Phish Bowl
A collection of scam emails and other suspicious communications.
From: STUDENT JOBS <doniscarter63@gmail.com> or Stone James <liza.sten0015@gmail.com>
Can you identify the clues in the following email that indicate it's a scam, as well as the emotional buttons that are being pushed?
From: Campus Jobs <solarubi61@gmail.com>
Date: Mon, May 31, 2021 at 3:51 AM
Subject: PANDEMIC SUPPORT HIRE
To:
The "malware sextortion" threat has been reported at Brown again (first seen in 2018), threatening to reveal unsavory secrets if the recipient doesn't promptly pay up (this time $2100 in bitcoins).
From: Anne Mason <AnneMason.k12.edu@terri010.hostpilot.com>
Date: Mon, May 31, 2021 at 10:12 AM
Subject: Ongoing internship program
From: Collins Gray <mizslimsneh@gmail.com>
Date: Mon, May 31, 2021 at 10:13 AM
Subject: AVAILABLE PART-TIME JOB
From: Daniel R. Ames <ramesdaniel235@gmail.com> or Randy Frank <randyfrank305@gmail.com>
From: [REDACTED - actual sender from header details: dan@hillsdalemfg.com]
Date: Mon, May 24, 2021 at 6:22 PM
Subject: Multidisciplinary Research
From: Lynn Sweeney <lynn_sweeney@brown.edu> [actual sender from header details: davidh@affinitytv247.com]
From: Prof Kenneth <sacksmith999@gmail.com>
Date: Thu, May 20, 2021 at 10:20 AM
Subject: BROWN UNIVERSITY PANDEMIC EMPLOYMENT SUPPORT
To:
From: Dr Sarah Brewer <elizabethrichard991@gmail.com> OR <henryvicky528@gmail.com>OR <
From: Lynn Sweeney <lynn_sweeney@brown.edu> [actual sender is mike@sports-med.com]
Another employment scam, this one with a different subject (STUDENT EMPLOYMENT) and sender (Prof Kenneth), but a tell-tale non-Brown email address (sacksmith999@gmail.com).
Watch out for this clever job scam that looks like it was sent by the Payroll Office (clue #1 - why would the Payroll Office send job notices?), but examination of the headers details shows the identity of the actual
From: Danny Warshay <9009547q@criptext.com>
Date: Thu, May 13, 2021 at 2:26 PM
Subject: Task Request
From: ON-CAMPUS JOBS <eljalladmatt@gmail.com> or <crystalkate000@gmail.com> or Job Opportunity <
From: Russell Carey <universityevents@messages.brown.edu>
Date: May 13, 2021 at 7:19 AM
From: Shelly Fisher <ShellyF@providencewomenleaders.org>
Date: Wed, May 12, 2021 at 9:21 AM
ZoomInfo is not related to the webconferencing tool, Zoom, and is instead a "sales intelligence" business that collects, processes and sells personal data it harvests online to third parties who use it to cultivate ne
From: Avery <averyburke@cambridgemedicalexperts.com>
Date: Tue, May 4, 2021 at 7:50 AM
Subject: Re: Re: TB Meningitis-Case Review
Emails like the following were sent about the new Brown Contract Management System to those who had requested access and needed to take training in order to be activated in the system.
From: Carla Jackson <carmenevans1991@gmail.com>
Date: Sat, Apr 17, 2021 at 7:30 PM
Subject:
From: Offline <hi@offlinecollege.com>
Date: April 16, 2021 at 9:44:18 PM EDT
From: William Thirsk <office_of_biomed_communications@messages.brown.edu>
Date: Friday, April 9, 2021 3:39 PM
If you've received a mysterious calendar invite from an address like unknownorganizer@calendar.google.com for an event that has you scratching your head, you m
From: Jeff Crane <info@cranejeff.com>
Date: Sat, Apr 10, 2021 at 11:29 AM
Subject: RE: Your CASH APP Deposit
From: ON-CAMPUS JOBS <gabrieljelex7@gmail.com>
Date: Sat, Apr 10, 2021 at 7:52 AM
Subject: Hiring for Research Assistants
To:
From: CAMPUS JOBS <lm2512550@gmail.com>
Date: Thu, Apr 8, 2021 at 10:26 PM
Subject: Administrative Assistant Needed - Part Time
To:
From: David Kennan <dataexsdg@deskusing.com>
Date: Thu, Apr 8, 2021 at 2:27 PM
Subject: Form W-2 Record
From: Chris Ingram <info@ingramchris.com>
Date: Mon, Apr 5, 2021 at 11:06 AM
Subject: RE: Your Unclaimed Assets -Action Needed
Pages
If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.