Phish Bowl

Many reported an unexpected (but legitimate) email from Gallagher Student Health on behalf of Brown. Gallagher is Brown's health insurance plan for students.

From: William Tsiaras <pamilar001@gmail.com>
Date: Fri, Jun 11, 2021 at 7:23 AM
Subject: Medical Student Position
To:

From: Prof Roger <sacksmith999@gmail.com>
Date: Tue, Jun 8, 2021 at 9:33 PM
Subject: BROWN UNIVERSITY STUDENT EMPLOYMENT
To:

From: James Warburton <jwarburton008@gmail.com>
Date: June 8, 2021 at 12:27:25 PM EDT

From: ON-CAMPUS JOBS <adegokeyinka76@gmail.com>
Date: Mon, Jun 7, 2021 at 9:21 AM
Subject: BROWN UNIVERSITY STUDENT HIRE
To:

From: Prof Janet <barry01d1@gmail.com> or Alexander Baker <bakerqueens880@gmail.com>

From: Prof. Kenneth <ahamdielekwa@gmail.com>
Date: Thu, Jun 3, 2021 at 12:18 PM or  Sun, May 30, 2021 at 5:33 PM

From: devora kluemper <kluemperd43@gmail.com>
Date: Thu, Jun 3, 2021 at 10:33 AM
Subject: ORDER 2021
To:

Dear Member,

Be on the lookout for fake copyright warnings that may arrive via a contact form web page -- they usually point to an apparent Google site that can trick you into installing ransomware.

From: STUDENT JOBS <doniscarter63@gmail.com> or Stone James <liza.sten0015@gmail.com>

Can you identify the clues in the following email that indicate it's a scam, as well as the emotional buttons that are being pushed?

From: Campus Jobs <solarubi61@gmail.com>
Date: Mon, May 31, 2021 at 3:51 AM
Subject: PANDEMIC SUPPORT HIRE
To:

The "malware sextortion" threat has been reported at Brown again (first seen in 2018), threatening to reveal unsavory secrets if the recipient doesn't promptly pay up (this time $2100 in bitcoins).

From: Anne Mason <AnneMason.k12.edu@terri010.hostpilot.com>
Date: Mon, May 31, 2021 at 10:12 AM
Subject: Ongoing internship program

From: Collins Gray <mizslimsneh@gmail.com>
Date: Mon, May 31, 2021 at 10:13 AM
Subject: AVAILABLE PART-TIME JOB

From: Daniel R. Ames <ramesdaniel235@gmail.com> or Randy Frank <randyfrank305@gmail.com>

From: [REDACTED - actual sender from header details: dan@hillsdalemfg.com]
Date: Mon, May 24, 2021 at 6:22 PM
Subject: Multidisciplinary Research

From: Lynn Sweeney <lynn_sweeney@brown.edu>  [actual sender from header details: davidh@affinitytv247.com]

From: Prof Kenneth <sacksmith999@gmail.com>
Date: Thu, May 20, 2021 at 10:20 AM
Subject: BROWN UNIVERSITY PANDEMIC EMPLOYMENT SUPPORT
To:

From: Dr Sarah Brewer <elizabethrichard991@gmail.com> OR <henryvicky528@gmail.com>OR <

From: Lynn Sweeney <lynn_sweeney@brown.edu> [actual sender is mike@sports-med.com]

Another employment scam, this one with a different subject (STUDENT EMPLOYMENT) and sender (Prof Kenneth), but a tell-tale non-Brown email address (sacksmith999@gmail.com).

Watch out for this clever job scam that looks like it was sent by the Payroll Office (clue #1 - why would the Payroll Office send job notices?), but examination of the headers details shows the identity of the actual

From: Danny Warshay <9009547q@criptext.com>
Date: Thu, May 13, 2021 at 2:26 PM
Subject: Task Request

From: ON-CAMPUS JOBS <eljalladmatt@gmail.com> or <crystalkate000@gmail.com> or Job Opportunity <

From: Russell Carey <universityevents@messages.brown.edu>
Date: May 13, 2021 at 7:19 AM

From: Shelly Fisher <ShellyF@providencewomenleaders.org>
Date: Wed, May 12, 2021 at 9:21 AM

ZoomInfo is not related to the webconferencing tool, Zoom, and is instead a "sales intelligence" business that collects, processes and sells personal data it harvests online to third parties who use it to cultivate ne

From: Avery <averyburke@cambridgemedicalexperts.com>
Date: Tue, May 4, 2021 at 7:50 AM
Subject: Re: Re: TB Meningitis-Case Review

Emails like the following were sent about the new Brown Contract Management System to those who had requested access and needed to take training in order to be activated in the system.