CyberFish

 

Need to report a phishing email?
 
 

Phish Bowl

 

Did you receive a suspicious email?

Phishing is the top social attack on organizations and the most common cause of data breaches. There is no concrete way to prevent phishing attacks, so awareness and proactive responses by our community will always be our strongest line of defense.

If you received a suspicious message, look for Subject of the email below, click the + to expand the item, and read more about the phishing message.

Date First Seen: July 24th 2024

 

Sender: IT_Dept <shane@valleyrays.com>

 

Subject: Dear Team please review_pzd7 

 

Abstract:

lT Service

 

lmn Dear qflTeam,

You are to update your email (XXXXXX@tulane.edu) now because the CrowdStrike IT issues affected our domain and website "Tulane", all members must update now from below.

UpdateNow_Tulane_


Tulane.edu lT Service

Best Regards,

Henna Hammarberg

Document coordinator

+358 50 XXX XXXX

henna.hammarberg@rmcfinland.fi

Suojantie 5, 26101 Rauma, Finland

xxx[dot]rmcfinland[dot]fi

This e-mail with all attachments is a confidential message between 

Rauma Marine Constructions and the intended recipient(s). 

Unauthorized use of this e-mail or/and anything it contains is prohibited by law.

  • Sender: shane@valleyrays.com
  • Links: "UPDATE NOW_TULANE_" Hyperlink (hXXps://away[dot]vk[dot]com/away[dot]php?rh=83776cca-48f3-4c26-9cac-e6f1dc214f51), xxx.rmcfindland[dot]fi
  • Attachments: "jsk.pdf" (2x)
  • Message: The message uses a social engineering tactic luring users impacted by the recent global CrowdStrike incident to update their account in a fake portal.

     

     

Date First Seen: July 11th 2024

 

Sender: nicole.rogalski19@myhunter.cuny.edu, maxwell.aguilar17@myhunter.cuny.edu, alice.acheaa98@myhunter.cuny.edu, mary.finn98@myhunter.cuny.edu, ashwitha.thavasundaram79@myhunter.cuny.edu, amanda.kinkel09@myhunter.cuny.edu

 

Subject: Referral: Get Paid As A Remote Assistant

 

Abstract:

We are excited to offer you a flexible campus employment opportunity that allows you to work from home or school. This role is designed to help you cover your campus expenses with ease.

Job Highlights:

* Work up to 2-3 hour per day, 15 hours a week ( Flexible )

* Earn $850 weekly
* Flexible schedule, choose your own working hours

To learn more and apply, please copy and paste the following below form into your browser.

forms[x]gle/AucvZMQmJ2RU6GEs8

Take advantage of this convenient way to earn money while managing your studies!

  • Sender: @myhunter.cuny.edu domain
  • Links: forms[x]gle/AucvZMQmJ2RU6GEs8
  • Attachments: None
  • Message: The message uses a social engineering tactic pretending to offer an Assistant remote job and directs users to a Google Form to obtain your name, address, phone number, and email etc.

Date First Seen: June 25th 2024

 

Sender: Bray Elizabeth <belizabeth@sunapeeschoolsorg.onmicrosoft.com>

 

Subject: SCHOOL UPDATE!!!

 

Abstract:

Hello Staffs & Students,
 
All Email recipients are encouraged to take a shot at this job position. This is a part time school supported work that won't impact your ongoing business or employment as you'll be working remotely. It's satisfying and versatile.
 
Virtual
2-3 hours daily 
Five Hundred Fifty Dollars Weekly
Part-Time Job
 
Apply Here: hxxps://forms[x]office[x]com/r/zYpjrEuZcX
  • Sender: belizabeth@sunapeeschoolsorg.onmicrosoft.com
  • Links: hxxps://forms[x]office[x]com/r/zYpjrEuZcX
  • Attachments: None
  • Message: The message uses a social engineering tactic pretending to offer a Personal Assistant remote job and directs users to a Microsoft Office Form to obtain your name, address, phone number, and email.

