Phishing

How do I spot a phishing email?

3 signs you are possibly being scammed:

These are the latest campaigns seen by the Information Security Office. If you receive any other kinds of scamming or phishing messages, please forward the message to phishing@rice.edu.

Around 2024/04/22 - 11:52 to 12:08

Hiring For Research Position Research Opportunity Available Student Research Positions Part-Time Job Opening

The email impersonates Rice's user Daniel J. Preston - djp. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via phone (424) 265- 2730.

Sun Apr 21 2024 01:00:00 GMT-0500 (Central Daylight Time)

Working for RICE University - REMOTE JOBS

This person(s) is operating a job scam. The message had a URL that pointed to a phishing (credential harvesting) website asking to log in with Rice credentials to view the job details.

2024/04/22 - 11:12:18 (UTC -05:00)

Research Assistance Needed Data Science Research Position On -Campus Research Opportunity Data Science Research

The email impersonates Rice's user Rebecca Schreib - rjs7. It is a Part-Time job scam asking interested people from Rice and others to contact via phone (‪772-245-7264‬).

Around 2024/04/19 - 15:32 to 16:40

"Global Account Manager – Accenture" "Visual Assistant (Remote)" "Expense Management Team Member" "Technology Expense Management (TEM) Operations Manager"

The email impersonates a member of Arkansas State University. Mention about providing part-time employment for qualified students, and ask them to send the resume to career@valuespendulum[.]com

Sat, 20 Apr 2024 14:13:07 PM (CDT)

Remote Assistant Position

The email impersonates a member of Arkansas State University. It is a Remote Assistant job scam asking interested people from Rice and others to send in their resume to employment@shahryaranaviation[.]com

Sat Apr 20 2024 18:30:00 GMT-0500 (Central Daylight Time)

1022790- Clinical Research Coordinator, Intervention Study

The email impersonates Rice's user Jacky Jiang - hj37. It is a Part-Time job scam asking interested people from Rice and others to send in their resume to employment@regemedical[.]com

2024/04/17 - 17:09:19 (UTC -05:00)

We have received your FAFSA

The email urged users to click the link to access "FAFSA." Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials. The email is sent from the compromised account "sf5@rice[.]edu".

2024/04/17 - 15:26:14 (UTC -05:00)

Technology Expense Management (TEM) Operations Manager

The attacker purports to be "Beth Rivera," stating that she assists in the company's recruitment efforts. The email is sent from the compromised account "aer2@rice[.]edu".

2024/04/17 - 08:05:00 (UTC -05:00)

Submission failed

The email urged users to click the link to download a file. Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials.

2024/04/17 - 08:41:03 (UTC -05:00)

Rice University has received your FAFSA

The email urged users to click the link to access "myScholarships." Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials.

2024/04/15 - 10:59:00 (UTC - 5:00)

On-campus Remote Job Opportunity-Work as a Research Assistant-Graduate and Undergraduate Students of Rice University

Sender claims to be Professor Michael Orchard offering part-time employment at Rice. Message prompts users to send their resume, full name, department, year of study, alternative mail address, and functional phone number to prof_orchard@outlook[.]com.

Around 2024/04/11 - 16:45 to 16:52

LOCAL JOB AD!

The attacker says that the people who receive this message have been randomly selected for the virtual assistant position. Require the recipients to send a copy of the resume to the attacker Gmail.

2024/04/03 - 17:31:15 (UTC -05:00)

JOB OPPORTUNITY Casting PAID background actresses

The sender claims to be a member of "Santa Monica College" and offers a job. This is how the sender tried to communicate with users.

2024/04/01 - 13:58:18 (UTC -05:00)

For your own safety, I highly recommend reading this email.

The hacker says that the people who receive this message have access to inappropriate videos thanks to the viruses they have previously infected their phones and computers. They will publish them if they do not pay the requested money.

2024/03/29 - 09:36:42 (UTC -05:00)

Attention Please!!! Own A Welding Machine And Tools Box

The attacker collects people's information(mail/email address) by telling them, Mrs. Patricia Martin (Human Resources at Rice University) will donate her father's Welding machine.

