Phish Bowl
A collection of scam emails and other suspicious communications.
If you've wondered what corresponding with an "are you available?" scammer might look like, here is a sequence of emails reported to us this afternoon that demonstrates the gradual escalation of the con artist.
From: Terrance Todd <dean.of.graduateschool.brown.e@gmail.com>
Date: Wed, Feb 6, 2019 at 3:15 AM
Subject:
From: Gordon Lawson <bgwil7@yahoo.com>
Subject: Tutor
Date: February 5, 2019 at 6:11:32 AM EST
Several students have reported receiving phone calls from people claiming to be from an IRS office in Texas, who threaten to sue their victims if they do not submit a certain tax form. These upsetting calls are unfort
We've added this example to the Phish Bowl because phishing emails warning about a new email policy and requesting that you "kindly click" on a bogus link never seem to go out of fashion.
The following emails, sent to Payroll Office and other financial staff, were targeted attempts to socially engineer (i.e., con) their way into changing direct deposit details and reroute money to the thief.
The iTunes and Amazon gift card phishing scheme has targeted faculty members at more than a dozen universities, including Brown.
This is a reminder that phishing can arrive via your phone and well as email, and since you're less likely to expect it this way, you may find it more unsettling than seeing it on a screen in front of you.
The responses in the following thread should look familiar to frequent visitors of the Phish Bowl and offer an opportunity to see how the scam progresses.
From: Christina Hull Paxson <christinahull.paxson@my.com>
Date: Tue, Jan 15, 2019 at 7:56 AM
Subject: Hi are you there
From: Terrance Todd <terrance.toddbrown@gmail.com>
Date: Sat, Jan 12, 2019 at 5:35 PM
Subject: Re: Hello
From: Terry Todd <jsukhan@mts.net>
Date: Mon, Jan 14, 2019 at 5:39 PM
Subject:
From: "Paul Todd" <paultodd987@gmail.com>
Date: January 14, 2019 at 11:31:26 PM
From: Terrance Todd <terrancetoddbrownedu@gmail.com>
Date: Tue, Jan 8, 2019 at 5:36 PM
Subject: Hello
The following is an example of a legitimate Google security notification, warning the recipient of suspicious activity occurring with their account.
Another variation on the "malware sextortion" scam, with this one including an old password in the receiver's address.
From: Terrance A.Todd <terrance.todd.brown.edu@gmail.com>
Subject: Happy holidays and Happy New Year?
From: Christina Paxson <cpaxson@my.com>
Subject: Urgent
Date: December 21, 2018 at 6:08:39 AM EST
While not reported here at Brown, other institutions that include universities * have been inundated with emails about phony bomb threats, in which the sender requests a sizab
The following brief email, reported by one of the people blindcopied on it, is most probably the first step in a phishing scam to hook those not paying attention to the header details.
Look out for job offers, like the following, that appear too good to be true (they usually are).
From: Terrance Todd <toddterrance003@gmail.com>
Date: Wed, Nov 28, 2018 at 6:34 PM
Subject:
The following alert, supposedly from Facebook, was reported today, providing a number of clues to its inauthenticity. Here are a few, can you spot any others?
From: Mark Spencer (via Google Drive) <markcarvertise@gmail.com>
Date: Fri, Nov 16, 2018 at 11:20 AM
Subject: Doc701234.docx
From: josiah_carberry@brown.edu
Sent: Thursday, November 15, 2018 3:36 PM
The ever popular "Are you available" phishing scam has been reported with a new twist: not only using a familiar Brown name and email address (though rendered improperly, see below) but also their picture.*
The Malware Sextortion Scam lives on in newly-reported phishing emails that threaten to send "crazy images from your dark secret life" and block your system if you do not reply within 48 hours.
The following spoofed email -- targeting some at Brown with the request "to do something for me a ASAP" -- tries to trick the recipient into thinking it is from someone they know.
The "Chinese Consulate" call is back (see 9/10 Phish Bowl post), with the same repeated message in Mandarin but with new numbers and differen
Be on the lookout for a scam that first appeared back in the 70's -- dubbed "phoner toner" -- which was recently reported here at Brown.
Pages
If you received one and do not see it here, please forward it to PhishBowl@brown.edu (after stripping off any attachments) so that the phishing email can be added to the page.