Phish Bowl

The following emails are phishing attempts that have been reported by the Brown community. We advise that you do the following:

  • If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.
  • If you received the same email but from a different Brown address than shown, please forward it to us so that we can attend to the new compromise.
  • If you received one already posted here, please report it as phishing to the Gmail team (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.
  • More about phishing at brown.edu/go/phishing and What to do When You Spot a Phish.
  • Please note that the Phish Bowl account is actively monitored during regular business hours and periodically at other times.
Phishing Alert
Dec 23, 2014 - 10:18 am

(From the Admin: This is a long time and on-going scam, which attacks small, targeted groups of emails. It is also an example of "social engineering", as a dialogue usually is created before the money is sent.)

From: P. Senthil Kumar < senthilngri @yahoo.com >
Sent: Wednesday, December 17, 2014 1:49 AM
To: senthilngri @yahoo.com
Subject: Help please

Hope all is well with you, am out of town I travel to Turkey for a short vacation , I have a little problem here my ATM card didn't work here... I tried about 5 different ATM booths no money was dispensed. am stranded here I don't have any money with me. I need you to wire me 20 00 Euro or whatever amount if not all via western Union I'll refund back your money immediately I get back next week.
Let me know if you can help me out.
Hope to hear from you soon

Thanks,
Senthil

Phishing Alert
Dec 23, 2014 - 10:16 am

From: Gmail Account < emma_murray @brown.edu >
Date: Tuesday, December 23, 2014
Subject: Your account will be SHUTDOWN
To:

Gmail icon
Google
Your email account *********@gmail.com is due for upgrade!

Upgrade Your Account

You are required to validate your details within 24 hours of this notice and we'll help you take corrective actions.

© 2014 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy | Terms of Service
You are receiving this notification for every newly generated Google Account Activity Report. Change reminder settings 

Phishing Alert
Dec 17, 2014 - 4:12 pm

Though this particular phishing email has not been spotted here at Brown, it is mentioned here because it has made the rounds at other universities. A typical email would include content such as:

Dear _______,

This letter is to confirm our decision  to our staffs
that some of us has been terminated in duties as a result of
going against the ethics and standard of the institution
according to the information's gathered over time, we advise
all the affected to  please bear with us, these listed staffs
are relief of their duties until further clarifications.
Should in case you identify your full names, department,
email, appointment date/title,  current position, ID
number/phone number. Please await our next mail for further
required procedures. Please find the attached and download to
view list.

Thank you and best regards.

<signature line with name and office of the institution's president>

An alert for a similar email has been posted on the Virginia Commonwealth University website. How many things can you find suspicious about either one?

Phishing Alert
Dec 12, 2014 - 3:00 pm

From: ken roberts < kennethjamesroberts @gmail.com >
Date: Thu, Dec 11, 2014 at 11:25 AM
Subject: You have important pdf document to view!!!!!
To:

Please find attached document i uploaded through Google Docs Share Application.
for additional security Log in with your email account to view it.

View Document»

Important Doc.PDF
Memo.PDF
Payment info.PDF

View slide show (3)
Download all as zip

Regards,
--
Ken Roberts
1-917/812-2596 

Phishing Alert
Dec 12, 2014 - 2:57 pm

From: ADMINISTRATION < sschnekenburger @mail.csuchico.edu >
Date: Mon, Dec 8, 2014 at 8:29 AM
Subject: Account User
To:

Your mailbox can no longer send messages. Please reduce your mailbox size. By Automatically clicking on Mailbox Quota. and fill out the necessary mailbox requirement to increase your mailbox Quota size.
IMPORTANT NOTE: You won't be able to receive mail messages at 480MB.
ITS help desk
ADMIN TEAM 

Phishing Alert
Dec 9, 2014 - 10:36 am

This is an example of a targeted social engineering scam, attempting to establish a relationship and garner trust, now in circulation at Brown. Many often lead to check scams. What would make you suspicious of it?

 


From: Jerry Ladd < ladd02.jerry @gmail.com >
Sent: Tuesday, December 09, 2014 7:29 AM
To: undisclosed-recipients:
Subject: Earth science Tutor Needed ....

 

--
Hello,

How are you this weekend ? I'm pleased to write to you today as I was
directed to you from the earth science department in your school .. I
have a 20 years old boy who is about to resume for his 2nd year in
Durham University here in England but he will be coming over for the
Christmas and new year break any time soon .... I'd like a professor ,
lecturer or a teaching assistant who will tutor him the basics of the
following earth science subjects, Structural Geology and Tectonics,
Sedimentary Environments, Igneous and Metamorphic Geochemistry ... I
hope to get a positive response as soon as possible so we can conclude
this arrangement ... Thanks and God bless. Regards!

Jerry Lad 

Phishing Alert
Dec 2, 2014 - 2:29 pm

Two recent sightings demonstrate a good indicator of a phishing email. Both have a scary bar enblazoned above the content of the message. Don't be intimidated! And don't fall for it. See if you can find other clues that the emails are phony. See the post OUR FINAL ACCOUNT NOTICE!!! for another recent example.



Phishing Alert
Dec 1, 2014 - 3:09 pm

ISG has received inquiries about the authenticity of an email sent out earlier this afternoon. This is a legitimate reminder to complete the service quality survey. The email begins as follows:

From: < BrownUniversity @executiveboard.com >
Date: Mon, Dec 1, 2014 at 1:28 PM
Subject: Brown University 2014 Service Quality Survey Reminder
To: xxxxx @brown.edu

Dear Colleagues,

Although we have received a number of completed surveys, we are writing to request the participation of those who have not yet completed the survey. This is a reminder that the deadline to complete the survey is Wednesday, December 10th.

You can access the survey site in two ways:

Phishing Alert
Dec 1, 2014 - 10:01 am

Phishing emails to, from or about the "Help Desk" are common and continue to pop up. Here are a few recent ones:


From: Akers, Ronald (VDOT) <Ronald.Akers@vdot.virginia.gov>
Date: Thu, Dec 4, 2014 at 9:27 AM
Subject: helpdesk
To:

Please we are expanding and upgrading all employee mailbox immediately. Please CLICK HERE and fill the form completely. click submit for validation. this is urgent.
Admin Help Desk


From: Fiona Watson < Fiona.Watson @scotent.co.uk >
Sent: Friday, November 28, 2014 4:37 PM
To: Fiona Watson < Fiona.Watson @scotent.co.uk >
Subject: Help Desk

DEAR WEMAIL USER'S
Your Password EXPIRES in 4Hours. Please CLICK HERE for activation otherwise your account will be inactive. The New Webmail provides better conversation view and experience.

Thank you.
Help Desk
(c)2014. All Rights Reserved


From: Kevin Willcox <Kevin.Willcox@crestnicholson.com>
Date: Fri, Nov 28, 2014 at 5:53 AM
Subject: Help Desk
To: "help@admin.edu" <help@admin.edu>

Your password will expire in two days, help us protect your account Click Here

IT-service Desk
System Administrator

www.crestnicholson.com


From: Stephens, Rick <rstephen@commscope.com>
Date: Tue, Nov 25, 2014 at 9:27 AM
Subject: Helpdesk Support
To:
 
Your email has exceeded storage limit as created. You will no longer be able to send  or receive messages. To reactivate, Click the link and complete required information; CLICK HERE
Account must be reactivated today in order to regenerate new space.
Helpdesk Support

Phishing Alert
Nov 26, 2014 - 2:56 pm