Phish Bowl

The following emails are phishing attempts that have been reported by the Brown community. We advise that you do the following:

  • If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.
  • If you received the same email but from a different Brown address than shown, please forward it to us so that we can attend to the new compromise.
  • If you received one already posted here, please report it as phishing to the Gmail team (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.
  • More about phishing at brown.edu/go/phishing and What to do When You Spot a Phish.
  • Please note that the Phish Bowl account is actively monitored during regular business hours and periodically at other times.
Phishing Alert
Sep 30, 2014 - 10:36 am

---------- Forwarded message ----------
From: BROWN.EDU@irs.gov < illas-nikiforos_pasidis; gregory_ellner and melodi_dincer  @brown.edu >
Date: Tue, Sep 30, 2014 at 10:24 AM
Subject: Tax Revenue Record
To:

Your Revenue Record Shows You Are Still Yet To Validate.

Update your IRS E-file immediately, click here to - < Update >
For your protection, this link would expire in six hours 

Phishing Alert
Sep 29, 2014 - 1:42 pm

In addition to phishing emails, ISG has been hearing reports of scams coming via the telephone (sometimes called "vishing" for voice phishing). The most common scams are Microsoft support and printer-related.

Another reported phone scam asks for your email address to send you information. A phone number for this caller, 208-231-1644, has been reported by others across the country, as documented in these entries from 800notes.com.

Microsoft Support Scam:
A common scenario is an intended victim getting a phone call, often from someone with a heavy accent, who claims to be from "Microsoft tech support." The person is calling to alert the victim that their computer has been hacked and offers assistance to recover the computer. When pressed for details, the caller is vague, will repeat sentences from a prepared script, and if pushed hard enough will just hang up. For those with caller ID, the call usually appears as an "unknown number."

Microsoft is aware of this scam and posted this article with background and safety tips about them: www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx. They recently added this article: blogs.microsoft.com/cybertrust/2014/09/18/how-to-report-the-microsoft-phone-scam/. Mac users are not immune as they may be called as well (last year there was an article about targeted Mac users).

ISG reminds your that Microsoft would not call you directly.

More information:
http://www.consumer.ftc.gov/blog/ftc-combats-tech-support-scams
http://www.consumer.ftc.gov/blog/tech-support-scams-part-2
http://www.consumer.ftc.gov/articles/0076-phone-scams

HP Printer Scam:
A typical scam begins with a phone call from someone identifying themselves as being an individual on campus requesting printer model numbers or offering toner for printers or copiers. The caller usually is checking for some level of trust (will the person provide the model number), looking for victims. For some who fall for this, toner is then shipped to the individual who is charged at prices up to three times the typical amount. The caller may also be seeking a printer's IP address, which could provide the scammer with remote access to the printer.

ISG suggests that you use caution when giving information over the phone, especially in situations when the supposed vendor makes the contact. If you receive a call like this, you should end it without providing any printer details. If you did provide printer information over the phone, please let ISG know.

For details on Brown's Office Equipment Program and its toner order directions, see: www.brown.edu/Facilities/Graphic_Services/services/svcs_copier_toner.html.

More information:
http://www.snopes.com/crime/fraud/supplies.asp
http://www.techrepublic.com/article/teach-your-users-to-recognize-the-phoner-toner-scam/
http://www.consumer.ftc.gov/articles/0181-unordered-merchandise

Variation:
Fake Scanner Emails Infect Office Computers with Malware (8/21/2013) 

Phishing Alert
Sep 29, 2014 - 8:27 am

---------- Forwarded message ----------
From: "BROWN.EDU"  < nanzhao_zhang @brown.edu > 
Date: Sep 29, 2014 8:12 AM
Subject: I.T HELP-DESK
To:
Cc:

I.T HELP-DESK < nanzhao_zhang @brown.edu >
------------------------
Re-Validate- < Click Here>>

NOTE: That Failure to comply may result in the loss of your account within the next 24 hours. 

Phishing Alert
Sep 26, 2014 - 1:47 pm

Phishing Alert
Sep 26, 2014 - 12:16 pm

From: Lisa Davis < lisadaviso10 @zoho.com >
Date: Fri, Sep 26, 2014 at 9:57 AM
Subject: Who's Who in Academia (2014 Edition) - You are included
To: info@newsdigest.co

Good morning.

We're writing to let you know that you received Honorable Mention in yesterday's article titled "Who's Who in Academia" by Joseph Bozanek.

The article will remain available at www .newsdigest. co for the next few hours and is also available to download in PDF format.

