Phish Bowl

The following emails are phishing attempts that have been reported by the Brown community. We advise that you do the following:

  • If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.
  • If you received the same email but from a different Brown address than shown, please forward it to us so that we can attend to the new compromise.
  • If you received one already posted here, please report it as phishing to the Gmail team (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.
  • More about phishing at brown.edu/go/phishing and What to do When You Spot a Phish.
  • Please note that the Phish Bowl account is actively monitored during regular business hours and periodically at other times.
Phishing Alert
Oct 24, 2014 - 2:08 pm

We've provided three clues as to why this is a phishing email. Can you spot others?

Phishing Alert
Oct 15, 2014 - 8:10 pm

From: "TAYLOR, Gary (Atlanta)"< gary.taylor @exide.com >
Date: Oct 15, 2014 8:17 AM
Subject: IT HelpDesk
To:
Cc:

Your account safety is our top priority.

Recently, we have detected some unusual activity on your account and as a result, all email users are urged to update their email account within 24 hours of receiving this e-mail, using the

Please, click Validate email account to confirm that your email account is up to date with the institution requirement.

Do not ignore this message to avoid termination of your mail account. Our apologies for any inconvenience this may have caused, but your account safety and privacy is very important to us.

Thanks for your Co-Operation.
IT HelpDesk
ADMIN TEAM

©Copyright 2014 Microsoft
All Right Reserved. 

Phishing Alert
Oct 9, 2014 - 11:41 am

There have been multiple reports of this phishing email, with slight differences in the details of each order.

OrderInfoOrderInfo

Phishing Alert
Oct 8, 2014 - 8:46 am

From: Painter, Joan < JPainter @tustin.k12.ca.us >
Date: Wed, Oct 8, 2014 at 8:09 AM
Subject: RE: Your password
To: "Painter, Joan"

Dear User‏‏

Your password will expire in 3 Days Click on Staff and Faculty staff and faculty to validate your e-mail.

ITS help desk
ADMIN TEAM 

Phishing Alert
Oct 7, 2014 - 11:02 am

From: IRS.gov < xxxx@brown.edu >
Date: Tue, Oct 7, 2014 at 10:52 AM
Subject: Enter the following information as it appears on your 2013 Federal Income Tax Return Required fields*
To:

Internal Revenue Service.
you are to update your IRS e-file immediately, To Update - < Click Here >

IRS e-file. Since 1990 

Phishing Alert
Oct 2, 2014 - 3:41 pm

The following is more like spam than phishing, but due to receiving multiple reports, it has been included in the Phish Bowl. Should you received this or something similar, mark it as spam to alert Google.


From: Полина Толстая < pollytolstaya @gmail.com >
Date: Thu, Oct 2, 2014 at 3:26 PM
Subject: Lecture on US - Russia relations, or Lecture in Moscow
To: <  multiple addresses >@brown.edu

Dear Dr. < multiple recipients >,

I am writing to see if you would be interested in presenting an online guest lecture at the National Research Nuclear University in Moscow (NRNU) during the 2014 fall semester.

The subject of the lecture is up to you but it would be great if it has some connection to the US - Russia relations and/or cooperation in some areas but it is not mandatory.

The language is English and the East Coast time is 8.15 - 9.30 AM (4.15 - 5.30 PM Moscow time) plus Q & A.

This project is sponsored by NRNU and American University in Moscow and is a part of the effort to build direct contacts between U.S. and Russian universities, their faculty and students to facilitate the exchange of ideas which would allow better understanding between our societies. At some point it would be good to involve U.S. students as well.

Please let us know if you have any questions or need additional information.

Thank you very much for your consideration and we are looking forward to hearing from you.

Sincerely,
Polina Tolstaya
Project Coordinator for
NRNU and American University in Moscow

Phishing Alert
Oct 1, 2014 - 11:41 am

​From: Xxxx, Xxxx < ​xxxx @brown.edu >
Date: Sun, Sep 28, 2014 at 11:07 AM
Subject: CONFIDENTIAL DOCUMENT
To:

Please see attachment for your secure document
you have received a secure File.
Document Document-004
Google Drive: create, share, and keep all your stuff in one place. 

Phishing Alert
Oct 1, 2014 - 9:24 am

From: BROWN.EDU < conlan_orino @brown.edu >
Date: Wed, Oct 1, 2014 at 9:11 AM
Subject: WEBMASTER
To:

Re-Validate- < Click Here>>

NOTE: That Failure to comply may result in the loss of your account within the next 24 hours.

Signed By Webmaster.

Phishing Alert
Sep 30, 2014 - 10:36 am

---------- Forwarded message ----------
From: BROWN.EDU@irs.gov or IRS.gov  < from various Brown addresses >
Date: Tue, Oct 7, 2014 at 10:12 AM
Subject: Tax Revenue Record
To:

Your Revenue Record Shows You Are Still Yet To Validate.

Update your IRS E-file immediately, click here to - < Update >
For your protection, this link would expire in six hours

Phishing Alert
Sep 29, 2014 - 1:42 pm

In addition to phishing emails, ISG has been hearing reports of scams coming via the telephone (sometimes called "vishing" for voice phishing). The most common scams are Microsoft support and printer-related.

Another reported phone scam asks for your email address to send you information. A phone number for this caller, 208-231-1644, has been reported by others across the country, as documented in these entries from 800notes.com.

Microsoft Support Scam:
A common scenario is an intended victim getting a phone call, often from someone with a heavy accent, who claims to be from "Microsoft tech support." The person is calling to alert the victim that their computer has been hacked and offers assistance to recover the computer. When pressed for details, the caller is vague, will repeat sentences from a prepared script, and if pushed hard enough will just hang up. For those with caller ID, the call usually appears as an "unknown number."

Microsoft is aware of this scam and posted this article with background and safety tips about them: www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx. They recently added this article: blogs.microsoft.com/cybertrust/2014/09/18/how-to-report-the-microsoft-phone-scam/. Mac users are not immune as they may be called as well (last year there was an article about targeted Mac users).

ISG reminds your that Microsoft would not call you directly.

More information:
http://www.consumer.ftc.gov/blog/ftc-combats-tech-support-scams
http://www.consumer.ftc.gov/blog/tech-support-scams-part-2
http://www.consumer.ftc.gov/articles/0076-phone-scams

HP Printer Scam:
A typical scam begins with a phone call from someone identifying themselves as being an individual on campus requesting printer model numbers or offering toner for printers or copiers. The caller usually is checking for some level of trust (will the person provide the model number), looking for victims. For some who fall for this, toner is then shipped to the individual who is charged at prices up to three times the typical amount. The caller may also be seeking a printer's IP address, which could provide the scammer with remote access to the printer.

ISG suggests that you use caution when giving information over the phone, especially in situations when the supposed vendor makes the contact. If you receive a call like this, you should end it without providing any printer details. If you did provide printer information over the phone, please let ISG know.

For details on Brown's Office Equipment Program and its toner order directions, see: www.brown.edu/Facilities/Graphic_Services/services/svcs_copier_toner.html.

More information:
http://www.snopes.com/crime/fraud/supplies.asp
http://www.techrepublic.com/article/teach-your-users-to-recognize-the-phoner-toner-scam/
http://www.consumer.ftc.gov/articles/0181-unordered-merchandise

Variation:
Fake Scanner Emails Infect Office Computers with Malware (8/21/2013)