Date First Seen: April 22nd 2024

Sender: Email spoofed from receiver's email

Subject: I RECORDED YOU!

Abstract:

Hello there!

Unfortunately, there are some bad news for you.

Some time ago your device was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.

My trojan allowed me to access your files, accounts and your camera.

Check the sender of this email, I have sent it from your email account.

To make sure you read this email, you will receive it multiple times.

You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.

I RECORDED YOU (through your camera) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts, on social networks, the darknet and to publish all your files.

All you need is $1800 USD in Bitcoin (BTC) transfer to my account.

After the transaction is successful, I will proceed to delete everything.

Be sure, I keep my promises.

You can easily buy Bitcoin (BTC) here:

hxxps[:]//cex[.]io/buy-bitcoins
hxxps[:]//nexo[.]com/buy-crypto/bitcoin-btc
hxxps[:]//bitpay[.]com/buy-bitcoin/?crypto=BTC
hxxps[:]//paybis[.]com/
hxxps[:]//invity[.]io/buy-crypto

Or simply google other exchanger.

After that send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomicwallet, or: Exodus wallet, then receive and send to mine.

My Bitcoin (BTC) address is: [REDACTED]

Yes, that's how the address looks like, copy and paste my address, it's (cAsE-sEnSEtiVE).

You are given not more than 3 days after you have opened this email.

As I got access to this email account, I will know if this email has already been read.

Everything will be carried out based on fairness.

An advice from me, regularly change all your passwords to your accounts and update your device with newest security patches.

• Sender: Spoofed sender 
• Links: 
• hxxps[:]//cex[.]io/buy-bitcoins
  hxxps[:]//nexo[.]com/buy-crypto/bitcoin-btc
  hxxps[:]//bitpay[.]com/buy-bitcoin/?crypto=BTC
  hxxps[:]//paybis[.]com/
  hxxps[:]//invity[.]io/buy-crypto
• Attachments: None
• Message: The message uses a social engineering scare tactic trying intimidate and blackmail the user into sending money via Bitcoin.  

Date First Seen: April 21st 2024

From any of the following: 

wright7892@aol.com
jkang377@aol.com
kgomez557@yahoo.com
a.chu2122@yahoo.com
wright6588@gmail.com
chen65@zohomail.com
lpatel6588@gmail.com
white302@proton.me
ckwan456@gmail.com

Subject: For [A Certain Department]: Dean hiding writer of his dissertation

Abstract:

FYI
 

Find this short, interesting youtube clip: paste  " slick hide ''   in youtube search bar to find it.

Date First Seen: March 7, 2024

From: ESS@tulane.edu YJsuAPLq <koverkam@uni-muenster.de>

Subject: Tulane University Recent compliance!!!

Abstract:

Tulane Employee Self-Service (ESS) online pay portal has a new payroll compliance requirements and Calendar.
The payroll operation exists not just to pay people, but also to support the organization's.

Please follow here immediately to access this compliance requirements.

Let us direct you to the most recent compliance <h[x][x]ps://tarenot-obvious[.]top/tulane.edu>



Regards,
Tulane University



_______________________________________________________________________________________

CONFIDENTIALITY NOTICE:
The information (including any attachments) contained in this e-mail is privileged, confidential, may be exempt from disclosure under applicable law and intended only for the use of the individual or entity named above<https://click.dev.umich.edu/optout/i2tjlf/e7q1ffbd?s=8w-TfNPPYOqzb5GYmykJCjFpvmi7MKU-PxbXgVPxaqY>. The sender does not waive any of its rights, privileges or other protections respecting this information<https://click.dev.umich.edu/click/i2tjlf/e7q1ffbd/2domvm>. We reserve the right to monitor and disclose to others all e-mail communications, and cannot guarantee the confidentiality of any transmission<https://click.dev.umich.edu/click/i2tjlf/e7q1ffbd/q0lmvm>.

Bait:

• Sender: External Sender
• Links: <h[x][x]ps://tarenot-obvious[.]top/tulane.edu> 
• Attachments: No Attachments
• Message: The message uses a social engineering tactic by impersonating Tulane University. They include a confidentiality notice to seem more legitimate. 