2024/03/29 - 09:35:00 (UTC -05:00)

Data Entry Assistant (100% Work From Home Part Time)

This is a phishing message for a fake data entry job opportunity that requests user to download a file and apply the job.

2024/03/29 - 19:12:24 (UTC -05:00)

Late Fee Reminder.

The email prompted users to click on the link to open the document, leading them to a site that encouraged them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

3/29/2024 ~9:30

Data Entry Assistant (100% Work From Home Part Time)

This is a phishing message for a fake data entry job opportunity that requests user to reply with a resume or name and phone number to a secondary account dr.stevenstout@aol[.]com. Please DO NOT REPLY/SEND any personal info to the listed email address.

Thu, 28 Mar 2024 22:19:20 PM (CDT)

PAST DUE FEE !!

The email prompted users to click the link to open the document, leading them to a site that encouraged them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/28 - 21:51:40 (UTC -05:00)

PAST DUE NOTICE!

The email prompted users to click on the link to open the document, which led them to a site encouraging them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/29 - 01:38:23 (UTC -05:00)

PAST DUE BILL !!

The email prompted users to click on the link to open the document, which led them to a site encouraging them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

2024/03/28 - 15:06 - 16:01 (UTC -06:00)

URGENT: Print and submit document.

Email prompted users to click on link to open document which led them to a site prompting them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site prompting users to enter their login credentials.

2024/03/27 - 07:39:59 (UTC -05:00)

WARNING: OVERDUE FEE.

This is a phishing message with a link to a website requesting a file download. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

Fri Mar 22 2024 01:00:00 GMT-0500 (Central Daylight Time)

Urgent: Monkeypox Exposure Alert - Take Immediate Action!

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/03/21 - 09:11:16 (UTC -05:00)

Your (FSA) ACCOUNT

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/03/20 - 07:31:49 (UTC -05:00)

Important Information About Your HealthEquity Account

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

Between 2024/03/15 and 2024/03/18

Rice University:Approved Beneficial Program

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024-02-22T18:28:47Z

Inquiry...

2024/02/19 - 18:56:57 (UTC -06:00)

Action Required NetID@rice.edu

This is a phishing message with a malicious link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/02/20 - 08:09:08 (UTC -06:00)

Research Mentor Opportunity | Harvard PhD

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/08 - 2024/02/09

(Remote) Personal Assistance Email Confirmation

This campaign is employment fraud. It is a phishing message for a fake job opportunity that requests user to click on a Google form link and reply with full name, personal email address, physical address, phone number, gender, and age. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Please DO NOT click the link, or download any attachments.

2024/02/08 - 09:13:28 (UTC -06:00)

Rice University Employees: Retirement Planning Sessions Available

This is a phishing message for a fake retirement benefits meeting that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/03 - 11:41:26 (UTC -06:00)

OPEN SLOTS!!

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/02/03 - 11:15:00 (UTC -06:00)

Essential Information About Your HealthEquity Account

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

2024/02/02 - 08:40

A new payment schedule has been approved.

This is a phishing message masquerading as an extortion attempt. Please DO NOT REPLY/SEND any personal or payment information to the listed email address or wallet. Text header:

2024/01/28 - 10:19:15 (UTC -06:00)

Office of Financial Aid | Students Employment

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/28 - 10:19:15 (UTC -06:00)

Office of Financial Aid | Students Employment

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/26 - 13:13

STUDENTS INFORMATION SUPPORT

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

Between 2024/01/24 and 2024/01/25

Response for you're doing.

This is a phishing message masquerading as an extortion attempt. Please DO NOT REPLY/SEND any personal or payment information to the listed email address or wallet. Text header:

2024/01/23 | 6:30 - 12:20

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/22 - 09:30

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/22 | 8:29 AM - 9:39 AM

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

2024/01/18 - 11:08

UNDERGRADUATE RESEARCH ASSISTANT NEEDED

2024/01/11 - 16:02:18 (UTC -06:00)

DS & SDE at Amazon

2024/01/11 between 3:03pm CST to 3:05pm CST

Email Confirmation

Other Scams

If you receive any other kind of scamming or phishing message, please send a ticket to helpdesk@rice.edu.