About phishing
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.
The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as a website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.
How do I spot a phishing email?
- The email doesn’t specify your name.
"Dear Customer" or “Dear” isn’t an identifier. If you receive an email like this, there is a very high chance that this is a phishing email.
- The email asks you to confirm personal information.
Keep an eye out for emails requesting you to confirm personal information that you normally do not disclose.
3 signs you are possibly being scammed:
1. You are being pressured to act immediately. Scammers may pose as someone or an organization you know and say there is a problem that needs immediate attention. DO NOT act unless you have verified the person who has contacted you is legitimate.
2. You're asked to provide personal information and/or verification codes. When in doubt, DO NOT disclose this type of information. Most organizations will not ask for this information when conducting business with you.
3. You're asked to pay or submit payment in an unusual way. Be wary if you are asked to pay by gift cards, payment apps, or digital currency.
These are the latest campaigns seen by the Information Security Office. If you receive any other kinds of scamming or phishing messages, please forward the message to phishing@rice.edu.
Wed, 13 May 2026 15:57:07 PM (CDT)
*Blank subject OPENING Opening!
Fake research internship offer from fake Office of the Dean of undergraduates. Attached file tells users to contact johnmellor-crummey@hotmail[.]com
Wed, 13 May 2026 15:57:07 PM (CDT)
Subject: *Blank subject OPENING Opening!
To: undisclosed-recipients
Wed, 13 May 2026 18:17:32 PM (CDT)
You Are Invited to Apply — Research Fellowship
Fake research fellowship from the fake Career Center of Excellence. Attached file instructs users to contact nakhlehl@hotmail[.]com
Wed, 13 May 2026 18:17:32 PM (CDT)
Subject: You Are Invited to Apply — Research Fellowship
To: undisclosed-recipients
Wed, 13 May 2026 15:20:26 PM (CDT)
Opening!
Scammer pretends to be from the Office of the Dean of Undergradutes and offers a fake research internship. Attached file instructs user to reach out to johnmellor-crummey@hotmail[.]com.
Wed, 13 May 2026 15:20:26 PM (CDT)
Subject: Opening!
To: undisclosed-recipients
05/08/2026 - 05/11/2026
We Think You’d Be a Great Fit A Fellowship Made for You Your Next Big Opportunity Awaits Your Next Big Opportunity Awaits
This appears to be the same kind of job scam as mentioned in the above campaign. Just from a different sender.
05/08/2026 - 05/11/2026
Subject: We Think You’d Be a Great Fit A Fellowship Made for You Your Next Big Opportunity Awaits Your Next Big Opportunity Awaits
To: undisclosed-recipients
05/08/2026-05/11/2026
Rice Research Support Role.pdf
The email is a job scam mentioning a research fellowship run by career center of excellence & computer science and engineering department. The email also has a pdf attachment.
05/08/2026-05/11/2026
Subject: Rice Research Support Role.pdf
To: undisclosed-recipients
Sun, 03 May 2026 22:00:39 PM (CDT)
Open to All Majors: Research Fellowship
Non Rice email impersonated the Career Center to offer a fake research fellowship
Sun, 03 May 2026 22:00:39 PM (CDT)
Subject: Open to All Majors: Research Fellowship
To: undisclosed-recipients
Mon May 04 2026 01:00:00 GMT-0500 (Central Daylight Time)
Payment Overdue Notice Your Account has been placed on Hold!
The email includes a link that design for credential harvesting.
Mon May 04 2026 01:00:00 GMT-0500 (Central Daylight Time)
Subject: Payment Overdue Notice Your Account has been placed on Hold!
To: undisclosed-recipients
Mon May 04 2026 01:00:00 GMT-0500 (Central Daylight Time)
Payment Overdue Student Account Overdue Notice
The email includes a link that design for credential harvesting.
Mon May 04 2026 01:00:00 GMT-0500 (Central Daylight Time)
Subject: Payment Overdue Student Account Overdue Notice
To: undisclosed-recipients
Mon May 04 2026 13:20:00 GMT-0500 (Central Daylight Time)
Account Overdue Notice - Rice Rice - Your Online Account is placed on Hold! Account Overdue Notice - OU Your Account is on Hold! - OU Account Overdue Notice - SVA Your Account is on Hold! - SVA Account Overdue Notice Your Account is on Hold!
The email includes a link that design for credential harvesting.
Mon May 04 2026 13:20:00 GMT-0500 (Central Daylight Time)
Subject: Account Overdue Notice - Rice Rice - Your Online Account is placed on Hold! Account Overdue Notice - OU Your Account is on Hold! - OU Account Overdue Notice - SVA Your Account is on Hold! - SVA Account Overdue Notice Your Account is on Hold!
To: undisclosed-recipients
Mon, 04 May 2026 10:59:26 AM (CDT)
“Account Overdue Notice" "Your Online Account is placed on Hold!" "Action Required: Logon Profile Disabled" "Logon Access Deactivated: Action Required"
The email includes a link that design for credential harvesting.
Mon, 04 May 2026 10:59:26 AM (CDT)
Subject: “Account Overdue Notice" "Your Online Account is placed on Hold!" "Action Required: Logon Profile Disabled" "Logon Access Deactivated: Action Required"
To: undisclosed-recipients
Fri May 01 2026 14:21:55 GMT-0500 (Central Daylight Time)
Action Required!!! Rice Account Suspended Financial Transaction Alert! Action Required!!! MyUW Account Suspended MyUW: Financial Transaction Alert! Action Required!!! Linkblue Account Suspended Linkblue: Financial Transaction Alert! Action Required!!! MyUCSC Account Suspended MyUCSC: Financial Transaction Alert!
The email includes a link that design for credential harvesting.
Fri May 01 2026 14:21:55 GMT-0500 (Central Daylight Time)
Subject: Action Required!!! Rice Account Suspended Financial Transaction Alert! Action Required!!! MyUW Account Suspended MyUW: Financial Transaction Alert! Action Required!!! Linkblue Account Suspended Linkblue: Financial Transaction Alert! Action Required!!! MyUCSC Account Suspended MyUCSC: Financial Transaction Alert!
To: undisclosed-recipients
46140
Re: Application Question RNDF Spring Assembly – Rolling Decisions Releasing April 29 RNDF Spring Assembly – Registration Update RNDF Spring Assembly - Registration Now Open Priority Deadline: RNDF Spring Assembly – April 25
Email provided google form to Harvest Credentials.
46140
Subject: Re: Application Question RNDF Spring Assembly – Rolling Decisions Releasing April 29 RNDF Spring Assembly – Registration Update RNDF Spring Assembly - Registration Now Open Priority Deadline: RNDF Spring Assembly – April 25
To: undisclosed-recipients
2026/04/15 - 18:37:43 (UTC -05:00)
Build Your Resume with Paid Research Experience
The attacker impersonating a Rice member to collect personal data via a non-official email.
2026/04/15 - 18:37:43 (UTC -05:00)
Subject: Build Your Resume with Paid Research Experience
To: undisclosed-recipients
46117
Reason: Owes Balance Rice Rice Financial Account on Hold Reason: Owes Balance A-State Reason: Owes Balance URI URI Financial Account on Hold SJSU-Okta Account on Hold SAPrarara
Compromised account has been used to send a malicious URL using multiple different subjects related to account and finance
46117
Subject: Reason: Owes Balance Rice Rice Financial Account on Hold Reason: Owes Balance A-State Reason: Owes Balance URI URI Financial Account on Hold SJSU-Okta Account on Hold SAPrarara
To: undisclosed-recipients
2026/03/16 - 13:45:38 (UTC -05:00)
SJSU Financial Aid balance Reason: Owes Balance UVA Financial Aid balance
This phishing email was sent from the compromised accounts and attempts to trick users into entering their credentials through a fake Rice University portal hosted on a fake domain.
2026/03/16 - 13:45:38 (UTC -05:00)
Subject: SJSU Financial Aid balance Reason: Owes Balance UVA Financial Aid balance
To: undisclosed-recipients
2026/03/15 - 12:14:57 (UTC -05:00)
[Not Virus Scanned] Rice University Payroll Notice: 16.89% Salary Increase
The email includes an attachment with instructions for bypassing Duo requests, as well as a form requesting credentials.
2026/03/15 - 12:14:57 (UTC -05:00)
Subject: [Not Virus Scanned] Rice University Payroll Notice: 16.89% Salary Increase
To: undisclosed-recipients
Sat Mar 14 2026 11:45:20 GMT-0500 (Central Daylight Time)
Reason: Owes Balance Rice Financial Aid balance
This phishing email was sent from a compromised account and attempts to trick users into entering their credentials through a fake Rice University portal hosted on a fake domain.
Sat Mar 14 2026 11:45:20 GMT-0500 (Central Daylight Time)
Subject: Reason: Owes Balance Rice Financial Aid balance
To: undisclosed-recipients
Thu, 19 Feb 2026 13:58:39 PM
HIRING APPROVED JOB OFFER
The email was a fake job page sent out to rice emails.
Thu, 19 Feb 2026 13:58:39 PM
Subject: HIRING APPROVED JOB OFFER
To: undisclosed-recipients
2026/02/24 - 17:34:28 (UTC -06:00)
RICE RA POSITION
This is a job scam where the attacker pretends to be a member of Rice University.
2026/02/24 - 17:34:28 (UTC -06:00)
Subject: RICE RA POSITION
To: undisclosed-recipients
Thu Feb 19 2026 21:42:00 GMT-0600 (Central Standard Time)
IMPORTANT TAX RETURN DOCUMENT AVAILABLE
This is a brand impersonation phishing attack that uses the urgency of tax season and a fake "statement" link hosted on an external cloud service to steal your login credentials.
Thu Feb 19 2026 21:42:00 GMT-0600 (Central Standard Time)
Subject: IMPORTANT TAX RETURN DOCUMENT AVAILABLE
To: undisclosed-recipients
2026/02/16 - 19:06:58 (UTC -06:00)
A Gift For You ( 840 213 9050 )
A fake “free gift” scam asking for shipping fees via irreversible payment methods to steal money and personal information.
2026/02/16 - 19:06:58 (UTC -06:00)
Subject: A Gift For You ( 840 213 9050 )
To: undisclosed-recipients
2026/02/16 - 12:31:15 (UTC -06:00)
Review of Individual Performance Summary Report
It pretends to be an official school message and uses a Google Forms link to steal information.
2026/02/16 - 12:31:15 (UTC -06:00)
Subject: Review of Individual Performance Summary Report
To: undisclosed-recipients
02/09/2026-02/11/2026
Important :Staff Performance File Available for Review Staff Performance File Available for Review
Google form asking for credentials, for access to a staff performance review
02/09/2026-02/11/2026
Subject: Important :Staff Performance File Available for Review Staff Performance File Available for Review
To: undisclosed-recipients
46064
Musical Instruments Available – Contact: +1 731 443 0304 Musical Instruments Available – Contact: +1 612 583 6670 Musical Instruments Available – Contact: +1 434 398 5770 Musical Instruments Available – Contact: +1 612 583 6670 -- Musical Instruments Available – Contact: +1 612 583 6670
The attacker claimed to send free musical instruments and asked recipients to contact a phone number provided in the subject line.
46064
Subject: Musical Instruments Available – Contact: +1 731 443 0304 Musical Instruments Available – Contact: +1 612 583 6670 Musical Instruments Available – Contact: +1 434 398 5770 Musical Instruments Available – Contact: +1 612 583 6670 -- Musical Instruments Available – Contact: +1 612 583 6670
To: undisclosed-recipients
46055
FLEXIBLE PART TIME JOB OPPORTUNITY
This email is a job recruitment scam that uses a high weekly stipend and "flexible" remote work to lure victims into providing personal data. It is clearly fraudulent due to the mismatching institutions (claiming both Rice University and a school district) and the use of a personal Gmail address for official business.
46055
Subject: FLEXIBLE PART TIME JOB OPPORTUNITY
To: undisclosed-recipients
2026-01-28 19:15 - 19:29
"FLEXIBLE JOB OPPURTUNITY", "IMPORTANT UPDATE #RICE UNIVERSITY"
Two campaigns from the same compromised account. One Job Scam, one account phish.
2026-01-28 19:15 - 19:29
Subject: "FLEXIBLE JOB OPPURTUNITY", "IMPORTANT UPDATE #RICE UNIVERSITY"
To: undisclosed-recipients
2026-01-26T08:12:30-06:00
RICE RA POSITION
Senders pretend to be adjunct professor Dr. Maher to offer a job scam to recipients.
2026-01-26T08:12:30-06:00
Subject: RICE RA POSITION
To: undisclosed-recipients
2026/01/24 - 17:11:02 (UTC -06:00)
Remote Research Practicum – Department of Psychology, Rice University
The email claims to offer a remote research practicum at Rice University paying $400 per week under Professor Philip Kortum
2026/01/24 - 17:11:02 (UTC -06:00)
Subject: Remote Research Practicum – Department of Psychology, Rice University
To: undisclosed-recipients
Other Scams
If you receive any other kind of scamming or phishing message, please report it to phishing@rice.edu.