Phish Bowl
A collection of scam emails and other suspicious communications.
From: Powell, Stephanie <LANGLEYS@ecu.edu>
Date: Tue, Apr 24, 2018, 18:24
Subject: You Have Been sent a File Using Dropbox
Beware a phish from the "IT_Support / IThelpdesk / IT Department" about a supposed "System Upgrade" that links you to the "new Office365 Lite." If you receive this email, do not respond to it nor click on the link.
Do you know how to spot a phony DocuSign request? The following email failed the first indicator of a real one: it did not have the unique security code at the bottom of the email.
The following solicitation from MedCraveOnline for submissions to their Sociology International Journal set off a few red flags (can you spot them?) and an inquiry into
From: Marco Martins <pc@dahnaylogix.com>
Date: Mon, Apr 2, 2018 at 8:13 AM
Subject: Southwire TET 307326383
Sounds too good to be true + Causes your "Spidey Sense" to tingle because something is off + Asks for personal information + Multiple typos and gramm
From: Lauren Miller <u3193322@uni.canberra.edu.au>
Date: Wed, Mar 28, 2018 at 7:40 AM
Subject: Invoice #49277028 from Lauren Miller
The wire transfer scam targeting financial officers is a persistent one, with variations on it continuing to be reported at Brown.
If you fall prey to a toner scam (see earlier Phish Bowl posts), the deal you thought you'd agreed to might become a rip-off like the following example,
From: Renu Jha <renujha723@gmail.com>
Date: March 22, 2018 at 7:23:45 AM EDT
To: renujha723@gmail.com
If you've received a mysterious calendar invite from an address like unknownorganizer@calendar.google.com for an event that has you scratching your head, you m
From: Rowe, Angela <Angela_Rowe@comcast.com>
Date: Fri, Mar 16, 2018 at 8:04 AM
Subject: Treat this update urgently!
To:
Hello,
From: service @paypal.com <service @paypal.com>
Date: Sun, Mar 4, 2018 at 4:52 PM
Subject: You added a new address
To: Josiah_Carberry <josiah_carberry @brown.edu>
From: Freddy Braunsheidel <accounts @brown.edu>
Date: Mon, Mar 5, 2018 at 11:55 AM
Subject: Bill No 89050847
To: josiah_carberry @brown.edu
Thanks for using online billing.
While this email may look phishy, it is a legitimate warning from Google of someone attempting to access your account and their blocking it.
From: <sales.representative @ewayonline.ca>
Date: 2018-02-26 11:47 GMT-05:00
Subject: Confirmation #315955MV
To: josiah_carberry @brown.edu
Transaction Status: Shipped!
This is a postscript to an earlier warning about the phish BROWN PART TIME JOB OFFER, which illustrates what could happen should you respond to
From: Sergeant Robert Brown <sergeantrobertbrown @luck.ocn.ne.jp>
Date: Sun, Feb 18, 2018 at 10:06 PM
Subject: I seek for your assistance
To:
Aside from the definitely non-Apple mailing address (@mailmainmailm.freshdesk.com), what else would make you suspicious of this email reported today?
From: Paul Cooke <h.opdam@kpnplanet.nl>
Date: Thu, Feb 15, 2018 at 6:55 PM
Subject: Open invoices
From: Jacqueline T Newman <JTNEWMAN @aps.k12.co.us>
Date: Wed, Feb 14, 2018 at 3:19 PM
Subject: Alert
To:
Be on alert for a scammer posing as Brown's Student Health Insurance carrier. Several students have reported these calls, which originate from a Canadian-based number.
From: James Parker <jamespaker4325 @gmail.com>
Date: Mon, Feb 5, 2018 at 11:41 AM
Subject: .
To:
While this email does not contain any links or attachments, it does entice its reader with a polite job offer if you provide a personal email address.
Beware of emails offering to share documents via "Docsign" (and not "DocuSign") from RI.gov and related domains. The following are two examples of recent reports of these phishing emails.
From: Denise Reese <dreese @interwestgrp.com>
Date: Thu, Jan 11, 2018 at 12:13 PM
Subject: New Document: Doc #229640.pdf
To:
Denise V. Reese Sent you a Document "Doc #229640.pdf".
One of items in the phishing scammer's toolkit is the ability to spoof email addresses, making it easy to take the name in your account -- and sometimes the @brownedu address as well -- and to place it in the From fie
Watch out for employment scams like the following, which specifically prey on college students.
From: Mychal Grenawalt <mychalgrenawalt @sbcglobal.net>
Date: Tue, Jan 9, 2018 at 9:10 AM
Subject: Document
To:
From: PayPal Support <paypal @server.sanvil.cc>
Date: Sun, Nov 26, 2017 at 7:28 AM
Subject: Due to suspicious activity, your account has been temporarily locked.
Pages
If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.