Phish Bowl

The following emails are phishing attempts that have been reported by the Brown community. We advise that you do the following:

  • If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.
  • If you received the same email but from a different Brown address than shown, please forward it to us so that we can attend to the new compromise.
  • If you received one already posted here, please report it as phishing to the Gmail team (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.
  • More about phishing at brown.edu/go/phishing and What to do When You Spot a Phish.
  • Please note that the Phish Bowl account is actively monitored during regular business hours and periodically at other times.
Phishing Alert
Jan 15, 2015 - 9:23 am

From: IRS.gov < jminie147 @hcc.edu >
Date: Thu, Jan 15, 2015 at 4:45 AM
Subject: E-file Record Validation
To:

IRS/E-file Q&A Record Validation Act.

Update Your 2015 Tax Record Validation.
Proceed To The Following Link to Update your 2015 1098-T Tax Record
electronically,Is Easy and Secure.

Update IRS/E-file immediately, click here to - < Update >
For your protection, this link would expire in three hours 

Phishing Alert
Jan 13, 2015 - 9:21 am

From: John Smith < john.smith @mail-irs.gov >
Sent: Tuesday, January 13, 2015 6:13 AM
To: xxxxxx @brown.edu
Subject: Your tax return was incorrectly filled out

Attention: Owner/ Manager

We would like to inform you that you have made mistakes while completing the last tax form application (ID: 929039369847) .

Please follow the advice of our tax specialists HERE

Please amend the mistakes and send the corrected tax return to your tax agent as soon as possible.

Yours sincerely 

Phishing Alert
Jan 12, 2015 - 5:49 pm

From: Ashley Everett < ashevere @gmail.com >
Date: Sat, Jan 10, 2015 at 6:49 AM
Subject: Required Documents.
To: 

Hello,
Kindly OPEN to download the required documents needed.

Best, Ashley Everett
Policy and Research-The Newark Public Schools
Rutgers University- Honors College
Phi Alpha Theta-National History Honor Society
Alpha Kappa Alpha Sorority, Inc.- Gamma Zeta Chapter

Phishing Alert
Jan 12, 2015 - 5:36 pm

От: < student.services @edmurals.com >
Тема: Private Student Loans – Now get Aid for Tuition, Food, Rent, Textbooks , Computers and More!
Дата: 12 января 2015 г., 15:00:27 GMT-05:00
Кому:  xxxxx@brown.edu
Ответ-Кому: student.services@edmurals.com

* THIS EMAIL CONTAINS VALUABLE INFORMATION FOR STUDENTS

The Private Student Loan Network is the premiere destination for
thousands of Students trying to meet the rising costs of education.

* You can compare all large Student Lenders under one roof.
* You get simplified expert insights, advice and guidance.
* Till you don't sign the actual documents, you are under ZERO obligations.

Step 1 will take under 5 minutes. To start, simply click below NOW!
http://studentloans.edmurals.com

---
Jennine Hales
Ed Murals | Campus Outreach Program Coordinator
Suite 41-43, 735 Blake Street, Denver, CO 80205

We respect your privacy. We do not send out more than 1 email
every 6 months. Please hit Reply with "Unsubscribe Me"
in the Subject field if you wish to do so.

Proudly sent via Promail 

Phishing Alert
Jan 7, 2015 - 3:35 pm

Several reports of the "DHL Package Arrived" email this afternoon.

Note: DHL's Fraud Awareness and Prevention information.

Phishing Alert
Jan 6, 2015 - 11:27 am

Two variations with slighlty different subject lines on a phishing email reported on 11/14/2014.


From: Dawn Hart < dawn.hart @reedleycollege.edu >
Date: Wed, Jan 7, 2015 at 9:36 AM
Subject: RE: Faculty & Staff Outlook Confirmation
To: Dawn Hart < dawn.hart @reedleycollege.edu >

Dear mailbox user,

We currently upgraded to 4GB space. Please log-in to your account in order to validate
E-space. Your emails won't be delivered by our server, unless email account is confirmed.
Click on faculty and staff email confirmation to confirm details of your email account.
Note that failure to confirm your email with this notification, would lead to dismissal of your
user account. Protecting your email account is our primary concern.
This has become necessary to serve you better.