Date First Seen: February 14, 2024

From: dennislewisr856@gmail.com

Subject: APPLY NOW

Abstract:

JOB ASSISTANT.pdf

ASSISTANCE ADMINISTRATIVE Dear Students.. Work at your convenience and earn $450 weekly. It's a Flexible part-time job. All the tasks are work from home and on campus, a job where you don't need to travel somewhere, and you don't need to have a car to get started. Please find the position and some basic information below.

Type Position:(REMOTELY) Part-Time Job Position (REMOTELY) During this time!!! Working from home would be great. Therefore, you have been offered a campus Administrative job Executive assistant for a data entry Job. This is a DATA ENTRY position, and no skills are required as you will be trained for the position Opportunity at the convenience of your home or dom, This will not affect your study...

Position:Executive Assistant/Bookkeeper For Students(REMOTELY)!!! 2-3 days a week

Pay Rate:$450 weekly Hours: Average of 3-7 hrs weekly Part- Time:Administrative Assistant For Student to Work Part -time(REMOTELY).

If interested, send your Full Name, Persoanal Email, Phone Number, Home Address, Age, Bank Name for review and interview to: hillr4528@gmail.com Application will be received, and you will get a response between 2- 24 Hours. Job Placement & Student Services Best Regards... Thanks For your Time...

Bait:

• Sender: External Sender
• Links: There are no links. However, the message asks you to reach out to an external email address with an alternative email to prevent it from being caught as junk and phishing. 
• Attachments: PDF containing external email to contact.
• Message: The message uses a social engineering tactic where there is an offer of employment that seems too good to be true.

Date First Seen: February 12, 2024

From: seanlance84@gmail.com

Subject: Job Offer Urgently Needed !!!!

Abstract:

Dear Students (1) (2).pdf

PDF:

ASSISTANCE ADMINISTRATIVE

An administrative assistant to perform various administrative tasks like making or receiving payment and sending gifts, keeping record and processing paperwork, when necessary, with a good weekly pay is needed, please find the position and some basic information below CLICK HERE

Position: Personal Assistant Type: Part-Time Job Pay:$450 weekly Hours: Average of 10 hrs weekly This position will be home-based and it's a flexible part time job, you can be working from home, School, or any location Job

Placement & Student Services

Bait:

• Sender: External Sender
• Links: h[x[x}ps://docs[.]google[.]com/forms/d/1T_NtJvBMCYUHp6jvmqYger0vnnvYp5WrWSXdynHWBq0/viewform
• Attachments: PDF containing message and google docs link.
• Message: The message uses a social engineering tactic where there is an offer of employment that seems too good to be true.

Date First Seen: November 7, 2023

From: IT Department <IT@encrypt-mail.net>

Subject: ChatGPT integration now available

Abstract:

[Microsoft logo box]

ChatGPT and Microsoft 365 Integration

 
Hi (Name),

The partnership between ChatGPT and Microsoft is underway! We are now able to integrate OpenAI within our Microsoft suite. With this partnership, we are hoping for the following benefits:

 
increased productivity
support for various languages
instant meeting minutes from Teams calls
automated discussions
 
We are currently in the process of finalizing the integration. In order for you to have access to these OpenAI capabilities, we need you to verify your account. To begin the process, please use the verification link below.

[clickable links]

Bait:

• Sender: External/third party. Do you recognize the sender?

• Link: Links are tricky because attackers can use them to hide malicious links. Hover over the link to check it before clicking.

• Attachment: none

• Message: AI is a hot topic in the world! Be careful when reviewing AI solutions and protect our data!

Date First Seen: July 20, 2023

From: adh2az@elearnmail.mtsu.edu

Subject: Request for Assistance

Abstract:

UNICEF EMPLOYMENT OPPORTUNITIES

I am sharing job opportunity information to students and staff who might be interested in a paid UNICEF Part-Time job with a weekly paid job of $500 USD that is currently available.  

If interested, Kindly contact Dr. Nicholas Hoffman via dr.nicholashoffman80[@]gmail.com with your alternate non-educational email address I.e., Gmail, Yahoo, Hotmail etc.) for details of employment .

N.B, this is strictly a work from home position.

Sign,
Academic Career Opportunity

Bait:

• Sender: External Sender
• Links: There are no links. However, the message asks you to reach out to an external email address with an alternative email to prevent it from being caught as junk and phishing. 
• Attachments: Attachment contains the message and alternate contact information.
• Message: The message uses a social engineering tactic where there is an offer of employment that seems too good to be true

Date First Seen: February 2, 2023

From: Tulane User Account <anyuser@tulane.edu>

Subject: Tulane Lucrative Career Development Oppurtunity $500

Abstract:

Hello Applicant ,

This position will be a home-based and flexible part time job, you can be working from home, School or any location.

