Phish Bowl
A collection of scam emails and other suspicious communications.
From: Paul Cooke <h.opdam@kpnplanet.nl>
Date: Thu, Feb 15, 2018 at 6:55 PM
Subject: Open invoices
From: Jacqueline T Newman <JTNEWMAN @aps.k12.co.us>
Date: Wed, Feb 14, 2018 at 3:19 PM
Subject: Alert
To:
Be on alert for a scammer posing as Brown's Student Health Insurance carrier. Several students have reported these calls, which originate from a Canadian-based number.
From: James Parker <jamespaker4325 @gmail.com>
Date: Mon, Feb 5, 2018 at 11:41 AM
Subject: .
To:
While this email does not contain any links or attachments, it does entice its reader with a polite job offer if you provide a personal email address.
Beware of emails offering to share documents via "Docsign" (and not "DocuSign") from RI.gov and related domains. The following are two examples of recent reports of these phishing emails.
From: Denise Reese <dreese @interwestgrp.com>
Date: Thu, Jan 11, 2018 at 12:13 PM
Subject: New Document: Doc #229640.pdf
To:
Denise V. Reese Sent you a Document "Doc #229640.pdf".
One of items in the phishing scammer's toolkit is the ability to spoof email addresses, making it easy to take the name in your account -- and sometimes the @brownedu address as well -- and to place it in the From fie
Watch out for employment scams like the following, which specifically prey on college students.
From: Mychal Grenawalt <mychalgrenawalt @sbcglobal.net>
Date: Tue, Jan 9, 2018 at 9:10 AM
Subject: Document
To:
From: PayPal Support <paypal @server.sanvil.cc>
Date: Sun, Nov 26, 2017 at 7:28 AM
Subject: Due to suspicious activity, your account has been temporarily locked.
From: OPR Science <agnes.oeschger @bluewin.ch>
Subject: Invoice #46117035/DEF#GXYOM/2017 (04 Dec 17)
Date: December 4, 2017 at 7:15:10 AM EST
To: Josiah_Carberry @brown.edu
From: Jay Calhoun <checkinganna @gmail.com>
Date: Wed, Nov 29, 2017 at 11:09 AM
Subject: Hello Josiah.
To: Josiah_Carberry @brown.edu
From: bursar_billing@brown.edu
Date: Thu, Nov 9, 2017 at 4:02 PM
Subject: Brown University Student Account Activity Notice
From: ITS service <hotmstr @vanderbilt.edu>
Date: Sun, Nov 19, 2017 at 9:27 AM
Subject: Brown Information Technology
To: [ Brown email addresses ]
From: Shantala Contara <orydeya @ua.fm>
Date: Thu, Nov 16, 2017 at 6:21 AM
Subject: Invoice due, number 8611729/QK#HWZR/2017 (16 Nov 17)
To: [ Brown email address ]
Dear ,
We have received questions about this email from UnitedHealthCare Student Resources, which is a legitimate notification from them.
Beware of requests to immediately wire funds that arrive through suspicious emails that are full of grammatical errors and typos, have a mismatch on the sender's name and email address, and stress urgency.
A phishing email reported today with the classic tell-tale signs: missing recipient address, threat if no action taken quickly, grammar errors, from "IT Service Desk S
Netflix subscribers are being targeted with a well-executed phishing email telling them their account has been suspended and trying to get their login information and credit card data.
From: stunned hacker <hackerstunned @gmail.com>
Date: Wed, Oct 18, 2017 at 9:09 PM
Subject: hello
To: [ Brown email addresses ]
From: Gmaili+ Update Security [mailto:67293 @cag.edu.gt]
Sent: Wednesday, October 18, 2017 12:30 PM
Subject: Avoid being locked out of your mail
[Inline image 1]
From: <GoogleAccount @server06.accounttsupport.com>
Date: Thu, Oct 12, 2017 at 6:43 AM
Subject: Upgrade Your Mail Box [Brown email address] To Continue Using Your Email
Occasional military recruiters will send email solicitations to Brown students, such as the following example. These are legitimate and allowed by law.
From: Admin Support <savannah.brosius @wsu.edu>
Date: Thu, Sep 21, 2017 at 3:02 PM
Subject: Please Verify
To: [ Brown address ]
From: LASHANDA D. SANTIAGO <Lashanda.Santiago @eskenazihealth.edu>
Date: Thu, Sep 21, 2017 at 9:48 AM
Subject: RE: Hr management Announcements (Microsoft Warning Alert)
Stay alert for phony wire transfer requests which surface at Brown periodically, usually targeting individuals who work in financial or senior level offices.
From: Outlook Web App <threefasthounds @centurylink.net>
Date: Wed, Sep 20, 2017 at 8:41 AM
Subject: IT Help Desk !
To:
Important information from Outlook Web App Security Service.
From: AppIe <blarand@sodamixerz.com>
Subject: We noticed unusual activity from your account
Date: September 17, 2017 at 1:58:38 AM EDT
From: dave.rainville @ricoh-usa.com <donotreply @iofficecorp.com>
Date: Thu, Sep 14, 2017 at 5:48 AM
Subject: Asset Meter Reads
To: [ Brown email address ]
Pages
If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.