Date First Seen: June 24th 2024

 

Sender: Lindsay <Redacted> sm186216528@gmail.com

 

Subject: Kindly send me your available cell number

 

Abstract:

Lindsay <Redacted>

Dean of Academic Libraries and Information Resources

  • Sender: Lindsay <Redacted> sm186216528@gmail.com
  • Links: None
  • Attachments: None
  • Message: The message uses a social engineering tactic, impersonating a Dean of Tulane, to obtain cell phone numbers and potentially other personal information.

Date First Seen: May 20th 2024

 

Sender: mramirezsi.mn.ics@gencat.cat

 

Subject: Job Opportunity

 

Abstract:

I`m offering a personal assistant position that pays $500 weekly, several  attempts to email you at your EDU Email keeps bouncing back due to the length of the job description, kindly provide a non EDU email address where I can forward job details, hours and pay if you are interested  in the personal assistant position Kindly contact Thomas Nicholas via thomasnicholasdr@gmail.com

 

NOTE: THIS IS STRICTLY A WORK FROM HOME POSITION. 

  • Sender: mramirezsi.mn.ics@gencat.cat
  • Links: None
  • Attachments: None
  • Message: The message uses a social engineering scare trying to phish personal information by contacting an external gmail account. 

Date First Seen: April 22nd 2024

 

Sender: Email spoofed from receiver's email

 

Subject: I RECORDED YOU!

 

Abstract:

Hello there!

Unfortunately, there are some bad news for you.

Some time ago your device was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.

My trojan allowed me to access your files, accounts and your camera.

Check the sender of this email, I have sent it from your email account.

To make sure you read this email, you will receive it multiple times.

You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.

I RECORDED YOU (through your camera) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts, on social networks, the darknet and to publish all your files.

All you need is $1800 USD in Bitcoin (BTC) transfer to my account.

After the transaction is successful, I will proceed to delete everything.

Be sure, I keep my promises.

You can easily buy Bitcoin (BTC) here:

hxxps[:]//cex[.]io/buy-bitcoins
hxxps[:]//nexo[.]com/buy-crypto/bitcoin-btc
hxxps[:]//bitpay[.]com/buy-bitcoin/?crypto=BTC
hxxps[:]//paybis[.]com/
hxxps[:]//invity[.]io/buy-crypto

Or simply google other exchanger.

After that send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomicwallet, or: Exodus wallet, then receive and send to mine.

My Bitcoin (BTC) address is: [REDACTED]

Yes, that's how the address looks like, copy and paste my address, it's (cAsE-sEnSEtiVE).

You are given not more than 3 days after you have opened this email.

As I got access to this email account, I will know if this email has already been read.

Everything will be carried out based on fairness.

An advice from me, regularly change all your passwords to your accounts and update your device with newest security patches.

  • Sender: Spoofed sender 
  • Links
  • hxxps[:]//cex[.]io/buy-bitcoins
    hxxps[:]//nexo[.]com/buy-crypto/bitcoin-btc
    hxxps[:]//bitpay[.]com/buy-bitcoin/?crypto=BTC
    hxxps[:]//paybis[.]com/
    hxxps[:]//invity[.]io/buy-crypto
  • Attachments: None
  • Message: The message uses a social engineering scare tactic trying intimidate and blackmail the user into sending money via Bitcoin.  

Date First Seen: April 21st 2024

 

From any of the following: 

wright7892@aol.com
jkang377@aol.com
kgomez557@yahoo.com
a.chu2122@yahoo.com
wright6588@gmail.com
chen65@zohomail.com
lpatel6588@gmail.com
white302@proton.me
ckwan456@gmail.com

Subject: For [A Certain Department]: Dean hiding writer of his dissertation

 

Abstract:

FYI
 

Find this short, interesting youtube clip: paste  " slick hide ''   in youtube search bar to find it.

See how the trick is done.  Shameful.

