Welcome to the Phish Bowl

How do I spot a phishing email?

3 signs you are possibly being scammed:

These are the latest campaigns seen by the Information Security Office. If you receive any other kinds of scamming or phishing messages, please forward the message to phishing@rice.edu.

2025/05/16 - 09:22:24 (UTC -05:00)

English Literature and Composition Offer

This phishing email tries to trick students by pretending to offer an online tutoring job, but it is fake and meant to steal money or personal information.

2025/05/13 - 11:30:37 (UTC -05:00)

Reminder: Staff Performance Review Reports Due

This phishing attempt impersonates an internal HR reminder to trick recipients into clicking a malicious link disguised as a staff performance review form.

Between 2025/05/04 and 2025/05/04

Action Required: Additional Information Needed to Confirm Work Authorization Form I-9 Electronic Signature Receipt Form I-9 Instructions for Authorized Representative Rice University Data Feed File: WS_EMP_UpdateEMP_050320250XXXX.csv on 5/3/25 Rice University: New Hire Form I-9 Employee Instructions

The phishing attempt likely exploited the mention of an I-9 form to appear official and urgent, aiming to trick users into entering credentials on a fake site.

2025-05-07 16:16 (UTC -06:00) - 2025-05-07 16:22 (UTC -06:00)

Musical Instruments & Gear Giveaway

Recently compromised Rice account sent out a mass email campaign to contact a phone number listed on the email to pay "shipping" fees for free items.

05.07.2025

Reminder: Submit Staff Review Form

This phishing email poses as a staff review reminder to trick recipients into clicking a malicious link. It uses professional language to appear legitimate but leads to a harmful site.

2025/05/01 - 09:25:47 (UTC -05:00)

Action Required: Review Your 2025 Individual Evaluation Report

This phishing email is a credential harvesting attempt that impersonates HR of austinisd.org, using urgency and a fake performance evaluation link to trick recipients into entering their login credentials.

2025-04-24 20:30 (UTC -06:00) - 2025-04-24 20:45 (UTC -06:00)

Rice University & Jobs - Project Manager (#R43343) Seasonal Warehouse Order Selector Sales Representative Senior Manager IT/System Administrator (Healthcare) Project Manager

Compromised student account from Arkansas State University sent out a mass job scam phishing campaign that attached a Google Form to collect address, phone #, emails

2025-04-24 03:45 (UTC -06:00) - 2025-04-24 15:58 (UTC -06:00)

ttention Required: * Notification 3 pending messages.

Phishing campaign targetting mailing list servs and students with spoofed headers. Malicious link was already blocked by PP

2025/04/23 - 14:25:00 (UTC -05:00)

Chemistry Tutoring Offer

The scammer pretends to hire you for tutoring, sends a fake check for money, and then asks you to refund the difference before the check bounces.

2025/04/22 - 14:10:36 (UTC -05:00)

Pending for payment.

The message uses fear tactics, fake technical claims, and urgency to pressure the victim into paying.

2025-04-08 17:30 (UTC -06:00) - 2025-04-08 17:34 (UTC -06:00)

08-04-25 STAFF DIRECTORY EVALUATION REPORTS

Message contains link to Google Doc claiming to be a staff directory evaluation report

2025/04/07 - 18:08:35

Refund Disbursement Re: Federal aid Overpayment Refund Disbursement Student Refund Disbursement Your Federal Aid is ready

The email contains a link that impersonates the Rice authentication page.

2025/04/06 - 13:09:38 (UTC -05:00)

Spring Quarter Aid Your Federal Aid and Pell Grants Financial Aid Notification Alert Re: Spring Quarter Aid Re: Your Federal Aid and Pell Grants Re: Financial Aid Notification Alert Fwd: Spring Quarter Aid Fwd: Your Federal Aid and Pell Grants Fwd: Financial Aid Notification Alert Cece Gonzalez (BIOS 321 001 Sp25), you just sent a message in Canvas. Cece Gonzalez (PSYC 202 001 Sp25), you just sent a message in Canvas. Cece Gonzalez (ENGL 383 002 Sp25), you just sent a message in Canvas. Cece Gonzalez (ENGL 321 001 Sp25), you just sent a message in Canvas. Cece Gonzalez (BIOS 321 001 Sp25), you just sent a message in Canvas. Cece Gonzalez (ANTH/LING 200 001 Sp25), you just sent a message in Canvas.

The email contains a link that impersonates the Rice authentication page.

2025/03/20 - 20:01:22 (UTC -05:00)

ASSEMBLE WITH US

The email has no content in the body.

2025/03/18 - 00:36:46 (UTC -05:00)

Your private information has been stolen because of suspicious events.

A hacker claiming to have gained access to a victim’s computer, spying on their activities, and threatening to release compromising videos unless a ransom is paid in Bitcoin.

2025-03-06 05:29 (UTC -06:00) - 2025-03-12 11:56 (UTC -06:00)

Seeking a Math's Tutor for 10th Grade Student Seeking qualified tutor for expert guidance.

Sender poses as parent looking for math tutor, will ask for money to support student after corresponding with victim for 2-3 emails

2025-02-17 11:02 (UTC -06:00) - 2025-02-25 06:55 (UTC -06:00)

Seeking a Chemistry Tutor for our daughter Seeking a Physics Tutor for Our Daughter Seeking a Linguistics Tutor for our daughter Seeking a Biology Tutor for Our 10th Grade Daughter Seeking for an English Tutor for our daughter

Similar to previous tutor financial scam campaigns where sender will ask for tutoring assistance then ask for a sum of money to support the student receiving the tutoring services

2025-02-11 23:11 (UTC-06:00) - 2025-03-03 10:18 (UTC -06:00)

Please confirm to continue.

Message urged users to confirm their email account by entering their credentials into a fraudulent email login portal

2025-02-27 07:47 (UTC -06:00) - 2025-02-27 10:52 (UTC -06:00)

INTERNSHIP APPLICATION

Sender's emails contained a PDF asking recipients to text an unknown phone number and send PII.

2025-02-26 13:02 (-06:00 UTC) - 2025-02-27 04:02 (-06:00 UTC)

"[Eresources] Warning Notice: eresources@rice.edu Please Reconfirm Email." stat_phdstudents post from stat.rice.edu requires approval stat_faculty post from stat.rice.edu requires approval

Mailman moderator request for financial scam message that contained fake invoice

2025-02-24 01:02 (UTC-0:600) - 2025-02-2 09:02 (UTC-06:00)

cmor_dept post from rice.edu requires approval stat_faculty post from stat.rice.edu requires approval stat_phdstudents post from stat.rice.edu requires approval CHEMHELP post from rice.edu requires approval [Chemistry Chair] You have 18 messages pending on the server [Eresources] You have 18 messages pending on the server

Link blocked by Proofpoint but likely lead to fraudulent email client login page

2025-02-13 00:38 (UTC -06:00) - 2025-02-17 08:53 (UTC -06:00)

Your private information has been stolen because of suspicious events.

Sender blackmailed recipients claiming to have the power to send inappropriate videos of them to their contacts unless they paid $950 in BTC to the sender

2025/02/14 - 09:54:47 (UTC -06:00)

Opportunity To Acquire 2014 Airstream Sport Travel Trailer

This phishing email falsely claims that a donation of a 2014 Airstream Travel Trailer is available, urging recipients to contact a provided email address to arrange the donation.

2025-02-12 16:19 (UTC -06:00) - 2025-02-13 11:40 (UTC -06:00)

Payment from your account.

Threat actor emailed Rice users with a spoofed header to back their claims of infiltrating each recipient's account. Email asks recipients to send bitcoin to stop them from leaking personal information.

2025-02-05 15:08 (UTC -06:00) - 2025-02-12 13:10 (UTC -06:00)

You added a new address

Sender posed as PayPal with fake MacBook M4 Max invoice asking recipient to call PayPal support with fake number to verify account security (likely to obtain credentials and payment)

2025/02/11 - 09:44:58 (UTC -06:00)

Congratulations! You can get a $100 Costco reward!

This is a phishing attempt that falsely claims to offer a $100 reward for completing a survey about Costco, with a malicious link designed to steal personal information or install malware.

2025-02-11 18:46 (UTC -06:00) - 2025-02-11 20:32 (UTC -06:00)

Re: HI Williams, Lealia shared rice.edu_Resources2025 with you Re: Williams, Lealia shared president@rice.edu_Resources2025 with you Williams, Lealia shared 2025 EMPLOYEE WORK CALENDAR with you Williams, Lealia shared president@rice.edu_Resources2025 with you

Compromised SIUE account sent SharePoint link posing as an employee resources document from President DesRoches

2025/02/11 - 14:05:18 (UTC -06:00)

[Eresources] Notification of 4 pending messages. Notification of 4 pending messages. [Chemistry Chair] Notification of 4 pending messages.

The phishing email tries to trick the recipient into clicking a malicious link by pretending to be a notification from Rice University.

2025-02-09 08:55 (UTC -06:00) - 2025-02-09 09:50 (UTC -06:00)

Private Lesson Private Lesson Needed Private Tutor Needed Chemistry Tutor Needed Private Chemistry Tutor Needed

Sender requested tutoring services from students they found on Rice's online directory and asked them to pay $1.1k to financially assist sender's daughter. This user has also already appeared in the exact same phishing campaign 2/4/25

2025-02-06 16:08 (UTC -06:00) - 2025-02-06 17:17 (UTC -06:00)

POSITION OPEN POSITION

Emails were part of a job scam containing a PDF asking students to send PII for a fake assistant position

2025-02-04 13:15 (UTC -06:00) - 2025-02-05 11:43 (UTC -06:00)

Pension Reviews and Updates

Phishing campaign targeting Rice University staff, asking them to schedule Calendly meetings for "Pension Retirement Review". Sender is a threat actor posing as a professional financial consultant.

2025-02-03 17:57 (UTC -06:00) - 2025-02-03 19:29 (UTC -06:00)

Private Lesson Needed Chemistry Tutor Needed Private Lesson

Sender requested tutoring services from students they found on Rice's online directory and asked them to pay $1.1k to financially assist sender's daughter

2025-01-30 21:05:39.271562-05:00-2025-01-31 10:33:28.236709-05:00

"Internship Job Position"

Campaign that contained PDF attachments asking recipients to send PII for a fake internship offer

2025-01-30 11:23 (UTC -06:00) - 2025-02-03 07:27 (UTC -06:00)

INTERNSHIP OPPORTUNITY INTERNSHIP OFFER

Senders impersonating DHHS outreach official asking for picture/passport, full name, gender, address, alternate email, age, and mobile number of Rice students

2025-01-23 06:28 (UTC -06:00) - 2025-01-27 17:15 (UTC -06:00)

Good-News Part-Time Remote Job Offer Seasonal Available Tech Program Tech Program Good News Tech Program Offer Tech Offer Remote Tech Project Data Tech Program Available Remote Job Offer Remote Data Entry Position Remote Tech OFFER Remote Tech Offer Data Entry Remote Position Tech Remote Offer Tech Data Program Best Regards!! Seasonal Remote Offer Tech Offer Program Program Remote Offer Remote Data Position Program Tech Remote Program Good News!! Remote Tech Program Data Entry Position Offer Tech Program Remote Seasonal Program Available Remote Position Remote Job Offer Remote Offer Data Entry Remote Offer Seasonal Tech Program Seasonal Remote Program Part-Time Tech Program Seasonal Remote Job

Large scale job scam campaign run from multiple address posing as Rice professor(s) advertising tech / data job and asking for personal information

2025/01/23 - 17:26:09 (UTC -06:00)

WRG Texas - RFI 001318

The attacker compromised the domain "wrgtexas[.]com" and sent emails from some of its addresses, including a malicious attachment and link.

2025/01/23 - 18:04:07 (UTC -06:00)

DUE Invoice# INV0168

The email includes a malicious link designed to deceive users by falsely claiming their email storage is full, persuading them to click the link to supposedly increase their storage capacity.

2025-01-23 8:25 - 9:52 (UTC -06:00)

Data Entry Remote Position Good Morning Available Remote Data Placement Available Tech Position

Messages contained PDF directing students to contact them with personal credentials in order to apply for a data job position

Wed Jan 15 2025 00:00:00 GMT-0600 (Central Standard Time)

Compensation and Benefits Overview Document.

The email appears to come from a sender impersonating Rice HR. It falsely claims to be preparing to distribute the "Compensation and Benefits Overview" document and asks recipients if they prefer to receive it via email. The sender’s email address is clearly not associated with Rice HR, which is a red flag. The intent of the email is likely to distribute a malicious attachment under the guise of sharing the document.

2025/01/11 - 10:15:24 (UTC -06:00)

New Payment Declaration Message

This phishing email pretends to be about a Health Care FSA payment and urges the recipient to click a link to view a disbursement.

2025-01-14T08:04:25-06:00

Invitation; Internship Offer

The attacker lures undergraduate students by offering a remote internship with part-time work and competitive pay, emphasizing tasks like research, data analysis, and teamwork, while subtly extracting personal details during the application process.

2025/01/13 - 15:05:00 (UTC -06:00)

noreply

This phishing email threatens to release personal information unless the recipient pays a ransom in Bitcoin. It uses fear and urgency to trick the victim into making a payment, but the claims are false and there's no real threat.

1/9/2025 between 8 and 9:30 PM

"Final Notice: Verify Your Account to Avoid Deactivation" "Set Up Mandatory MFA Today" "Remote Support (Service)" "Important Information Regarding Your 2024-2025 FAFSA"

These phishing emails contain links intended to deceive recipients into providing sensitive information or making unauthorized payments by pretending to offer financial aid.

2025/01/09 - 20:09:46 (UTC -06:00)

Open Invitation: Spring Internship for Undergraduate Students

The attacker lures undergraduate students by offering a remote internship with part-time work and competitive pay, emphasizing tasks like research, data analysis, and teamwork, while subtly extracting personal details during the application process.

45666

Final Notice: Verify Your Account to Avoid Deactivation

Message stated that the customers account would be deactivated if they did not verify their account. The link led to a site with a modified mockup of a user authentication session.

2025/01/06 - 08:30:18 (UTC -06:00)

Reginald DesRoches

This scam email pretends to be from the president of the university, asking for the recipient's number/WhatsApp number to trick them into sharing personal information.

2024/12/27 - 09:31:44 (UTC -06:00)

FREE ITEMS YOU MAY NEED!!

The email designed to deceive recipients by offering free high-value items from "Professor Brandon Pettry," with the goal of collecting personal information or gaining access to other targets' sensitive data through fake inquiries.

2024/12/19 - 20:57:56 (UTC -06:00)

Research Opening Research Recruitment-Data Analysis Research Assistance -Data Analysis Part-time Research Position

This job scam contains a contact person's email.

45646

Account Update: Chargeback Reversal

This email is posing as american express, telling users they have adjusted their chargeback payment options to reflect a certain amount. The email prompts users to press link on a button to view charge back status. Most likely to conduct a financial scam.

45646

Welding Tools Offer

This email is asking recepients to get in touch with Rebecca Marty (RebeccaMarty1@outlook[.]com who is giving away welding equipment of her late husband. Most likely to conduct financial scam

45644

Musical Items For Giveaway

Email was about giving away musical instruments and was asking to cover only shipping costs

2024/12/15 - 12:20:22 (UTC -06:00)

>> Your account is hacked. Your data is stolen. Learn how to regain access.

This phishing email is an extortion attempt where the sender falsely claims to have compromised your computer and demands a Bitcoin payment to prevent the release of embarrassing or damaging information.

2024/12/16 - 15:27:59 (UTC -06:00)

You've got a money request Invoice from stephen dickstein (0009)

This is a phishing attempt pretending to be PayPal, warning you about an unfamiliar money request, while trying to get you to click a malicious link to steal your information.

2024/12/10 - 08:12:46 (UTC -06:00)

No Subject

Message offered night shift work for $500 a week to Rice students and staff

2024-12-10 05:56 - 07:17:2 (UTC -0:600)

Blank subject

Message offered night shift work for $500 a week to Rice students and staff

2024/12/05 - 11:26:22 (UTC -06:00)

This money request has been updated.

Pretends to be PayPal to deceive recipients into responding to a fake money request.

2024/11/05 - 2024/12/05

Invoice from Don't recognize the seller?Quickly let us know

The phishing email pretend to be PayPal, claiming a unknown invoice payment is due and urges recipients immediate to call the number attached in the message.

Sat, 30 Nov 2024 15:27:12 PM (CST)

Action Required: Complete Your Email Migration

This email was sent from a compromised account and contains a malicious link intended for credential harvesting.

2024/12/02 - 14:18:28 (UTC -06:00)

Reminder: You've still got a money request

The phishing email pretends to be PayPal, claiming a $899.99 payment request from "Scrap Love Bindery" due to a "technical error" and urges immediate payment through a suspicious link.

2024/11/29 - 15:37:56 (UTC -06:00)

Unleash your brilliance, join our team!

Fake Job offer to harvest user phone numbers

2024/11/29 - 15:37:56 (UTC -06:00)

Unleash your brilliance, join our team!

Fake Job offer to harvest user phone numbers

2024/11/21 - 15:59:17 (UTC -06:00)

Part-Time Remote Interdisciplinary Research Opportunity – $350/Week

This phishing email pretends to offer a $350/week research job to collect personal information using a fake professor's identity.

2024/11/19 - 13:22:00 (UTC -06:00)

Secure Message Pending Review for [recipient's full name]

This is part of the same phishing campaign as the monkeypox email, containing the same malicious link.

2024/11/18 - 09:34:23 (UTC -06:00)

Rehoming of Some Welding Tools Box & A Fender Electric Guitar !!!

This phishing email falsely claims a Rice University staff member is giving away valuable items and asks recipients to contact a fraudulent email address to express interest.

Tue Nov 19 2024 14:09:20 GMT-0600 (Central Standard Time)

Time-Sensitive: Monkeypox Case Confirmed Urgent Update: Confirm Recent Contact with Student Action Required: Verify Contact with Monkeypox Case

The phishing email alleges that a student recently diagnosed with monkeypox virus had close contact with the recipient and contains a malicious link for more information.

2024/11/19 - 14:08:25 (UTC -06:00)

Time-Sensitive: Monkeypox Case Confirmed Action Required: Verify Contact with Monkeypox Case

The phishing email alleges that a student recently diagnosed with monkeypox had close contact with the recipient and contains a malicious link for more information.

2024/11/19 - 14:03:14 (UTC -06:00)

Urgent Update: Confirm Recent Contact with Student

The phishing email alleges that a student recently diagnosed with monkeypox virus had close contact with the recipient and contains a malicious link for more information.

2024/11/09 - 10:05:30 (UTC -06:00)

Exciting Call for Participation

Job scam that asked students for their full name, resume, cell phone number, department, and year of study.

2024/11/10 - 20:43 - 20:48 (UTC -06:00)

PERSONAL ADMINISTRATIVE ASSISTANT

Job scam that asked students for their full name, cell phone number

2024/11/01 - 06:10:43 (UTC -05:00)

Campus financial aid, work study and internship

Scammer posing as Rice financial aid targeted students with fake job application asking for personal information such as major, phone number, and an alternate email address.

2024/11/06 - 09:33:13 (UTC -06:00)

Delivery status notification.

Attackers are attempting to intimidate users by claiming they possess inappropriate videos of them and threatening to release these videos unless the money is paid.

2024/10/09 - 2024/11/05 (UTC -05:00)

Reminder: You've still got a money request

It ask user to make a transaction and trick the user to login to their PayPal account

2024/11/04 - 18:46 - 18:52 (UTC -05:00)

Exciting Call for Participation

Job scam that asked students for their full name, resume, cell phone number, department, and year of study

2024/11/01 - 06:44 - 08:21:13 (UTC -05:00)

Campus financial aid, work study and internship

Scammer posing as Rice financial aid targeted students with fake job application asking for personal information such as major, phone number, and an alternate email address

2024-11-03 - 18:20 - 18:29 (UTC -05:00)

Exciting Call for Participation

Job scam that asked students for their full name, resume, cell phone number, department, and year of study

2024-10-31 - 08:02 - 08:10 (UTC -05:00)

Campus financial aid, work study and internship

Same as previous post, just with a different sender address

2024-10-31 - 08:16 - 08:31 (UTC -05:00)

Campus financial aid, work study and internship

Scammer posing as Rice financial aid targeted students with fake job application asking for personal information such as major, phone number, and an alternate email address

2024-10-16 - 2024-10-18

Rehoming of Some Musical Instruments !!!

Malicious actor poses as Rice professor who is looking to give away musical instruments, message contains secondary reply-to adddress: balcine1942@outlook[.]com

2024/10/03 - 2024/10/07

Vacant Positions for undergraduate & Alumni Vacant Positions

It contains a pdf with application instructions. They request that recipients share their name, phone number, and email address by replying to the email address.

2024/10/14 - 10:26:10 (UTC -05:00)

A new payment plan has been authorized.

The attacker alleges they possess inappropriate videos of the recipients and threatens to release them to friends, family, or colleagues if the demanded payment is not made.

2024/10/09 - 19:23:04 (UTC -05:00)

Career Opportunity undergraduate and graduate job application undergraduate job applicattion Vacant Positions for undergraduate Vacant Positions for undergraduate & Alumni

It contains a pdf with application instructions. They request that recipients share their name, phone number, and email address by replying to the email address.

2024/10/09 - 19:23:04 (UTC -05:00)

Career Opportunity undergraduate and graduate job application undergraduate job applicattion Vacant Positions for undergraduate Vacant Positions for undergraduate & Alumni

It contains a pdf with application instructions. They request that recipients share their name, phone number, and email address by replying to the email address.

TEST

TEST

TEST

2024/10/09 - 19:18

undergraduate job applicattion

It contains a pdf with application instructions. They request that recipients share their name, phone number, and email address by replying to the email address.

2024/10/03 - 21:08:49 (UTC -05:00)

Vacant Positions Internship Positions Career Opportunity

It contains an attachment with application instructions. They request that recipients buy some equipment and then promise to refund their money.

2024/10/07 - 12:55:28 (UTC -05:00)

Reginald DesRoches

The attacker pretended to be "Reginald DesRoches" and requested the recipients' phone numbers right away.

2024/09/30 08:09 - 11:26 (UTC -5:00)

Assistant Position (Rice University)

Sender posed as JAW management in scam campaign targeting students and faculty

2024/09/26 - 22:51:24 (UTC -05:00)

You have been hacked

The attackers allege that the user was hacked by them. They threaten to share the user's videos on social media if the debt is not paid.

2024/09/16 - 10:43:06 (UTC -05:00)

Research Position ( Rice University)

Sender posed as member of a Rice dean's office and Rice professor Gisela Heffes to obtain students' full name, email addresses, year of study, and department

2024/09/13 08:26 (UTC -5:00) - 08:30 (UTC -5:00)

Internship and Work Study Programs

Sender posed as CCD advertising student jobs on campus in order to obtain students' major, phone number and alternate email address (continuation of earlier campaign with a new address)

2024/09/11 - 14:01:38 (UTC -05:00)

RICE UNIVERSITY

The attacker impersonates Andrew Billing to donate a piano.

2024/09/12 06:58 (UTC -5:00) - 9:06 (UTC -5:00)

Internship and Work Study Programs

Sender posed as CCD advertising student jobs on campus in order to obtain students' major, phone number and alternate email address

2024/09/06 11:25 (UTC -05:00) - 2024/09/06 12:41 (UTC - 05:00)

Open position (Rice University) Research Assistant (Rice University) Position Assistant (Rice University)

Sender posed as member of a Rice dean's office and Rice professor Gisela Heffes to obtain students' full name, email addresses, year of study, and department

2024/09/04 - 2024/09/05

Data Analysis Project Assistant Rice.edu

The attacker impersonates Professor Dan S. Wallach to offer remote research assistant positions.

2024/09/04 - 2024/09/05

Data Analysis Project Assistant Rice.edu

The attacker impersonates Professor Dan S. Wallach to offer remote research assistant positions.

2024/09/02 - 07:27:23 (UTC -05:00)

Employment Internship Program

The content of email just include an attachment with no hash record. The file name is "internship.txt".

2024/09/02 - 10:20:57 (UTC -05:00)

Virtual Office Needed

The content of email just include an attachment with no hash record. The file name is "Job Offer Details".

2024/08/30 - 05:29:37 (UTC -05:00)

Rice University funds transfer.

The email contains a link that requests your Social Security Number and bank card information.

2024/08/28 - 12:12:28 (UTC -05:00)

Retired Staff Member's Generous Donation: Musical Instruments

The attacker impersonates Michelle Kaltenbach to donate two instruments.

2024/08/10 - 07:40:54 (UTC -05:00)

Summer Notice! Generosity of Mrs. Julie Francis

The attacker impersonates Elaine Britt to sell welding machines.

2024/07/31 - 07:51:22 (UTC -05:00)

Disposal Of TIG Welding Tools And Equipment

The attacker impersonates Reginald DesRoches to sell welding machines.

2024/07/26 - 16:13:21 (UTC -05:00)

Document shared with you: Compensation_statement_for_faculty_and_staff_members_at_ Rice University.docx

The email contains a link to a webpage with a button labeled "pay_status," which redirects to a Google Form requesting credentials and a DUO passcode.

Mon Jul 29 2024 01:00:00 GMT-0500 (Central Daylight Time)

Job scam. They are providing the gmail address to the users to contact with them.

2024/07/22 - 08:16:44 (UTC -05:00)

Generous Offer: Acquire High-Quality Equipment

The attacker assumes Charles Bartel's identity by selling some professional equipment. He is from "Duquesne University".

2024/07/22 - 10:19:18 (UTC -05:00)

WELDER TOOLS

The attacker impersonates George Andrews (George.Andrews@rice[.]edu) to sell welding machines.

2024/07/22 - 10:19:18 (UTC -05:00)

WELDER TOOLS

The attacker assumes George Andrews's identity.

2024/07/15 - 08:42:50 (UTC -05:00)

RESEARCH ASSISTANT POSITION

Fake job opportunities from a Russia company.

2024/07/09 - 15:01:15 (UTC -05:00)

Urgent request Quick response

The attacker is requesting a prompt call from the user.

2024/07/05 - 11:48:59 (UTC +08:00)

Academic Achievement Data Analyst, Personal Assistance, Bookkeeper Flexible Job Program & internship DATA ANALYST, PERSONAL ASSISTANTS, BOOKKEEPER

Job Scam and the emails include the attachments.

2024/07/07 - 10:07:04 (UTC -05:00)

I own very sensitive information about your web activities

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/06/30 - 06:15:25 (UTC -05:00)

I own very sensitive information about your web activities

Threaten users and extort Bitcoin.

2024/06/26 - 19:12:57 (UTC -05:00)

APPLICATION FORM OPPORTUNITY SEEKERS

Fake job opportunities asking for personal data.

Tue Jun 25 2024 01:00:00 GMT-0500 (Central Daylight Time)

A variant of the recipients name

Messages are variants of the following. , H‎e‎llo thi‎s‎‎ is‎ t‎he S‎t‎ud‎ent‎-Lo‎a‎‎n‎ De‎bt D‎epartmen‎t‎. ‎We ‎tried‎ to‎ contac‎t ‎y‎‎‎ou a‎t ‎you‎r h‎om‎e ‎and d‎i‎d no‎t‎ h‎ea‎r back. ‎‎Y‎‎ou‎‎r Studen‎t L‎oan‎s ‎hav‎e ‎b‎e‎e‎n‎ m‎‎a‎r‎‎ked‎ a‎s‎ p‎o‎‎ssi‎b‎ly‎ e‎ligib‎le for forgi‎ven‎e‎‎ss ‎u‎n‎der th‎‎e‎ ‎‎n‎e‎w ‎202‎‎4‎ gui‎d‎eli‎n‎es. Yo‎‎u‎r case‎ nu‎mber ‎i‎s ‎, a‎nd ‎yo‎u‎r f‎i‎‎‎le‎ ‎w‎‎‎ill remain op‎‎en ‎in‎ m‎y syste‎m‎ f‎o‎r o‎n‎ly‎‎‎ one m‎o‎r‎‎‎e‎ ‎‎d‎‎a‎y‎. ‎If you c‎o‎u‎ld ‎‎plea‎s‎e g‎iv‎‎e‎‎ y‎ou‎r‎ ‎de‎d‎i‎ca‎‎ted el‎ig‎ibil‎ity l‎ine‎ ‎a c‎‎all a‎t‎‎: (8‎55)‑78‎9‎‑‎15‎‎8‎‎0. O‎ur‎ ‎‎‎of‎‎‎‎f‎‎i‎‎‎c‎‎e h‎‎‎our‎s‎ ‎ar‎e ‎‎9‎‎a‎m‎-‎‎5p‎‎‎m‎ ‎(‎‎P‎‎‎S‎‎T‎)‎‎‎ ‎‎M‎ond‎a‎y‎‎-‎‎F‎r‎i‎da‎‎‎y‎‎‎.‎‎ ‎T‎‎h‎a‎‎n‎‎‎‎k‎‎‎‎‎ ‎‎‎‎y‎ou‎‎‎‎ s‎‎o ‎m‎‎‎u‎‎c‎‎h‎ ‎‎a‎‎nd ‎‎w‎‎‎e h‎‎op‎‎e‎‎ ‎to‎ ‎‎‎‎hea‎‎‎‎r ‎‎‎f‎‎‎r‎‎‎o‎‎m‎ ‎‎y‎ou ‎‎s‎‎o‎‎o‎‎n.

2024/06/24 - 10:54:57 (UTC -05:00)

Remote work for Graduates-Undergraduates

The attacker alleges that a job offer is available. There is an attachment containing a job description. The file hash of this attachment is unknown to OSINT sources.

2024/06/21 - 10:31:38 (UTC -05:00)

JOB OFFER

It is a job scam. The content of the email just includes an attachment.

2024/06/19 - 14:18:42 (UTC -05:00)

Academic Career Opportunity

The attacker claims to be hiring for UNCEF and require users' personal email addresses and phone numbers.

2024/06/19 - 16:00:02 (UTC -05:00)

NetID@rice.edu Retrieve incoming messages!!!

The attacker created a falsified header. The email claimed that the user's emails were stopped for a reason and instructed the user to click a link, which then asked for the user's credentials to view their emails.

2024/06/06 - 16:00:57 (UTC -05:00)

Reginald DesRoches

The attacker is requesting users to promptly provide their phone numbers.

2024/06/12 - 19:33:17 (UTC -05:00)

ACT NOW ENROLL NOW JOB OPPORTUNITIES PREVIEW NOW

The attacker sent over 700 emails with a different subject line, but the email content contained the same attachment. The hash of the attached file is unknown.

2024/06/12 - 01:06:28

Payroll System Update

Email claims come from Rice University and includes an attachment by DocuSign, it says it is related to payroll system. When you click the link in the DocuSign, it redirects to a website which looks like a Rice login page.

2024/06/04 - 10:48:44 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/06/03 - 17:59:26 (UTC -05:00)

Someone Messaged You

The email appears to be from "Junta de Andalucía (Government Administration)". The email encourages the user to change their passwords.

2024/05/22 - 08:03:08 (UTC -05:00)

Your order has shipped!

The email appears to be from Walmart. Within the message, it prompts users regarding a $900 Walmart gift card and how they wish to obtain it. It emphasizes that for any queries, they can contact the specified number.

2024/05/20 - 10:42:56 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/05/17 - 10:03:11 (UTC -05:00)

EXECUTIVE ASSISTANT POSITION AVAILABLE

It is a Part-Time job/research opportunity scam asking interested people from Rice.

2024/05/14 - 12:18:41 (UTC -05:00)

Reginald DesRoches

The attacker is requesting users to promptly provide their phone numbers.

2024/05/13 - 12:25:04 (UTC -05:00)

"The subject line is blank."

The email is pretending to be from Rice's users. Inquire about recipients' phone numbers to enlist their assistance.

2024/05/10 - 10:05:33 (UTC -05:00)

Delivery Status Notification (editing needed).

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/05/09 - 16:53:50 (UTC -05:00)

Are you available now ?

The email impersonates Rice's user Ashutosh Sabharwal - ashu. The attacker urges users to contact him promptly and requests that users assist him in carrying out an urgent errand from any nearby store.

2024/05/07 - 08:57:40 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants. The IP belongs to "Brazil".

2024/05/06 - 00:47:11 (UTC -05:00)

[ECEADMINSTAFF-L] Security status not satisfied.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants. The IP belongs to "Indonesia".

2024/05/03 - 17:55:52 (UTC -05:00)

Student Assistant Needed Research Positions Available

The email impersonates Rice's user Daniel J. Preston - djp. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via phone (424) 265- 2730.

2024/05/03 - 09:02:50 (UTC -05:00)

Reginald DesRoches

The attacker is requesting users to promptly provide their phone numbers.

2024/05/03 - 13:27:29 (UTC -05:00)

Your 403b account needs attention.

The sender pretends to be "district-benefits[.]org" and endeavors to communicate by discussing its benefits.

2024/05/01 - 07:09:53 (UTC -05:00)

Urgently needed your response Are you free? Your response is needed

The email, which pretends to be from Professor Reginald DesRoches of Rice University and other high-ranking such as Professors Jamie Ellen Padgett and Ross Thyer, is carefully written to deceive. It cleverly tries to manipulate the recipient into contacting them urgently.

2024/04/30 - 11:11:52 (UTC -05:00)

Spring and Fall Employment Opportunity for Graduate and Undergraduate Students

The email impersonates Rice's user Dan Wallach - dwallach. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via email "d.wallach@outlook[.]com".

2024/04/30 - 10:27:43 (UTC -05:00)

Do you have some minutes?

The email impersonates Rice's user Professor Matteo Pasquali - mp. The attacker tried to connect the users with this way. Also, email includes a malicious link.

2024/04/29 - 02:56:49 (UTC -05:00)

this is for you

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/04/29 - 05:32:30 (UTC -05:00)

Payment Advice Copy-000026042024-VIRAL ENTERPRISE

The email contains a harmful attachment. The sender asserts it's a "payments execution."

2024/04/27 - 21:47:25 (UTC -05:00)

Security status not satisfied.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money she wants.

2024/04/26 - 16:40:52 (UTC -05:00)

HR and Employment Relations Information Session

The sender tells the recipients that their job applications have been accepted and that they will receive an informative e-mail in the future, and leaves their information for those who want to contact " intern@blasystems[.]com"

Around 2024/04/22 - 11:52 to 12:08

Hiring For Research Position Research Opportunity Available Student Research Positions Part-Time Job Opening

The email impersonates Rice's user Daniel J. Preston - djp. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via phone (424) 265- 2730.

Sun Apr 21 2024 01:00:00 GMT-0500 (Central Daylight Time)

Working for RICE University - REMOTE JOBS

This person(s) is operating a job scam. The message had a URL that pointed to a phishing (credential harvesting) website asking to log in with Rice credentials to view the job details.

2024/04/22 - 11:12:18 (UTC -05:00)

Research Assistance Needed Data Science Research Position On -Campus Research Opportunity Data Science Research

The email impersonates Rice's user Rebecca Schreib - rjs7. It is a Part-Time job scam asking interested people from Rice and others to contact via phone (‪772-245-7264‬).

Around 2024/04/19 - 15:32 to 16:40

"Global Account Manager – Accenture" "Visual Assistant (Remote)" "Expense Management Team Member" "Technology Expense Management (TEM) Operations Manager"

The email impersonates a member of Arkansas State University. Mention about providing part-time employment for qualified students, and ask them to send the resume to career@valuespendulum[.]com

Sat, 20 Apr 2024 14:13:07 PM (CDT)

Remote Assistant Position

The email impersonates a member of Arkansas State University. It is a Remote Assistant job scam asking interested people from Rice and others to send in their resume to employment@shahryaranaviation[.]com

Sat Apr 20 2024 18:30:00 GMT-0500 (Central Daylight Time)

1022790- Clinical Research Coordinator, Intervention Study

The email impersonates Rice's user Jacky Jiang - hj37. It is a Part-Time job scam asking interested people from Rice and others to send in their resume to employment@regemedical[.]com

2024/04/17 - 17:09:19 (UTC -05:00)

We have received your FAFSA

The email urged users to click the link to access "FAFSA." Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials. The email is sent from the compromised account "sf5@rice[.]edu".

2024/04/17 - 15:26:14 (UTC -05:00)

Technology Expense Management (TEM) Operations Manager

The attacker purports to be "Beth Rivera," stating that she assists in the company's recruitment efforts. The email is sent from the compromised account "aer2@rice[.]edu".

2024/04/17 - 08:05:00 (UTC -05:00)

Submission failed

The email urged users to click the link to download a file. Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials.

2024/04/17 - 08:41:03 (UTC -05:00)

Rice University has received your FAFSA

The email urged users to click the link to access "myScholarships." Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials.

2024/04/15 - 10:59:00 (UTC - 5:00)

On-campus Remote Job Opportunity-Work as a Research Assistant-Graduate and Undergraduate Students of Rice University

Sender claims to be Professor Michael Orchard offering part-time employment at Rice. Message prompts users to send their resume, full name, department, year of study, alternative mail address, and functional phone number to prof_orchard@outlook[.]com.

Around 2024/04/11 - 16:45 to 16:52

LOCAL JOB AD!

The attacker says that the people who receive this message have been randomly selected for the virtual assistant position. Require the recipients to send a copy of the resume to the attacker Gmail.

2024/04/03 - 17:31:15 (UTC -05:00)

JOB OPPORTUNITY Casting PAID background actresses

The sender claims to be a member of "Santa Monica College" and offers a job. This is how the sender tried to communicate with users.

2024/04/01 - 13:58:18 (UTC -05:00)

For your own safety, I highly recommend reading this email.

The hacker says that the people who receive this message have access to inappropriate videos thanks to the viruses they have previously infected their phones and computers. They will publish them if they do not pay the requested money.

2024/03/29 - 09:36:42 (UTC -05:00)

Attention Please!!! Own A Welding Machine And Tools Box

The attacker collects people's information(mail/email address) by telling them, Mrs. Patricia Martin (Human Resources at Rice University) will donate her father's Welding machine.

2024/03/29 - 09:35:00 (UTC -05:00)

Data Entry Assistant (100% Work From Home Part Time)

This is a phishing message for a fake data entry job opportunity that requests user to download a file and apply the job.

2024/03/29 - 19:12:24 (UTC -05:00)

Late Fee Reminder.

The email prompted users to click on the link to open the document, leading them to a site that encouraged them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

3/29/2024 ~9:30

Data Entry Assistant (100% Work From Home Part Time)

This is a phishing message for a fake data entry job opportunity that requests user to reply with a resume or name and phone number to a secondary account dr.stevenstout@aol[.]com. Please DO NOT REPLY/SEND any personal info to the listed email address.

Thu, 28 Mar 2024 22:19:20 PM (CDT)

PAST DUE FEE !!

The email prompted users to click the link to open the document, leading them to a site that encouraged them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/28 - 21:51:40 (UTC -05:00)

PAST DUE NOTICE!

The email prompted users to click on the link to open the document, which led them to a site encouraging them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/29 - 01:38:23 (UTC -05:00)

PAST DUE BILL !!

The email prompted users to click on the link to open the document, which led them to a site encouraging them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/28 - 15:06 - 16:01 (UTC -06:00)

URGENT: Print and submit document.

Email prompted users to click on link to open document which led them to a site prompting them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site prompting users to enter their login credentials.

2024/03/27 - 07:39:59 (UTC -05:00)

WARNING: OVERDUE FEE.

This is a phishing message with a link to a website requesting a file download. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

Fri Mar 22 2024 01:00:00 GMT-0500 (Central Daylight Time)

Urgent: Monkeypox Exposure Alert - Take Immediate Action!

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/03/21 - 09:11:16 (UTC -05:00)

Your (FSA) ACCOUNT

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/03/20 - 07:31:49 (UTC -05:00)

Important Information About Your HealthEquity Account

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

Between 2024/03/15 and 2024/03/18

Rice University:Approved Beneficial Program

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024-02-22T18:28:47Z

Inquiry...

2024/02/19 - 18:56:57 (UTC -06:00)

Action Required NetID@rice.edu

This is a phishing message with a malicious link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/02/20 - 08:09:08 (UTC -06:00)

Research Mentor Opportunity | Harvard PhD

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/08 - 2024/02/09

(Remote) Personal Assistance Email Confirmation

This campaign is employment fraud. It is a phishing message for a fake job opportunity that requests user to click on a Google form link and reply with full name, personal email address, physical address, phone number, gender, and age. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Please DO NOT click the link, or download any attachments.

2024/02/08 - 09:13:28 (UTC -06:00)

Rice University Employees: Retirement Planning Sessions Available

This is a phishing message for a fake retirement benefits meeting that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/03 - 11:41:26 (UTC -06:00)

OPEN SLOTS!!

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/03 - 11:15:00 (UTC -06:00)

Essential Information About Your HealthEquity Account

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/02/02 - 08:40

A new payment schedule has been approved.

This is a phishing message masquerading as an extortion attempt. Please DO NOT REPLY/SEND any personal or payment information to the listed email address or wallet. Text header:

2024/01/28 - 10:19:15 (UTC -06:00)

Office of Financial Aid | Students Employment

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/28 - 10:19:15 (UTC -06:00)

Office of Financial Aid | Students Employment

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/26 - 13:13

STUDENTS INFORMATION SUPPORT

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

Between 2024/01/24 and 2024/01/25

Response for you're doing.

This is a phishing message masquerading as an extortion attempt. Please DO NOT REPLY/SEND any personal or payment information to the listed email address or wallet. Text header:

2024/01/23 | 6:30 - 12:20

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/22 - 09:30

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/22 | 8:29 AM - 9:39 AM

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/18 - 11:08

UNDERGRADUATE RESEARCH ASSISTANT NEEDED

2024/01/11 - 16:02:18 (UTC -06:00)

DS & SDE at Amazon

2024/01/11 between 3:03pm CST to 3:05pm CST

Email Confirmation

Other Scams

If you receive any other kind of scamming or phishing message, please report it to phishing@rice.edu.