Wishing you the best of continued success,

Lisa Davis, Editor
News Digest International
www.newsdigest.co 

Phishing Alert
Sep 26, 2014 - 11:14 am

Over the past several days there have been reports of multiple senders of and variations on the "Re-Validate Your School Mail Box" phishing email. Like the IRS.gov email, you are advised to watch out for this constantly morphing phish, with variations on the sender's name, address and slight changes in the text of the body. If you see one, please mark it as "Phishing" to alert Google to it.

Sighted so far, these have been from:
WEBMASTER
or I.T HELP-DESK or BROWN.EDU

Compromised Brown addresses that have been reported over the last few days are:

  • asma_ahmed
  • marie_lea_berkowitz
  • michael_clapprood
  • hilary_feeney
  • joshua_feshbach 
  • kyle_mccarthy
  • john_mcdaniel
  • edward_myers

Here is a sample email from one of our latest reports:

From: WEBMASTER
Date: Fri, Sep 26, 2014 at 9:34 AM
Subject: Re-Validate Your School Mail Box
To:

I.T HELP-DESK
------------------------
 Re-Validate-  < Click Here>>
  
NOTE: That Failure to comply may result in the loss of your account within the next 24 hours.

Signed By Webmaster.
Maintained by the Technology Department. Copyright 2014.

Variation:

From: BROWN.EDU
Date: Mon, Sep 29, 2014 at 8:23 PM
Subject: Re-Validate Your School Mail Box
To: 

Update Your School Mail Box < Click Here>>

Signed By Webmaster.
Maintained by the Technology Department. Copyright 2014. 

Phishing Alert
Sep 25, 2014 - 1:44 pm

Over the past several days Brown has been hit hard with IRS phishing emails, among others. Please watch out for this constantly morphing phish, with variations on the sender's name, address and slight changes in the text of the body.

Sighted so far, these have been from:
BROWN.EDU@irs.gov
or BROWNuni.edu@irs.gov or IRS.gov

Compromised Brown addresses that have been reported over the last few days are:

  • krystal_baptista, elizabeth_basso
  • stacie_farrow, hilary_feeney, zizhao_feng, michael_fernandez, annaly_ferrell, joshua_feshbach, ellen_fitzharris, jose_flores
  • ​kensuke_kashiwagi, nicole_kaufmann, brian_kavanaugh, hyun_jung_kim, marley_kirton
  • kathy_ng
  • illas-nikiforos_pasidis

Here is a sample email from one of our latest reports:
---------- Forwarded message ----------
From: IRS.gov
Date: Thu, Sep 25, 2014 at 1:31 PM
Subject: E-file
To:

Your E-File Form Update
It's Quick, Easy and Secure, Kindly click on the link below to update your IRS E-file.
Update your IRS E-file immediately, click here to : < Update >

Security Preferences Updated,
Thank you. 

Here are a few variations:
==============================
IRS.gov //

Our Revenue Record Shows You Are Still Yet To Validate.

Internal Revenue Service
Your 2014 1098-T tax Form is now available electronically on E-file Self-Service.. It's Quick, Easy and Secure.

Update your IRS E-file immediately, click here to -  < Verify >
For your protection, this link would expire in six hours 

==============================
IRS.gov //

Update your IRS E-file immediately, click here to -  < Update >
For your protection, this link would expire in six hours

==============================
BROWN.EDU@irs.gov //

Your Revenue Record Shows You Are Still Yet To Validate.

Update your IRS E-file immediately, click here to -  < Update >
For your protection, this link would expire in six hours
==============================
IRS.gov //

You Are Still Yet To Validate.

Update your IRS E-file immediately, click here to -  < Update >
For your protection, this link would expire in six hours
==============================
IRS.gov //

Your E-File Form Update
It's Quick, Easy and Secure, Kindly click on the link below to update your IRS E-file.
Update your IRS E-file immediately, click here to :  < Update >
 
Security Preferences Updated,
Thank you.
==============================
Internal Revenue Service //

Internal Revenue Records Show You Are Yet Validate.
 
Update your IRS E-file immediately, click here to -  < UPDATE >
For your protection, this link would expire in six hours.

This U.S GOVERNMENT SYSTEM IS FOR AUTHORIZED USE ONLY!

Phishing Alert
Sep 24, 2014 - 9:38 am

Phishing Alert
Sep 24, 2014 - 8:35 am

Phishing Alert
Sep 22, 2014 - 4:55 pm

From: Mark Fletcher < fletchermd @goldmail.etsu.edu >
Date: September 22, 2014 at 4:49:30 PM EDT
To: undisclosed-recipients:;
Subject: Update

You have exceeded your mail.brown.edu (Gmail) quota limit of 500MB and you need to expand the mail.brown.edu (Gmail) quota before the next 48 hours. If

Click on the link below to upgrade your account:  [ URL omitted ]

Thanks for your understanding.