  • Sender: External Sender
  • Links: There are no links. However, the message asks you to search a specific item on youtube
  • Attachments: None
  • Message: The message uses a social engineering tactic trying to entice a user to go to a specific location on the web

Date First Seen: March 7, 2024

 

From: ESS@tulane.edu YJsuAPLq <koverkam@uni-muenster.de>

 

Subject: Tulane University Recent compliance!!!

 

Abstract:

Tulane Employee Self-Service (ESS) online pay portal has a new payroll compliance requirements and Calendar.
The payroll operation exists not just to pay people, but also to support the organization's.

Please follow here immediately to access this compliance requirements.

Let us direct you to the most recent compliance <h[x][x]ps://tarenot-obvious[.]top/tulane.edu>



Regards,
Tulane University



_______________________________________________________________________________________

CONFIDENTIALITY NOTICE:
The information (including any attachments) contained in this e-mail is privileged, confidential, may be exempt from disclosure under applicable law and intended only for the use of the individual or entity named above<https://click.dev.umich.edu/optout/i2tjlf/e7q1ffbd?s=8w-TfNPPYOqzb5GYmykJCjFpvmi7MKU-PxbXgVPxaqY>. The sender does not waive any of its rights, privileges or other protections respecting this information<https://click.dev.umich.edu/click/i2tjlf/e7q1ffbd/2domvm>. We reserve the right to monitor and disclose to others all e-mail communications, and cannot guarantee the confidentiality of any transmission<https://click.dev.umich.edu/click/i2tjlf/e7q1ffbd/q0lmvm>.

 

Bait:

  • Sender: External Sender
  • Links: <h[x][x]ps://tarenot-obvious[.]top/tulane.edu> 
  • Attachments: No Attachments
  • Message: The message uses a social engineering tactic by impersonating Tulane University. They include a confidentiality notice to seem more legitimate. 

Date First Seen: February 14, 2024

 

From: dennislewisr856@gmail.com

 

Subject: APPLY NOW

 

Abstract:

JOB ASSISTANT.pdf

ASSISTANCE ADMINISTRATIVE Dear Students.. Work at your convenience and earn $450 weekly. It's a Flexible part-time job. All the tasks are work from home and on campus, a job where you don't need to travel somewhere, and you don't need to have a car to get started. Please find the position and some basic information below.

Type Position:(REMOTELY) Part-Time Job Position (REMOTELY) During this time!!! Working from home would be great. Therefore, you have been offered a campus Administrative job Executive assistant for a data entry Job. This is a DATA ENTRY position, and no skills are required as you will be trained for the position Opportunity at the convenience of your home or dom, This will not affect your study...

Position:Executive Assistant/Bookkeeper For Students(REMOTELY)!!! 2-3 days a week

Pay Rate:$450 weekly Hours: Average of 3-7 hrs weekly Part- Time:Administrative Assistant For Student to Work Part -time(REMOTELY).

If interested, send your Full Name, Persoanal Email, Phone Number, Home Address, Age, Bank Name for review and interview to: hillr4528@gmail.com Application will be received, and you will get a response between 2- 24 Hours. Job Placement & Student Services Best Regards... Thanks For your Time...

 

Bait:

  • Sender: External Sender
  • Links: There are no links. However, the message asks you to reach out to an external email address with an alternative email to prevent it from being caught as junk and phishing. 
  • Attachments: PDF containing external email to contact.
  • Message: The message uses a social engineering tactic where there is an offer of employment that seems too good to be true.

Date First Seen: February 12, 2024

 

From: seanlance84@gmail.com

 

Subject: Job Offer Urgently Needed !!!!

 

Abstract:

Dear Students (1) (2).pdf

PDF:

ASSISTANCE ADMINISTRATIVE

An administrative assistant to perform various administrative tasks like making or receiving payment and sending gifts, keeping record and processing paperwork, when necessary, with a good weekly pay is needed, please find the position and some basic information below CLICK HERE

Position: Personal Assistant Type: Part-Time Job Pay:$450 weekly Hours: Average of 10 hrs weekly This position will be home-based and it's a flexible part time job, you can be working from home, School, or any location Job

Placement & Student Services

 

Bait:

  • Sender: External Sender
  • Links: h[x[x}ps://docs[.]google[.]com/forms/d/1T_NtJvBMCYUHp6jvmqYger0vnnvYp5WrWSXdynHWBq0/viewform
  • Attachments: PDF containing message and google docs link.
  • Message: The message uses a social engineering tactic where there is an offer of employment that seems too good to be true.

