Phish Bowl
A collection of scam emails and other suspicious communications.
From: Yan Guo <yanguo055@gmail.com>
Subject: Re:
Date: April 1, 2019 at 9:14:13 AM EDT
While it may seem suspicious, this notification from Microsoft is actually the real thing.
From: Mary Peterson <erez.perelson@gmail.com>
Date: Thu, Mar 28, 2019 at 6:58 PM
Subject: [ 1st ] Recommendation..!!
From: Christina Paxson <cfooffice123@aol.com>
Date: Wed, Mar 27, 2019 at 12:22 PM
Subject: REQUEST
Purchasing has been alerted by a supplier of a Request for Quotation (RFQ) supposedly sent by Brown staff but is instead part of a known scam, which leads to the supplier shipping the merchandise, the business never r
From: Jewel Wehr <Hr_desk900@outlook.com>
Sent: Friday, March 8, 2019 12:31 AM
Subject: Personal Assistant Needed
After a couple of back-and-forth emails, starting with "Are you available?, this scammer gets down to the specifics of what they want and how to get it to them.
From: Aleisha Nisbet <acn38@uclive.ac.nz>
Date: Wed, Mar 6, 2019, 10:53
Subject: INTERNSHIP: Brown University
To: [ multiple @brown.edu addresses ]
Similar to the phishing email Prompt Response Required reported in mid-February, "Hello good day" from "Christiana Paxson" offers more than a few
Just hang up if you receive a call from "the Office of Inspector General of the Social Security Administration" (SSA) informing you that your "Social Security number has been suspended" and that you need to contact th
From: Michael Cloy <michaelcloy01@gmail.com>
Subject: STUDENT JOB OPPORTUNITY
Date: March 1, 2019 at 12:34:10 AM EST
From: Jeff Robinson <anderlaura850@gmail.com>
Subject: Private Tutor
Date: February 22, 2019 at 8:05:16 AM EST
Another variation on the malware sextortion scam.
Beware the phony job offers that may only be after your personal information, money or worse (such as a money laundering scheme), especially when it arrives as an attached PDF, is sent to multiple names, and has a sub
From: President Christina Hull Paxson <christinapaxson01@gmail.com>
Date: Tue, Feb 19, 2019 at 8:15 AM
Subject: Prompt Response Required
If you've wondered what corresponding with an "are you available?" scammer might look like, here is a sequence of emails reported to us this afternoon that demonstrates the gradual escalation of the con artist.
From: Terrance Todd <dean.of.graduateschool.brown.e@gmail.com>
Date: Wed, Feb 6, 2019 at 3:15 AM
Subject:
From: Gordon Lawson <bgwil7@yahoo.com>
Subject: Tutor
Date: February 5, 2019 at 6:11:32 AM EST
Several students have reported receiving phone calls from people claiming to be from an IRS office in Texas, who threaten to sue their victims if they do not submit a certain tax form. These upsetting calls are unfort
We've added this example to the Phish Bowl because phishing emails warning about a new email policy and requesting that you "kindly click" on a bogus link never seem to go out of fashion.
The following emails, sent to Payroll Office and other financial staff, were targeted attempts to socially engineer (i.e., con) their way into changing direct deposit details and reroute money to the thief.
The iTunes and Amazon gift card phishing scheme has targeted faculty members at more than a dozen universities, including Brown.
This is a reminder that phishing can arrive via your phone and well as email, and since you're less likely to expect it this way, you may find it more unsettling than seeing it on a screen in front of you.
The responses in the following thread should look familiar to frequent visitors of the Phish Bowl and offer an opportunity to see how the scam progresses.
From: Christina Hull Paxson <christinahull.paxson@my.com>
Date: Tue, Jan 15, 2019 at 7:56 AM
Subject: Hi are you there
From: Terrance Todd <terrance.toddbrown@gmail.com>
Date: Sat, Jan 12, 2019 at 5:35 PM
Subject: Re: Hello
From: Terry Todd <jsukhan@mts.net>
Date: Mon, Jan 14, 2019 at 5:39 PM
Subject:
From: "Paul Todd" <paultodd987@gmail.com>
Date: January 14, 2019 at 11:31:26 PM
From: Terrance Todd <terrancetoddbrownedu@gmail.com>
Date: Tue, Jan 8, 2019 at 5:36 PM
Subject: Hello
The following is an example of a legitimate Google security notification, warning the recipient of suspicious activity occurring with their account.
Pages
If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.