About Job: It's a home base job that can be done anywhere either at home or campus which does not disturb any other of your school or work schedule, you can determine your working hour, just 2 hour a day $500 weekly and allowance would be added if all task is done diligently .

Kindly send your Full name and Age to <ericjordan1804@gmail[.]com> to show interest or send a text to  ‪<(929)[]445[-]2038>

Do not forget to send your Full name and Age to  (ericjordan1804@gmail[.]com) using only your alternative email address.

DO NOT FORGET TO TO SEND YOUR FULL NAME AND AGE TO (ericjordan1804@gmail[.]com) USING ONLY YOUR ALTERNATIVE EMAIL ADDRESS .

Regards

Bait:

• Sender: No signature, Tulane Account
• Links: There are no links. However, the message asks you to reach out to an external email address with an alternative email to prevent it from being caught as junk and phishing. 
• Attachments: There are no attachments.
• Message: The message uses a social engineering tactic where there is an offer of employment that seems too good to be true.

Date First Seen: January 30, 2023

From: rvcamp@gvtc.com

Subject: OPPORTUNITY TO OWN A PIANO

Abstract:

Dear Student/Faculty/Staff, 

One of our staff, Mrs.Hailey Macdonald downsizing and looking to give away her late dad's piano to a loving home. The Piano is a 2014 Yamaha Baby Grand used like new. I will not be checking this email often; you can write her to indicate your interest on her private email HaileyMacdonald11@outlook[.]com  to arrange inspection and delivery with a moving company. Please write Mrs.Hailey Macdonald via your  email for a swift response.

Best regards.

Anissa Lawton
Academic Coordinator

Bait:

• Sender: External Sender.
  Link: There are no links on this email. However the email asks you to contact another external email linked in the body of the message.
• Attachment: none 
  Message: The message instructs you to reach out to another external email to claim a free expensive item. 

Date First Seen: January 10, 2023

From: studentjasmin@transcendstem.org

Subject: IncomingFAX Document +61396002819

Abstract:

A DOCUMENT HAS BEEN
RECEIVED FROM +61396002819
Reference #: +61396002818
Result Code: SUCCESS

Pages: 2

Click the attachment below to view document.

PREVIEW ONLINE

Bait:

• Sender: External Sender. 
• Link: When you hover over the link, it goes to a random site. The site then asks for your username and password. 
• Attachment: None
• Message: The message instructs you to preview a document. This redirects you to a site that asks for your username and password.

Date First Seen: November 30, 2022

From: Tulane User Account <anyuser@tulane.edu>

Subject: E-Mail Login Portal

Abstract:

Our records indicate that your Office-365 has two different logins with two universities portals. Kindly indicate the two info logins as soon as possible. To avoid termination within 48hrs and to prevent loss of all emails associated with your account, we expect you to strictly adhere and address it.

We will process your request shortly.

If you have only one college account, fill in the correct user and password and submit but if you are in a dual credit college fill in the correct username and password for both schools and submit. If you have no knowledge about the request process, kindly update to cancel the request below.

Cancel The Request [linked to http[]//talksforonline[.]click]

Thank You.

©Microsoft 2022

Bait:

• Sender: IT notices should only come from IT related mailboxes. 
• Link: When you hover over the link, it goes to a random site. The site then asks for your username and password. 
• Attachment: None
• Message: The email is a scare tactic meant to trick you to action through a sense of urgency. Also, the message has several spelling/grammar issues.

Date First Seen: October 31, 2022

From: Tulane Password Management <tulanepassword@tulane.com>

Subject: Password Expiration:10/26/2022

Abstract:

[Office 365 logo]

Hello John,

Your john@tulane.edu Password expires today

You can continue using your current password below.

Keep Current Password [link]

[tuIane.edu Notification]

Bait:

• Sender: Not Tulane.edu. Tulane.com is not a Tulane site.

• Link: Goes to fake Microsoft login page.

• Attachment: none

• Message: The message uses a sense of urgency to try to prompt action. Make sure you check the link and recognize the sender before clicking the link.

