Targeted Phishing Attack Underway - "Reply Chain"

Targeted Phishing Attack Underway - "Reply Chain"

December 23, 2022

We are seeing an increase in phishing and fraudulent emails at UBC. This latest campaign is very sophisticated with the end goal likely to enable ransomware attacks.

It is important that we all work diligently to keep ourselves, and the information we work with, secure. UBC is a high-value target and is constantly under attack.

For this particular incident, please note that the attackers are sophisticated, and we would like to advise you of some specifics about the phishing attempt.

If a UBC email account has previously been breached, attackers can successfully insert themselves into the middle of an actual email conversation to convince you that they work for UBC. The user is presented with a PDF email attachment, which opens to a page that mimics “MS Teams OneDrive”. The user is then asked to download files and encouraged to open another link. When clicked, a website appears asking the user to download an application that would ultimately allow remote control of their computer, very likely with a ransomware file.

Any such attempt should not be acted upon and must be immediately reported to the UBC Cybersecurity team at


Please keep these cybersecurity reminders handy at all times and share them with your team: 

Beware of Phishing

  • Watch for the [CAUTION: Non-UBC Email] banner at the top of emails; an email from a UBC colleague will never have the External Email banner applied.
  • Read emails carefully; is the email in the context of the conversation? Is it written in the same style that you would expect from the sender? Are there typos or misspellings that seem odd? 
  • Don’t open attachments or click on links that you aren’t expecting, ESPECIALLY if they require a password to open 
  • If in doubt, always forward the email as an attachment to and the team can verify the safety of the email before you open it. This will cause you minimal delay and the team are happy to do this
  • If you think you have clicked on a potentially malicious link then contact immediately and reset your CWL password
  • Learn more

For more cybersecurity tips: