Phish Bowl
A collection of scam emails and other suspicious communications.
From: -noreply <jech7be @hps21.org> OR Mail Update2017 <branniba @miamioh.edu>
Date: 2017-06-23 12:01 GMT-04:00
Subject: Failure to update your account will lead to closure
From: "Student Services" <info @studentrefresh.com>
Date: June 20, 2017 at 8:34:54 AM EDT
To: [ Brown email address ]
Subject: Brown Students - Your Honor Society Invitation
From: Rougeau, Janis K <JROUGEAU @houstonisd.org>
Date: Thu, Jun 15, 2017 at 11:33 AM
Subject: Faulty\Staff
To: "Rougeau, Janis K" <JROUGEAU @houstonisd.org>
From: G+@-Notice <abbottet @miamioh.edu>
Date: 2017-06-09 13:35 GMT-04:00
Subject: Important update notice to prevent account closure
To:
From: Library Services - Brown Library <libraryservices @kocaeli.edu.tr>
Date: Wed, Jun 7, 2017 at 6:03 PM
Subject: Library Account
To: [ Brown address ]
Dear Library Member,
From: IT Department <itdepartment @university.com>
Date: Tue, May 23, 2017 at 4:58 PM
Subject: Change of Staff Mail
To: Josiah_Carberry @ brown.edu
This scam email poses as an alert that someone else may have logged into your device when it's trying to gather personal information instead.
The digital signing service DocuSign reported that they'd been hacked by an unnamed third-party, who got access to email addresses of its users, which in turn were used to phish others.
From: Kane, Agnes <agnes_kane @brown.edu>
Date: Mon, May 15, 2017 at 1:14 PM
Subject: Documents
To: BMETRAINERS@listserv.brown.edu
Beware email that looks like it is was sent by Brown's Alumni Assocation, but is actually from an "unofficial alumni network" organized through Trimian.com.
We have received a report of an email, supposedly sent by President Paxson, requesting that the recipient post transactions for the sender.
We are aware of a widespread scam of what appear to be Google Drive sharing notices. See the end of this posting for an example screenshot.
From: Ali Fardan <rasalinvestmentauthority @gmail.com>
To: <ithelp @brown.edu>
Subject: Purchase Order
Date: Tue, 2nd May 2017 2:17am
DEAR SIR,
In this phishing scheme, scammers send emails impersonating LinkedIn, to try luring you to a fake website where you would download your CV.
From: Jane Kristin Helgesen <jane-kristin.helgesen @sarpsborg.com>
Date: Mon, Apr 24, 2017 at 8:30 AM
Subject: RE: IT DEPARTMENT
This phishing email attempts to lure you with the sender name of "Prudential Financial", and a file link that includes your name.
From: Delta Air Lines <orders @deltaa.com>
Date: Tue, Apr 18, 2017 at 10:20 AM
Subject: Your order 68052460 with Delta Air Lines has been confirmed!
To: (Brown address)
Beware of phone calls from individuals requesting printer serial or model numbers, often with the claim that they are checking or updating machines and need the number to process the request.
Various students have reported receiving an email from Campus Storage with offers for summer storage options. This company is not affiliated with Brown Student Agencies nor has it been vetted for legitimacy by them.
Today's mailing about the "Real Appeal" program to United Healthcare members is the "real deal" - details are available at
Be on guard against a phone phishing scam reported to us that starts with a call from someone claiming to be from the local FBI office.
The following is a sample notification sent regarding ORCID, used at Brown and elsewhere to create identifiers for publication/research activities.
From: Evelyn Maxwell <Evelyn.Maxwell @flumc.org>
Date: Mon, Mar 13, 2017 at 11:35 AM
Subject: RE: ITS-Helpdesk
To: Evelyn Maxwell <Evelyn.Maxwell @flumc.org>
If past years are any indication, there will be an increased number of phishing scams and malware campaigns this US tax season you should be prepared for.
This followup email to yesterday's mailing about new BOA PCards is also a legitimate notification sent on behalf of the Controller's Office, givin
Today's mailing regarding new BOA PCards replacing the current JP Morgan cards (expiring March 17) is a legitimate notification from the Controller's Office.
The following is a legitimate notification from nextSource, Brown's partner for temporary hiring.
We received some questions about this email, which is from the administrator of Brown's Flexible Spending Accounts.
From: elizabeth doyle <elizabethdoyle33 @aol.com>
Date: Tue, Feb 28, 2017 at 2:31 PM
Subject: Elizabeth Doyle Sent you Important Document!
To:
Please find secure PDF uploaded below.
From: eFax <noreply.DHtiB @efax-reports.com>
Date: Mon, Feb 20, 2017 at 11:15 AM
Subject: eFax Report
To: [ Brown address ]
Pages
If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.