Phish Bowl
A collection of scam emails and other suspicious communications.
The ever popular "Are you available" phishing scam has been reported with a new twist: not only using a familiar Brown name and email address (though rendered improperly, see below) but also their picture.*
The Malware Sextortion Scam lives on in newly-reported phishing emails that threaten to send "crazy images from your dark secret life" and block your system if you do not reply within 48 hours.
The following spoofed email -- targeting some at Brown with the request "to do something for me a ASAP" -- tries to trick the recipient into thinking it is from someone they know.
The "Chinese Consulate" call is back (see 9/10 Phish Bowl post), with the same repeated message in Mandarin but with new numbers and differen
Be on the lookout for a scam that first appeared back in the 70's -- dubbed "phoner toner" -- which was recently reported here at Brown.
Phishing tip: Make sure the email sender's address passes the "domain test".
From: Amazon <lcomber@pioneeringtech.com>
Date: Tue, Oct 30, 2018 at 6:19 PM
Subject: Amazon Account Suspened
From: Jane Pisasale via Adobe Document Cloud <noreply@acrobat.com>
Date: Tue, Oct 30, 2018 at 7:50 AM
Subject: Executed Contract
We continue to receive reports of emails that threaten to send videos of their victims to their contacts unless the victims send them hundreds of dollars in bitcoins within 48 hours.
From: Gregory Fletcher <Gregory.Fletcher@ocsarts.net>
Date: Mon, Oct 15, 2018 at 12:26 PM
Subject: Re: ACH payment
To:
From: Jana Doe <janadoe.brown.edu@gmail.com>
Date: Mon, Oct 15, 2018 at 8:10 AM
Subject:
From: Doug Thomson <blumilk8965@gmail.com>
Date: Fri, Sep 28, 2018 at 5:54 PM
Subject: Re: Meeting on Tuesday
Another scam hitting University phones to avoid: a robocall that warns your account has been suspended and you need to respond to the call for your account to be reactivated.
Beware of the latest phone scam from a caller asking for organizational information, claiming to be from HR and providing a Brown staff member name that does not match the phone number in the online directory.
Beware of calls that appear to be coming from the Chinese Consulate that leave a repeated message in Mandarin, from numbers such as +12122449399 and +12122448293 but also with various area codes and prefixes.
Your phone rings -- you glance at the caller ID and notice that the number looks similar to yours -- so you answer it assuming it's someone you know but haven't put in your contact list yet.
From: cmitten@atomicmachines.com <cmitten@atomicmachines.com>
Date: Thu, Aug 23, 2018 at 1:01 AM
Members of the Brown community continue to report having received a phishy message from BrightCrowd.
In this clever scam, the sender referenced an actual Dell order that had payment processing issues and provided the correct associated number.
From: BROWN UNIVERSITY HELP DESK [various @yahoo addresses] OR
MIDLAND COLLEGE HELP DESK stevemark695@yahoo.co.uk
In an interesting twist on ransomware, scammers are sending emails that claim malware has been downloaded to your computer after you visited a porn site, triggering a recording of you via your webcam watching the site
Last summer we posted a warning from the Internal Revenue Service (IRS) about various types of scams that may target taxpayers this summer, inc
Another variation on the "I need you to perform a quick task for me" phishing scam, whose hallmarks are: from a familiar name, a
It starts as an urgent pop-up warning -- like the one below -- that directs you to install the Advanced Battery Saver app from the Google Play Store.
From: Sandy Isenstadt <gg376ff1@gmail.com>
Date: Wed, Jun 20, 2018 at 12:27 PM
Subject: Confirm
From: David Walker <davidwalker0199@gmail.com>
Date: Mon, Jun 18, 2018 at 11:42 AM
Subject: Administrative Support
To:
Attn
From: Gauthier, Nancy <nancy.gauthier@ucdsb.on.ca>
Date: Wed, May 16, 2018 at 5:48 AM
Subject: IT System Support !!!
From: OPR Science <alam@atzplanet.com>
Subject: OPR Science For Check No: 32034219236
Date: May 15, 2018 at 9:48:57 AM EDT
From: Facebook <firstusacapital@gmail.com>
Date: Sat, May 5, 2018, 12:23 PM
Subject: Alert
This Microsoft/Google Chrome critical warning spotted today contains a few suspicious characteristics that should clue you in to avoid its request for your rapid response. How many can you find?
Pages
If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.