Copyright ©2014 IT Help Desk.... 

 


From: Berchard Suber < berchard.suber @rosemont.edu >
Date: January 6, 2015 9:50:11 AM EST
To: Berchard Suber < berchard.suber @rosemont.edu >
Subject: RE: Faculty staff and student email notification !

Dear mailbox user,

      We currently upgraded to 4GB space. Please log-in to the outlook web app portal with the required informations in order to validate
E-space and to activate the new offline access. Your emails won't be delivered by our server, unless email account is upgraded to the 2015 web app.

Click here on faculty staff and student email portal to upgrade details of your email account.

Note that failure to upgrade your email with this notification, would lead to dismissal of your user account.

Protecting your email account is our primary concern.
This has become necessary to serve you better.

IT Help Desk​....

© 2015 Microsoft Corporation. All rights reserved. 

Phishing Alert
Jan 5, 2015 - 9:29 am

From: Kristin Bishop < kristin.bishop @fiu.edu >
Date: Fri, Jan 2, 2015 at 1:08 PM
Subject: Kristin Bishop doc#987654
To:

DOCUMENTS FOR YOU
Compliment of the season !!

I need you to go through this uploaded files, Due to the size i have zipped and compressed it making it accessible via google secure folders.

For immediate access click Access Files Here just sign in with your email, This files are very important.

Let me know what you think.

Regards
Kristin Bishop, Asst. Professor

Phishing Alert
Dec 23, 2014 - 10:18 am

(From the Admin: This is a long time and on-going scam, which attacks small, targeted groups of emails. It is also an example of "social engineering", as a dialogue usually is created before the money is sent.)

From: P. Senthil Kumar < senthilngri @yahoo.com >
Sent: Wednesday, December 17, 2014 1:49 AM
To: senthilngri @yahoo.com
Subject: Help please

Hope all is well with you, am out of town I travel to Turkey for a short vacation , I have a little problem here my ATM card didn't work here... I tried about 5 different ATM booths no money was dispensed. am stranded here I don't have any money with me. I need you to wire me 20 00 Euro or whatever amount if not all via western Union I'll refund back your money immediately I get back next week.
Let me know if you can help me out.
Hope to hear from you soon

Thanks,
Senthil

Phishing Alert
Dec 23, 2014 - 10:16 am

A variation on an earlier alert: same subject but new content and sender.


From: Gmail Account < xxxx_xxxxxx @brown.edu >
Date: Tuesday, December 23, 2014
Subject: Your account will be SHUTDOWN
To:

Gmail icon
Google
Your email account *********@gmail.com is due for upgrade!

Upgrade Your Account

You are required to validate your details within 24 hours of this notice and we'll help you take corrective actions.

© 2014 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy | Terms of Service
You are receiving this notification for every newly generated Google Account Activity Report. Change reminder settings

Phishing Alert
Dec 17, 2014 - 4:12 pm

Though this particular phishing email has not been spotted here at Brown, it is mentioned here because it has made the rounds at other universities. A typical email would include content such as:

Dear _______,

This letter is to confirm our decision  to our staffs
that some of us has been terminated in duties as a result of
going against the ethics and standard of the institution
according to the information's gathered over time, we advise
all the affected to  please bear with us, these listed staffs
are relief of their duties until further clarifications.
Should in case you identify your full names, department,
email, appointment date/title,  current position, ID
number/phone number. Please await our next mail for further
required procedures. Please find the attached and download to
view list.

Thank you and best regards.

<signature line with name and office of the institution's president>

An alert for a similar email has been posted on the Virginia Commonwealth University website. How many things can you find suspicious about either one?