Date First Seen: November 7, 2023

 

From: IT Department <IT@encrypt-mail.net>

 

Subject: ChatGPT integration now available

 

Abstract:

[Microsoft logo box]

ChatGPT and Microsoft 365 Integration

 
Hi (Name),

 

The partnership between ChatGPT and Microsoft is underway! We are now able to integrate OpenAI within our Microsoft suite. With this partnership, we are hoping for the following benefits:

 
increased productivity
support for various languages
instant meeting minutes from Teams calls
automated discussions
 
We are currently in the process of finalizing the integration. In order for you to have access to these OpenAI capabilities, we need you to verify your account. To begin the process, please use the verification link below.

[clickable links]

 

Bait:

  • Sender: External/third party. Do you recognize the sender?

  • Link: Links are tricky because attackers can use them to hide malicious links. Hover over the link to check it before clicking.

  • Attachment: none

  • Message: AI is a hot topic in the world! Be careful when reviewing AI solutions and protect our data!

Date First Seen: July 20, 2023

 

From: adh2az@elearnmail.mtsu.edu

 

Subject: Request for Assistance

 

Abstract:

UNICEF EMPLOYMENT OPPORTUNITIES

I am sharing job opportunity information to students and staff who might be interested in a paid UNICEF Part-Time job with a weekly paid job of $500 USD that is currently available.  

If interested, Kindly contact Dr. Nicholas Hoffman via dr.nicholashoffman80[@]gmail.com with your alternate non-educational email address I.e., Gmail, Yahoo, Hotmail etc.) for details of employment .

N.B, this is strictly a work from home position.

Sign,
Academic Career Opportunity

 

Bait:

  • Sender: External Sender
  • Links: There are no links. However, the message asks you to reach out to an external email address with an alternative email to prevent it from being caught as junk and phishing. 
  • Attachments: Attachment contains the message and alternate contact information.
  • Message: The message uses a social engineering tactic where there is an offer of employment that seems too good to be true

 

Date First Seen: February 2, 2023

 

From: Tulane User Account <anyuser@tulane.edu>

 

Subject: Tulane Lucrative Career Development Oppurtunity $500

 

Abstract:

Hello Applicant ,

This position will be a home-based and flexible part time job, you can be working from home, School or any location.

About Job: It's a home base job that can be done anywhere either at home or campus which does not disturb any other of your school or work schedule, you can determine your working hour, just 2 hour a day $500 weekly and allowance would be added if all task is done diligently .

Kindly send your Full name and Age to <ericjordan1804@gmail[.]com> to show interest or send a text to  ‪<(929)[]445[-]2038>

Do not forget to send your Full name and Age to  (ericjordan1804@gmail[.]com) using only your alternative email address.

DO NOT FORGET TO TO SEND YOUR FULL NAME AND AGE TO (ericjordan1804@gmail[.]com) USING ONLY YOUR ALTERNATIVE EMAIL ADDRESS .


Regards

 

Bait:

  • Sender: No signature, Tulane Account
  • Links: There are no links. However, the message asks you to reach out to an external email address with an alternative email to prevent it from being caught as junk and phishing. 
  • Attachments: There are no attachments.
  • Message: The message uses a social engineering tactic where there is an offer of employment that seems too good to be true.

Date First Seen: January 30, 2023

 

From: rvcamp@gvtc.com

 

Subject: OPPORTUNITY TO OWN A PIANO

 

Abstract:

Dear Student/Faculty/Staff, 

One of our staff, Mrs.Hailey Macdonald downsizing and looking to give away her late dad's piano to a loving home. The Piano is a 2014 Yamaha Baby Grand used like new. I will not be checking this email often; you can write her to indicate your interest on her private email HaileyMacdonald11@outlook[.]com  to arrange inspection and delivery with a moving company. Please write Mrs.Hailey Macdonald via your  email for a swift response.

Best regards.

Anissa Lawton
Academic Coordinator

 

Bait:

  • Sender: External Sender.
    Link: There are no links on this email. However the email asks you to contact another external email linked in the body of the message.
  • Attachment: none 
    Message: The message instructs you to reach out to another external email to claim a free expensive item. 

Date First Seen: January 10, 2023

 

From: studentjasmin@transcendstem.org

 

Subject: IncomingFAX Document +61396002819

 

Abstract:

A DOCUMENT HAS BEEN
RECEIVED FROM +61396002819
Reference #: +61396002818
Result Code: SUCCESS

Pages: 2

Click the attachment below to view document.

PREVIEW ONLINE

 

Bait:

  • Sender: External Sender. 
  • Link: When you hover over the link, it goes to a random site. The site then asks for your username and password. 
  • Attachment: None
  • Message: The message instructs you to preview a document. This redirects you to a site that asks for your username and password.

Date First Seen: November 30, 2022

 

From: Tulane User Account <anyuser@tulane.edu>

 

Subject: E-Mail Login Portal

 

Abstract:

Our records indicate that your Office-365 has two different logins with two universities portals. Kindly indicate the two info logins as soon as possible. To avoid termination within 48hrs and to prevent loss of all emails associated with your account, we expect you to strictly adhere and address it.

We will process your request shortly.

If you have only one college account, fill in the correct user and password and submit but if you are in a dual credit college fill in the correct username and password for both schools and submit. If you have no knowledge about the request process, kindly update to cancel the request below.

Cancel The Request [linked to http[]//talksforonline[.]click]

Thank You.

©Microsoft 2022

 

Bait:

  • Sender: IT notices should only come from IT related mailboxes. 
  • Link: When you hover over the link, it goes to a random site. The site then asks for your username and password. 
  • Attachment: None
  • Message: The email is a scare tactic meant to trick you to action through a sense of urgency. Also, the message has several spelling/grammar issues.

Date First Seen: October 31, 2022

 

From: Tulane Password Management <tulanepassword@tulane.com>

 

Subject: Password Expiration:10/26/2022

 

Abstract:

[Office 365 logo]

Hello John,

Your john@tulane.edu Password expires today

You can continue using your current password below.

Keep Current Password [link]

[tuIane.edu Notification]

 

Bait:

  • Sender: Not Tulane.edu. Tulane.com is not a Tulane site.

  • Link: Goes to fake Microsoft login page.

  • Attachment: none

  • Message: The message uses a sense of urgency to try to prompt action. Make sure you check the link and recognize the sender before clicking the link.

Date First Seen: October 30, 2022

 

From: Tulane User Account <anyuser@tulane.edu>

 

Subject: Tulane University ( Final Notifications )

 

Abstract:

Our records indicated that your Office365 has two different logins with different 'University/College' portals. Kindly indicate the different login as soon as possible. To avoid termination within 24hrs, you are expected to strictly adhere and address it.

Failure to follow instructions would result in you losing your email account.

If you have only one college account, fill in the correct user and pass-code then submit. You are required to fill in the correct username and password for both schools before submission.

If you have no knowledge about the request process, kindly update to cancel the request below. CLICK HERE [phishing link]

IT Help-desk 

Copyright-Tulane University

 

Bait:

  • Sender: The sender’s name does not match the signature of the email.

  • Link: When you hover over the link, a Google Drive URL appears- a common method for hiding malicious items inside documents and files.

  • Attachment: None

  • Message: uses a sense of urgency to prompt action. Requests your login in credentials (user/passcode) The signature looks odd compared to standard emails. Emails that have copyright-Tulane University in the signature are phishy. Check for spelling/grammar.

Date First Seen: August 11, 2022

 

From: MailReport_Notification <notifications@employerondemand.com>

 

Subject: Your Storage Has Exceeded Its Limit

 

Abstract:

You have less than 3% of your undergrad.admission@tulane.edu storage capacity left and 5 pending messages. You are required to manage your storage to prevent mail malfunctioning.

Clear Some Space [linked button]

Notice: Action is required before August 12, 2022

Account Information: User: undergrad.admission@tulane.edu; Doman: tulane.edu

 

Bait:

  • Sender: External/ third-party

  • Link: an unrelated site

  • Attachment: none

  • Message: uses a sense of urgency to try to prompt action. Internal communications should come from Tulane.edu emails.

Date First Seen: August 10, 2022

 

From: Tulane User Account <directorexecutive621@gmail.com>

 

Subject: Request?

 

Abstract:

Hi, I am currently out of the office with limited phone accessibility Can you please step out to make a request for me

Thanks

Tulane Employee

 

Bait:

  • Sender: External

  • Link: none

  • Attachment: none

  • Message: uses a sense of urgency to prompt action. Malicious links or attachments usually come through in subsequent emails when you respond.

Date First Seen: July 30, 2022

 

From: Flipsnack <noreply@flipsnack.com>

 

Subject: Tulane University shared a flipbook with you!

 

Abstract:

[Flipsnack logo inside a dialogue attachment box]

Your online payroll information has been updated.

Read more on the shared document.

[clickable links]

 

Bait:

  • Sender: External

  • Link: an unrelated site.

  • Attachment: none

  • Message: Payroll information requests will never come from an unofficial third party. These will come from an official Tulane service, clearly marked Tulane.

Date First Seen: July 20, 2022

 

From: Tulane User Account <tmart@wavetulane.onmicrosoft.com>

 

Subject: Your Approval is Required

 

Abstract:

[DocuSign logo and dialogue attachment box]

Tulane User Name, sent you a document to review and sign.

Review Document [linked button]

 

Bait:

  • Sender: External

  • Link: Fake Docusign Link. If you hover over the link you will see it does not go to docusign.com.

  • Attachment: none

  • Message: Docusign requests are tricky because they may be legit, or they may not be. Make sure you check the link and recognize the sender before clicking the link.

Date First Seen: July 12, 2022

 

From: Administrative Notification <sgoncalves@psi.uminho.pt>

 

Subject: New Payroll Update for <someone@tulane.edu>

 

Abstract:

[External Sender. Be aware of links, attachments and requests.]

[Tulane University logo]

Recipient: labarchives@tulane.edu

2 New Notification Regarding Your 2022 Payroll

[phishing link]

 

Bait:

  • Sender: External

  • Link: an unrelated site.

  • Attachment: none

  • Message: Payroll information requests will never come from an unofficial third party. These will come from an official Tulane service, clearly marked Tulane.

Date First Seen: July 12, 2022

 

From: Tulane Person Shares "Tulane Review Session July 2022" with you

 

Subject: Tulane Person Shares "Tulane Review Session July 2022" with you

 

Abstract:

[Microsoft dialogue attachment box]

Tulane Person shared a file with you from Sharepoint.

FWD: President Michael Fitts shared a file with you using one drive.

[clickable links]

 

Bait:

  • Sender: External/third party. Do you recognize the sender?

  • Link: OneDrive and Sharepoint links are tricky because attackers can use them to hide malicious links. Hover over the link to check it before clicking.

  • Attachment: none

  • Message: Were you expecting a OneDrive or Sharepoint request?

Use SLAM to identify phishing emails:

 

SENDER
  • Hackers use a similar email address to the ones you are familiar with to trick you into opening the email.

LINKS
  • Hover over links to verify their legitimacy. Phishing emails contain malicious links used to steal login credentials.

ATTACHMENTS
  • Never open an email attachment from a suspicious sender or an unusual email address.

MESSAGE
  • Check for bait like generic greetings, misspellings, grammatical errors, or strange wording and requests.