Date First Seen: October 30, 2022

From: Tulane User Account <anyuser@tulane.edu>

Subject: Tulane University ( Final Notifications )

Abstract:

Our records indicated that your Office365 has two different logins with different 'University/College' portals. Kindly indicate the different login as soon as possible. To avoid termination within 24hrs, you are expected to strictly adhere and address it.

Failure to follow instructions would result in you losing your email account.

If you have only one college account, fill in the correct user and pass-code then submit. You are required to fill in the correct username and password for both schools before submission.

If you have no knowledge about the request process, kindly update to cancel the request below. CLICK HERE [phishing link]

IT Help-desk 

Copyright-Tulane University

Bait:

• Sender: The sender’s name does not match the signature of the email.

• Link: When you hover over the link, a Google Drive URL appears- a common method for hiding malicious items inside documents and files.

• Attachment: None

• Message: uses a sense of urgency to prompt action. Requests your login in credentials (user/passcode) The signature looks odd compared to standard emails. Emails that have copyright-Tulane University in the signature are phishy. Check for spelling/grammar.

Date First Seen: August 11, 2022

From: MailReport_Notification <notifications@employerondemand.com>

Subject: Your Storage Has Exceeded Its Limit

Abstract:

You have less than 3% of your undergrad.admission@tulane.edu storage capacity left and 5 pending messages. You are required to manage your storage to prevent mail malfunctioning.

Clear Some Space [linked button]

Notice: Action is required before August 12, 2022

Account Information: User: undergrad.admission@tulane.edu; Doman: tulane.edu

Bait:

• Sender: External/ third-party

• Link: an unrelated site

• Attachment: none

• Message: uses a sense of urgency to try to prompt action. Internal communications should come from Tulane.edu emails.

Date First Seen: August 10, 2022

From: Tulane User Account <directorexecutive621@gmail.com>

Subject: Request?

Abstract:

Hi, I am currently out of the office with limited phone accessibility Can you please step out to make a request for me

Thanks

Tulane Employee

Bait:

• Sender: External

• Link: none

• Attachment: none

• Message: uses a sense of urgency to prompt action. Malicious links or attachments usually come through in subsequent emails when you respond.

Date First Seen: July 30, 2022

From: Flipsnack <noreply@flipsnack.com>

Subject: Tulane University shared a flipbook with you!

Abstract:

[Flipsnack logo inside a dialogue attachment box]

Your online payroll information has been updated.

Read more on the shared document.

[clickable links]

Bait:

• Sender: External

• Link: an unrelated site.

• Attachment: none

• Message: Payroll information requests will never come from an unofficial third party. These will come from an official Tulane service, clearly marked Tulane.

Date First Seen: July 20, 2022

From: Tulane User Account <tmart@wavetulane.onmicrosoft.com>

Subject: Your Approval is Required

Abstract:

[DocuSign logo and dialogue attachment box]

Tulane User Name, sent you a document to review and sign.

Review Document [linked button]

Bait:

• Sender: External

• Link: Fake Docusign Link. If you hover over the link you will see it does not go to docusign.com.

• Attachment: none

• Message: Docusign requests are tricky because they may be legit, or they may not be. Make sure you check the link and recognize the sender before clicking the link.

Date First Seen: July 12, 2022

From: Administrative Notification <sgoncalves@psi.uminho.pt>

Subject: New Payroll Update for <someone@tulane.edu>

Abstract:

[External Sender. Be aware of links, attachments and requests.]

[Tulane University logo]

Recipient: labarchives@tulane.edu

2 New Notification Regarding Your 2022 Payroll

[phishing link]

Bait:

• Sender: External

• Link: an unrelated site.

• Attachment: none

• Message: Payroll information requests will never come from an unofficial third party. These will come from an official Tulane service, clearly marked Tulane.

Date First Seen: July 12, 2022

From: Tulane Person Shares "Tulane Review Session July 2022" with you

Subject: Tulane Person Shares "Tulane Review Session July 2022" with you

Abstract:

[Microsoft dialogue attachment box]

Tulane Person shared a file with you from Sharepoint.

FWD: President Michael Fitts shared a file with you using one drive.

[clickable links]

Bait:

• Sender: External/third party. Do you recognize the sender?

• Link: OneDrive and Sharepoint links are tricky because attackers can use them to hide malicious links. Hover over the link to check it before clicking.

• Attachment: none

• Message: Were you expecting a OneDrive or Sharepoint request?