your \u0391ccess is needed to go through the s\u03b1l\u03b1ry increment letter, Initi\u03b1l \u0391ccess is Salary<br \/>\nP\u03b1yroll &amp; Employee Rel\u03b1tions<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>This email tricks the user into clicking the link in the attached PDF. The link opens a Google form and requests the user to enter their username, password and Duo code. In this case the attacker is impersonating UVic payroll. This one has the usual red flags: Take note of the sender email address, it &hellip; <a href=\"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/2024\/11\/19\/16-89-salary-increase-letter-2024-11-19\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">16.89% Salary Increase Letter 2024-11-19<\/span><\/a><\/p>\n","protected":false},"author":19355,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"image","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2089","post","type-post","status-publish","format-image","hentry","category-uncategorized","post_format-post-format-image"],"_links":{"self":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/posts\/2089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/users\/19355"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/comments?post=2089"}],"version-history":[{"count":4,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/posts\/2089\/revisions"}],"predecessor-version":[{"id":2094,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/posts\/2089\/revisions\/2094"}],"wp:attachment":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/media?parent=2089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/categories?post=2089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/tags?post=2089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}