Phish Bowl

From: David Walker <davidwalker0199@gmail.com>
Date: Mon, Jun 18, 2018 at 11:42 AM
Subject: Administrative Support
To:

Attn

From: Gauthier, Nancy <nancy.gauthier@ucdsb.on.ca>
Date: Wed, May 16, 2018 at 5:48 AM
Subject: IT System Support !!!

From: OPR Science <alam@atzplanet.com>
Subject: OPR Science For Check No: 32034219236
Date: May 15, 2018 at 9:48:57 AM EDT

From: Facebook <firstusacapital@gmail.com>
Date: Sat, May 5, 2018, 12:23 PM
Subject: Alert

This Microsoft/Google Chrome critical warning spotted today contains a few suspicious characteristics that should clue you in to avoid its request for your rapid response. How many can you find?

From: Microsoft Support <outlookwebserrvice060@utk.edu>
Date: Fri, Apr 27, 2018 at 4:40 AM
Subject: Important online activity review

From: Powell, Stephanie <LANGLEYS@ecu.edu>
Date: Tue, Apr 24, 2018, 18:24
Subject: You Have Been sent a File Using Dropbox

Beware a phish from the "IT_Support / IThelpdesk / IT Department" about a supposed "System Upgrade" that links you to the "new Office365 Lite." If you receive this email, do not respond to it nor click on the link.

Do you know how to spot a phony DocuSign request? The following email failed the first indicator of a real one: it did not have the unique security code at the bottom of the email.

The following solicitation from MedCraveOnline for submissions to their Sociology International Journal set off a few red flags (can you spot them?) and an inquiry into

From: Marco Martins <pc@dahnaylogix.com>
Date: Mon, Apr 2, 2018 at 8:13 AM
Subject: Southwire TET 307326383

Sounds too good to be true + Causes your "Spidey Sense" to tingle because something is off + Asks for personal information + Multiple typos and gramm

From: Lauren Miller <u3193322@uni.canberra.edu.au>
Date: Wed, Mar 28, 2018 at 7:40 AM
Subject: Invoice #49277028 from Lauren Miller

The wire transfer scam targeting financial officers is a persistent one, with variations on it continuing to be reported at Brown.

If you fall prey to a toner scam (see earlier Phish Bowl posts), the deal you thought you'd agreed to might become a rip-off like the following example,

From: Renu Jha <renujha723@gmail.com>
Date: March 22, 2018 at 7:23:45 AM EDT
To: renujha723@gmail.com

If you've received a mysterious calendar invite from an address like unknownorganizer@calendar.google.com for an event that has you scratching your head, you m

From: Rowe, Angela <Angela_Rowe@comcast.com>
Date: Fri, Mar 16, 2018 at 8:04 AM
Subject: Treat this update urgently!
To: 

Hello,

From: service @paypal.com <service @paypal.com>
Date: Sun, Mar 4, 2018 at 4:52 PM
Subject: You added a new address
To: Josiah_Carberry <josiah_carberry @brown.edu>

From: Freddy Braunsheidel <accounts @brown.edu>
Date: Mon, Mar 5, 2018 at 11:55 AM
Subject: Bill No 89050847
To: josiah_carberry @brown.edu

Thanks for using online billing.

While this email may look phishy, it is a legitimate warning from Google of someone attempting to access your account and their blocking it.

From: <sales.representative @ewayonline.ca>
Date: 2018-02-26 11:47 GMT-05:00
Subject: Confirmation #315955MV
To: josiah_carberry @brown.edu

Transaction Status: Shipped!

This is a postscript to an earlier warning about the phish BROWN PART TIME JOB OFFER, which illustrates what could happen should you respond to

From: Sergeant Robert Brown <sergeantrobertbrown @luck.ocn.ne.jp>
Date: Sun, Feb 18, 2018 at 10:06 PM
Subject: I seek for your assistance
To: 

Aside from the definitely non-Apple mailing address (@mailmainmailm.freshdesk.com), what else would make you suspicious of this email reported today?

From: Paul Cooke <h.opdam@kpnplanet.nl>
Date: Thu, Feb 15, 2018 at 6:55 PM
Subject: Open invoices

From: Jacqueline T Newman <JTNEWMAN @aps.k12.co.us>
Date: Wed, Feb 14, 2018 at 3:19 PM
Subject: Alert
To:

Be on alert for a scammer posing as Brown's Student Health Insurance carrier. Several students have reported these calls, which originate from a Canadian-based number.

From: James Parker <jamespaker4325 @gmail.com>
Date: Mon, Feb 5, 2018 at 11:41 AM
Subject: .
To: 

While this email does not contain any links or attachments, it does entice its reader with a polite job offer if you provide a personal email address.