The following emails are phishing attempts that have been reported by the Brown community. We advise that you do the following:
- If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.
- If you received the same email but from a different Brown address than shown, please forward it to us so that we can attend to the new compromise.
- If you received one already posted here, please report it as phishing to the Gmail team (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.
- More about phishing at brown.edu/go/phishing and What to do When You Spot a Phish.
- Please note that the Phish Bowl account is actively monitored during regular business hours and periodically at other times.
(From the Admin: This is a long time and on-going scam, which attacks small, targeted groups of emails. It is also an example of "social engineering", as a dialogue usually is created before the money is sent.)
From: P. Senthil Kumar < senthilngri @yahoo.com >
Sent: Wednesday, December 17, 2014 1:49 AM
To: senthilngri @yahoo.com
Subject: Help please
Hope all is well with you, am out of town I travel to Turkey for a short vacation , I have a little problem here my ATM card didn't work here... I tried about 5 different ATM booths no money was dispensed. am stranded here I don't have any money with me. I need you to wire me 20 00 Euro or whatever amount if not all via western Union I'll refund back your money immediately I get back next week.
Let me know if you can help me out.
Hope to hear from you soon
From: Gmail Account < emma_murray @brown.edu >
Date: Tuesday, December 23, 2014
Subject: Your account will be SHUTDOWN
Your email account *********@gmail.com is due for upgrade!
Upgrade Your Account
You are required to validate your details within 24 hours of this notice and we'll help you take corrective actions.
You are receiving this notification for every newly generated Google Account Activity Report. Change reminder settings
Though this particular phishing email has not been spotted here at Brown, it is mentioned here because it has made the rounds at other universities. A typical email would include content such as:
This letter is to confirm our decision to our staffs
that some of us has been terminated in duties as a result of
going against the ethics and standard of the institution
according to the information's gathered over time, we advise
all the affected to please bear with us, these listed staffs
are relief of their duties until further clarifications.
Should in case you identify your full names, department,
email, appointment date/title, current position, ID
number/phone number. Please await our next mail for further
required procedures. Please find the attached and download to
Thank you and best regards.
<signature line with name and office of the institution's president>
An alert for a similar email has been posted on the Virginia Commonwealth University website. How many things can you find suspicious about either one?
From: ken roberts < kennethjamesroberts @gmail.com >
Date: Thu, Dec 11, 2014 at 11:25 AM
Subject: You have important pdf document to view!!!!!
Please find attached document i uploaded through Google Docs Share Application.
for additional security Log in with your email account to view it.
View slide show (3)
Download all as zip
From: ADMINISTRATION < sschnekenburger @mail.csuchico.edu >
Date: Mon, Dec 8, 2014 at 8:29 AM
Subject: Account User
Your mailbox can no longer send messages. Please reduce your mailbox size. By Automatically clicking on Mailbox Quota. and fill out the necessary mailbox requirement to increase your mailbox Quota size.
IMPORTANT NOTE: You won't be able to receive mail messages at 480MB.
ITS help desk
This is an example of a targeted social engineering scam, attempting to establish a relationship and garner trust, now in circulation at Brown. Many often lead to check scams. What would make you suspicious of it?
From: Jerry Ladd < ladd02.jerry @gmail.com >
Sent: Tuesday, December 09, 2014 7:29 AM
Subject: Earth science Tutor Needed ....
How are you this weekend ? I'm pleased to write to you today as I was
directed to you from the earth science department in your school .. I
have a 20 years old boy who is about to resume for his 2nd year in
Durham University here in England but he will be coming over for the
Christmas and new year break any time soon .... I'd like a professor ,
lecturer or a teaching assistant who will tutor him the basics of the
following earth science subjects, Structural Geology and Tectonics,
Sedimentary Environments, Igneous and Metamorphic Geochemistry ... I
hope to get a positive response as soon as possible so we can conclude
this arrangement ... Thanks and God bless. Regards!
Two recent sightings demonstrate a good indicator of a phishing email. Both have a scary bar enblazoned above the content of the message. Don't be intimidated! And don't fall for it. See if you can find other clues that the emails are phony. See the post OUR FINAL ACCOUNT NOTICE!!! for another recent example.
ISG has received inquiries about the authenticity of an email sent out earlier this afternoon. This is a legitimate reminder to complete the service quality survey. The email begins as follows:
From: < BrownUniversity @executiveboard.com >
Date: Mon, Dec 1, 2014 at 1:28 PM
Subject: Brown University 2014 Service Quality Survey Reminder
To: xxxxx @brown.edu
Although we have received a number of completed surveys, we are writing to request the participation of those who have not yet completed the survey. This is a reminder that the deadline to complete the survey is Wednesday, December 10th.
You can access the survey site in two ways:
Phishing emails to, from or about the "Help Desk" are common and continue to pop up. Here are a few recent ones:
From: Akers, Ronald (VDOT) <Ronald.Akers@vdot.virginia.gov>
Date: Thu, Dec 4, 2014 at 9:27 AM
Please we are expanding and upgrading all employee mailbox immediately. Please CLICK HERE and fill the form completely. click submit for validation. this is urgent.
Admin Help Desk
From: Fiona Watson < Fiona.Watson @scotent.co.uk >
Sent: Friday, November 28, 2014 4:37 PM
To: Fiona Watson < Fiona.Watson @scotent.co.uk >
Subject: Help Desk
DEAR WEMAIL USER'S
Your Password EXPIRES in 4Hours. Please CLICK HERE for activation otherwise your account will be inactive. The New Webmail provides better conversation view and experience.
(c)2014. All Rights Reserved
From: Kevin Willcox <Kevin.Willcox@crestnicholson.com>
Date: Fri, Nov 28, 2014 at 5:53 AM
Subject: Help Desk
To: "email@example.com" <firstname.lastname@example.org>
Your password will expire in two days, help us protect your account Click Here
From: Stephens, Rick <email@example.com>
Date: Tue, Nov 25, 2014 at 9:27 AM
Subject: Helpdesk Support
Your email has exceeded storage limit as created. You will no longer be able to send or receive messages. To reactivate, Click the link and complete required information; CLICK HERE
Account must be reactivated today in order to regenerate new space.