Targeted "Reply Chain" Phishing Attacks

December 23, 2022
Aerial view of staff in shared office space

We are seeing an increase in phishing and fraudulent emails at UBC. These campaigns are very sophisticated with the end goal likely to enable ransomware attacks.

We all must work diligently to keep ourselves, and the information we work with, secure.

UBC is a High-Value Target

If a UBC email account has previously been breached, attackers can successfully insert themselves into the middle of an actual email conversation to convince you that they work for UBC. Users are often asked to download files and encouraged to open links. When clicked, a website appears asking the user to download an application that would ultimately allow remote control of their computer, very likely with a ransomware file.

Any such attempt should not be acted upon and must be immediately reported to the UBC Cybersecurity team at security@ubc.ca.

Keep These Reminders Handy and Share Them with Your Team

  • Watch for the [CAUTION: Non-UBC Email] banner at the top of emails; an email from a UBC colleague will never have the External Email banner applied.
  • Read emails carefully; is the email in the context of the conversation? Is it written in the same style that you would expect from the sender? Are there typos or misspellings that seem odd? 
  • Don’t open attachments or click on links that you aren’t expecting, ESPECIALLY if they require a password to open 
  • If in doubt, always forward the email as an attachment to security@ubc.ca and the team can verify the safety of the email before you open it. This will cause you minimal delay and the team are happy to do this
  • If you think you have clicked on a potentially malicious link then contact security@ubc.ca immediately and reset your CWL password

Go Further...


  • Security Bulletin

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning