Welcome to the Phish Bowl

How do I spot a phishing email?

3 signs you are possibly being scammed:

These are the latest campaigns seen by the Information Security Office. If you receive any other kinds of scamming or phishing messages, please forward the message to phishing@rice.edu.

2024/07/22 - 08:16:44 (UTC -05:00)

Generous Offer: Acquire High-Quality Equipment

The attacker assumes Charles Bartel's identity by selling some professional equipment. He is from "Duquesne University".

2024/07/22 - 10:19:18 (UTC -05:00)

WELDER TOOLS

The attacker impersonates George Andrews (George.Andrews@rice[.]edu) to sell welding machines.

2024/07/22 - 10:19:18 (UTC -05:00)

WELDER TOOLS

The attacker assumes George Andrews's identity.

2024/07/15 - 08:42:50 (UTC -05:00)

RESEARCH ASSISTANT POSITION

Fake job opportunities from a Russia company.

2024/07/09 - 15:01:15 (UTC -05:00)

Urgent request Quick response

The attacker is requesting a prompt call from the user.

2024/07/05 - 11:48:59 (UTC +08:00)

Academic Achievement Data Analyst, Personal Assistance, Bookkeeper Flexible Job Program & internship DATA ANALYST, PERSONAL ASSISTANTS, BOOKKEEPER

Job Scam and the emails include the attachments.

2024/07/07 - 10:07:04 (UTC -05:00)

I own very sensitive information about your web activities

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/06/30 - 06:15:25 (UTC -05:00)

I own very sensitive information about your web activities

Threaten users and extort Bitcoin.

2024/06/26 - 19:12:57 (UTC -05:00)

APPLICATION FORM OPPORTUNITY SEEKERS

Fake job opportunities asking for personal data.

Tue Jun 25 2024 01:00:00 GMT-0500 (Central Daylight Time)

A variant of the recipients name

Messages are variants of the following. , H‎e‎llo thi‎s‎‎ is‎ t‎he S‎t‎ud‎ent‎-Lo‎a‎‎n‎ De‎bt D‎epartmen‎t‎. ‎We ‎tried‎ to‎ contac‎t ‎y‎‎‎ou a‎t ‎you‎r h‎om‎e ‎and d‎i‎d no‎t‎ h‎ea‎r back. ‎‎Y‎‎ou‎‎r Studen‎t L‎oan‎s ‎hav‎e ‎b‎e‎e‎n‎ m‎‎a‎r‎‎ked‎ a‎s‎ p‎o‎‎ssi‎b‎ly‎ e‎ligib‎le for forgi‎ven‎e‎‎ss ‎u‎n‎der th‎‎e‎ ‎‎n‎e‎w ‎202‎‎4‎ gui‎d‎eli‎n‎es. Yo‎‎u‎r case‎ nu‎mber ‎i‎s ‎, a‎nd ‎yo‎u‎r f‎i‎‎‎le‎ ‎w‎‎‎ill remain op‎‎en ‎in‎ m‎y syste‎m‎ f‎o‎r o‎n‎ly‎‎‎ one m‎o‎r‎‎‎e‎ ‎‎d‎‎a‎y‎. ‎If you c‎o‎u‎ld ‎‎plea‎s‎e g‎iv‎‎e‎‎ y‎ou‎r‎ ‎de‎d‎i‎ca‎‎ted el‎ig‎ibil‎ity l‎ine‎ ‎a c‎‎all a‎t‎‎: (8‎55)‑78‎9‎‑‎15‎‎8‎‎0. O‎ur‎ ‎‎‎of‎‎‎‎f‎‎i‎‎‎c‎‎e h‎‎‎our‎s‎ ‎ar‎e ‎‎9‎‎a‎m‎-‎‎5p‎‎‎m‎ ‎(‎‎P‎‎‎S‎‎T‎)‎‎‎ ‎‎M‎ond‎a‎y‎‎-‎‎F‎r‎i‎da‎‎‎y‎‎‎.‎‎ ‎T‎‎h‎a‎‎n‎‎‎‎k‎‎‎‎‎ ‎‎‎‎y‎ou‎‎‎‎ s‎‎o ‎m‎‎‎u‎‎c‎‎h‎ ‎‎a‎‎nd ‎‎w‎‎‎e h‎‎op‎‎e‎‎ ‎to‎ ‎‎‎‎hea‎‎‎‎r ‎‎‎f‎‎‎r‎‎‎o‎‎m‎ ‎‎y‎ou ‎‎s‎‎o‎‎o‎‎n.

2024/06/24 - 10:54:57 (UTC -05:00)

Remote work for Graduates-Undergraduates

The attacker alleges that a job offer is available. There is an attachment containing a job description. The file hash of this attachment is unknown to OSINT sources.

2024/06/21 - 10:31:38 (UTC -05:00)

JOB OFFER

It is a job scam. The content of the email just includes an attachment.

2024/06/19 - 14:18:42 (UTC -05:00)

Academic Career Opportunity

The attacker claims to be hiring for UNCEF and require users' personal email addresses and phone numbers.

2024/06/19 - 16:00:02 (UTC -05:00)

NetID@rice.edu Retrieve incoming messages!!!

The attacker created a falsified header. The email claimed that the user's emails were stopped for a reason and instructed the user to click a link, which then asked for the user's credentials to view their emails.

2024/06/06 - 16:00:57 (UTC -05:00)

Reginald DesRoches

The attacker is requesting users to promptly provide their phone numbers.

2024/06/12 - 19:33:17 (UTC -05:00)

ACT NOW ENROLL NOW JOB OPPORTUNITIES PREVIEW NOW

The attacker sent over 700 emails with a different subject line, but the email content contained the same attachment. The hash of the attached file is unknown.

2024/06/12 - 01:06:28

Payroll System Update

Email claims come from Rice University and includes an attachment by DocuSign, it says it is related to payroll system. When you click the link in the DocuSign, it redirects to a website which looks like a Rice login page.

2024/06/04 - 10:48:44 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/06/03 - 17:59:26 (UTC -05:00)

Someone Messaged You

The email appears to be from "Junta de Andalucía (Government Administration)". The email encourages the user to change their passwords.

2024/05/22 - 08:03:08 (UTC -05:00)

Your order has shipped!

The email appears to be from Walmart. Within the message, it prompts users regarding a $900 Walmart gift card and how they wish to obtain it. It emphasizes that for any queries, they can contact the specified number.

2024/05/20 - 10:42:56 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/05/17 - 10:03:11 (UTC -05:00)

EXECUTIVE ASSISTANT POSITION AVAILABLE

It is a Part-Time job/research opportunity scam asking interested people from Rice.

2024/05/14 - 12:18:41 (UTC -05:00)

Reginald DesRoches

The attacker is requesting users to promptly provide their phone numbers.

2024/05/13 - 12:25:04 (UTC -05:00)

"The subject line is blank."

The email is pretending to be from Rice's users. Inquire about recipients' phone numbers to enlist their assistance.

2024/05/10 - 10:05:33 (UTC -05:00)

Delivery Status Notification (editing needed).

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/05/09 - 16:53:50 (UTC -05:00)

Are you available now ?

The email impersonates Rice's user Ashutosh Sabharwal - ashu. The attacker urges users to contact him promptly and requests that users assist him in carrying out an urgent errand from any nearby store.

2024/05/07 - 08:57:40 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants. The IP belongs to "Brazil".

2024/05/06 - 00:47:11 (UTC -05:00)

[ECEADMINSTAFF-L] Security status not satisfied.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants. The IP belongs to "Indonesia".

2024/05/03 - 17:55:52 (UTC -05:00)

Student Assistant Needed Research Positions Available

The email impersonates Rice's user Daniel J. Preston - djp. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via phone (424) 265- 2730.

2024/05/03 - 09:02:50 (UTC -05:00)

Reginald DesRoches

The attacker is requesting users to promptly provide their phone numbers.

2024/05/03 - 13:27:29 (UTC -05:00)

Your 403b account needs attention.

The sender pretends to be "district-benefits[.]org" and endeavors to communicate by discussing its benefits.

2024/05/01 - 07:09:53 (UTC -05:00)

Urgently needed your response Are you free? Your response is needed

The email, which pretends to be from Professor Reginald DesRoches of Rice University and other high-ranking such as Professors Jamie Ellen Padgett and Ross Thyer, is carefully written to deceive. It cleverly tries to manipulate the recipient into contacting them urgently.

2024/04/30 - 11:11:52 (UTC -05:00)

Spring and Fall Employment Opportunity for Graduate and Undergraduate Students

The email impersonates Rice's user Dan Wallach - dwallach. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via email "d.wallach@outlook[.]com".

2024/04/30 - 10:27:43 (UTC -05:00)

Do you have some minutes?

The email impersonates Rice's user Professor Matteo Pasquali - mp. The attacker tried to connect the users with this way. Also, email includes a malicious link.

2024/04/29 - 02:56:49 (UTC -05:00)

this is for you

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

2024/04/29 - 05:32:30 (UTC -05:00)

Payment Advice Copy-000026042024-VIRAL ENTERPRISE

The email contains a harmful attachment. The sender asserts it's a "payments execution."

2024/04/27 - 21:47:25 (UTC -05:00)

Security status not satisfied.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money she wants.

2024/04/26 - 16:40:52 (UTC -05:00)

HR and Employment Relations Information Session

The sender tells the recipients that their job applications have been accepted and that they will receive an informative e-mail in the future, and leaves their information for those who want to contact " intern@blasystems[.]com"

Around 2024/04/22 - 11:52 to 12:08

Hiring For Research Position Research Opportunity Available Student Research Positions Part-Time Job Opening

The email impersonates Rice's user Daniel J. Preston - djp. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via phone (424) 265- 2730.

Sun Apr 21 2024 01:00:00 GMT-0500 (Central Daylight Time)

Working for RICE University - REMOTE JOBS

This person(s) is operating a job scam. The message had a URL that pointed to a phishing (credential harvesting) website asking to log in with Rice credentials to view the job details.

2024/04/22 - 11:12:18 (UTC -05:00)

Research Assistance Needed Data Science Research Position On -Campus Research Opportunity Data Science Research

The email impersonates Rice's user Rebecca Schreib - rjs7. It is a Part-Time job scam asking interested people from Rice and others to contact via phone (‪772-245-7264‬).

Around 2024/04/19 - 15:32 to 16:40

"Global Account Manager – Accenture" "Visual Assistant (Remote)" "Expense Management Team Member" "Technology Expense Management (TEM) Operations Manager"

The email impersonates a member of Arkansas State University. Mention about providing part-time employment for qualified students, and ask them to send the resume to career@valuespendulum[.]com

Sat, 20 Apr 2024 14:13:07 PM (CDT)

Remote Assistant Position

The email impersonates a member of Arkansas State University. It is a Remote Assistant job scam asking interested people from Rice and others to send in their resume to employment@shahryaranaviation[.]com

Sat Apr 20 2024 18:30:00 GMT-0500 (Central Daylight Time)

1022790- Clinical Research Coordinator, Intervention Study

The email impersonates Rice's user Jacky Jiang - hj37. It is a Part-Time job scam asking interested people from Rice and others to send in their resume to employment@regemedical[.]com

2024/04/17 - 17:09:19 (UTC -05:00)

We have received your FAFSA

The email urged users to click the link to access "FAFSA." Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials. The email is sent from the compromised account "sf5@rice[.]edu".

2024/04/17 - 15:26:14 (UTC -05:00)

Technology Expense Management (TEM) Operations Manager

The attacker purports to be "Beth Rivera," stating that she assists in the company's recruitment efforts. The email is sent from the compromised account "aer2@rice[.]edu".

2024/04/17 - 08:05:00 (UTC -05:00)

Submission failed

The email urged users to click the link to download a file. Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials.

2024/04/17 - 08:41:03 (UTC -05:00)

Rice University has received your FAFSA

The email urged users to click the link to access "myScholarships." Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials.

2024/04/15 - 10:59:00 (UTC - 5:00)

On-campus Remote Job Opportunity-Work as a Research Assistant-Graduate and Undergraduate Students of Rice University

Sender claims to be Professor Michael Orchard offering part-time employment at Rice. Message prompts users to send their resume, full name, department, year of study, alternative mail address, and functional phone number to prof_orchard@outlook[.]com.

Around 2024/04/11 - 16:45 to 16:52

LOCAL JOB AD!

The attacker says that the people who receive this message have been randomly selected for the virtual assistant position. Require the recipients to send a copy of the resume to the attacker Gmail.

2024/04/03 - 17:31:15 (UTC -05:00)

JOB OPPORTUNITY Casting PAID background actresses

The sender claims to be a member of "Santa Monica College" and offers a job. This is how the sender tried to communicate with users.

2024/04/01 - 13:58:18 (UTC -05:00)

For your own safety, I highly recommend reading this email.

The hacker says that the people who receive this message have access to inappropriate videos thanks to the viruses they have previously infected their phones and computers. They will publish them if they do not pay the requested money.

2024/03/29 - 09:36:42 (UTC -05:00)

Attention Please!!! Own A Welding Machine And Tools Box

The attacker collects people's information(mail/email address) by telling them, Mrs. Patricia Martin (Human Resources at Rice University) will donate her father's Welding machine.

2024/03/29 - 09:35:00 (UTC -05:00)

Data Entry Assistant (100% Work From Home Part Time)

This is a phishing message for a fake data entry job opportunity that requests user to download a file and apply the job.

2024/03/29 - 19:12:24 (UTC -05:00)

Late Fee Reminder.

The email prompted users to click on the link to open the document, leading them to a site that encouraged them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

3/29/2024 ~9:30

Data Entry Assistant (100% Work From Home Part Time)

This is a phishing message for a fake data entry job opportunity that requests user to reply with a resume or name and phone number to a secondary account dr.stevenstout@aol[.]com. Please DO NOT REPLY/SEND any personal info to the listed email address.

Thu, 28 Mar 2024 22:19:20 PM (CDT)

PAST DUE FEE !!

The email prompted users to click the link to open the document, leading them to a site that encouraged them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/28 - 21:51:40 (UTC -05:00)

PAST DUE NOTICE!

The email prompted users to click on the link to open the document, which led them to a site encouraging them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/29 - 01:38:23 (UTC -05:00)

PAST DUE BILL !!

The email prompted users to click on the link to open the document, which led them to a site encouraging them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/28 - 15:06 - 16:01 (UTC -06:00)

URGENT: Print and submit document.

Email prompted users to click on link to open document which led them to a site prompting them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site prompting users to enter their login credentials.

2024/03/27 - 07:39:59 (UTC -05:00)

WARNING: OVERDUE FEE.

This is a phishing message with a link to a website requesting a file download. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

Fri Mar 22 2024 01:00:00 GMT-0500 (Central Daylight Time)

Urgent: Monkeypox Exposure Alert - Take Immediate Action!

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/03/21 - 09:11:16 (UTC -05:00)

Your (FSA) ACCOUNT

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/03/20 - 07:31:49 (UTC -05:00)

Important Information About Your HealthEquity Account

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

Between 2024/03/15 and 2024/03/18

Rice University:Approved Beneficial Program

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024-02-22T18:28:47Z

Inquiry...

2024/02/19 - 18:56:57 (UTC -06:00)

Action Required NetID@rice.edu

This is a phishing message with a malicious link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/02/20 - 08:09:08 (UTC -06:00)

Research Mentor Opportunity | Harvard PhD

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/08 - 2024/02/09

(Remote) Personal Assistance Email Confirmation

This campaign is employment fraud. It is a phishing message for a fake job opportunity that requests user to click on a Google form link and reply with full name, personal email address, physical address, phone number, gender, and age. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Please DO NOT click the link, or download any attachments.

2024/02/08 - 09:13:28 (UTC -06:00)

Rice University Employees: Retirement Planning Sessions Available

This is a phishing message for a fake retirement benefits meeting that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/03 - 11:41:26 (UTC -06:00)

OPEN SLOTS!!

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/03 - 11:15:00 (UTC -06:00)

Essential Information About Your HealthEquity Account

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/02/02 - 08:40

A new payment schedule has been approved.

This is a phishing message masquerading as an extortion attempt. Please DO NOT REPLY/SEND any personal or payment information to the listed email address or wallet. Text header:

2024/01/28 - 10:19:15 (UTC -06:00)

Office of Financial Aid | Students Employment

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/28 - 10:19:15 (UTC -06:00)

Office of Financial Aid | Students Employment

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/26 - 13:13

STUDENTS INFORMATION SUPPORT

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

Between 2024/01/24 and 2024/01/25

Response for you're doing.

This is a phishing message masquerading as an extortion attempt. Please DO NOT REPLY/SEND any personal or payment information to the listed email address or wallet. Text header:

2024/01/23 | 6:30 - 12:20

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/22 - 09:30

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/22 | 8:29 AM - 9:39 AM

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/18 - 11:08

UNDERGRADUATE RESEARCH ASSISTANT NEEDED

2024/01/11 - 16:02:18 (UTC -06:00)

DS & SDE at Amazon

2024/01/11 between 3:03pm CST to 3:05pm CST

Email Confirmation

Other Scams

If you receive any other kind of scamming or phishing message, please report it to phishing@rice.edu.