Phishing

About phishing

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.

The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as a website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.

How do I spot a phishing email?

  • The email doesn’t specify your name.

"Dear Customer" or “Dear” isn’t an identifier. If you receive an email like this, there is a very high chance that this is a phishing email.

  • The email asks you to confirm personal information.

Keep an eye out for emails requesting you to confirm personal information that you normally do not disclose.

3 signs you are possibly being scammed:

1. You are being pressured to act immediately. Scammers may pose as someone or an organization you know and say there is a problem that needs immediate attention. DO NOT act unless you have verified the person who has contacted you is legitimate.

2. You're asked to provide personal information and/or verification codes. When in doubt, DO NOT disclose this type of information. Most organizations will not ask for this information when conducting business with you.

3. You're asked to pay or submit payment in an unusual way. Be wary if you are asked to pay by gift cards, payment apps, or digital currency.

These are the latest campaigns seen by the Information Security Office. If you receive any other kinds of scamming or phishing messages, please forward the message to phishing@rice.edu.

2024/06/04 - 10:48:44 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

From: <Falsified header.>
2024/06/04 - 10:48:44 (UTC -05:00)
Subject: Your personal data has leaked due to suspected harmful activities.
To: undisclosed-recipients

2024/06/03 - 17:59:26 (UTC -05:00)

Someone Messaged You

The email appears to be from "Junta de Andalucía (Government Administration)". The email encourages the user to change their passwords.

From: <21005265.edu@juntadeandalucia[.]es>
2024/06/03 - 17:59:26 (UTC -05:00)
Subject: Someone Messaged You
To: undisclosed-recipients

2024/05/22 - 08:03:08 (UTC -05:00)

Your order has shipped!

The email appears to be from Walmart. Within the message, it prompts users regarding a $900 Walmart gift card and how they wish to obtain it. It emphasizes that for any queries, they can contact the specified number.

From: <ekaterinaalexandrova12xx@outlook[.]com marlonsmith1x@outlook[.]com>
2024/05/22 - 08:03:08 (UTC -05:00)
Subject: Your order has shipped!
To: undisclosed-recipients

2024/05/20 - 10:42:56 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

From: <Falsified header.>
2024/05/20 - 10:42:56 (UTC -05:00)
Subject: Your personal data has leaked due to suspected harmful activities.
To: undisclosed-recipients

2024/05/17 - 10:03:11 (UTC -05:00)

EXECUTIVE ASSISTANT POSITION AVAILABLE

It is a Part-Time job/research opportunity scam asking interested people from Rice.

From: <nischelsoni@live[.]com>
2024/05/17 - 10:03:11 (UTC -05:00)
Subject: EXECUTIVE ASSISTANT POSITION AVAILABLE
To: undisclosed-recipients

2024/05/14 - 12:18:41 (UTC -05:00)

Reginald DesRoches

The attacker is requesting users to promptly provide their phone numbers.

From: <All addresses are from google.com: personnelassignments, officialworkspace683, workspace4356, spaceworksw, etxtofficials, lilgeorge0147, workspace00381, sundaygdavido, taskmanagement585, leadershipmailboxes86, officeworkref, projectrelated511, officialmessages03, company.1fgh, iyasofyceo, importanttask1314, erichassan92, workspace12881, urgentcases35, ceo.workmanagement, managementtask648, workspace19723, privatemail0082024, managementtask306, ceomailbox240, urgentcases77, quickmailtask, schedulework30, oganladetailsinquiry, officialmanagementtasks, staff0362, filesceo09, officialworkspace87, info06managemet, privatedirecttask, jobnextwork98, workspace17894, activejob74, companyofficiallmailbox, jone.grag007, managementtask421, urgentresponse46, managementoffice216, urgentissue11, officialurgenttask96, workspace232425, executiveworks69, officialceobusiness2,>
2024/05/14 - 12:18:41 (UTC -05:00)
Subject: Reginald DesRoches
To: undisclosed-recipients

2024/05/13 - 12:25:04 (UTC -05:00)

"The subject line is blank."

The email is pretending to be from Rice's users. Inquire about recipients' phone numbers to enlist their assistance.

From: <newemeg@gmail[.]com>
2024/05/13 - 12:25:04 (UTC -05:00)
Subject: "The subject line is blank."
To: undisclosed-recipients

2024/05/10 - 10:05:33 (UTC -05:00)

Delivery Status Notification (editing needed).

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

From: <Falsified header. The senders and recipients are the same.>
2024/05/10 - 10:05:33 (UTC -05:00)
Subject: Delivery Status Notification (editing needed).
To: undisclosed-recipients

2024/05/09 - 16:53:50 (UTC -05:00)

Are you available now ?

The email impersonates Rice's user Ashutosh Sabharwal - ashu. The attacker urges users to contact him promptly and requests that users assist him in carrying out an urgent errand from any nearby store.

From: <mbillingsleyglenna@gmail[.]com>
2024/05/09 - 16:53:50 (UTC -05:00)
Subject: Are you available now ?
To: undisclosed-recipients

2024/05/07 - 08:57:40 (UTC -05:00)

Your personal data has leaked due to suspected harmful activities.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants. The IP belongs to "Brazil".

From: <Falsified header. The sender and recipients are the same.>
2024/05/07 - 08:57:40 (UTC -05:00)
Subject: Your personal data has leaked due to suspected harmful activities.
To: undisclosed-recipients

2024/05/06 - 00:47:11 (UTC -05:00)

[ECEADMINSTAFF-L] Security status not satisfied.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants. The IP belongs to "Indonesia".

From: <eceadminstaff-l@mailman[.]rice[.]edu>
2024/05/06 - 00:47:11 (UTC -05:00)
Subject: [ECEADMINSTAFF-L] Security status not satisfied.
To: undisclosed-recipients

2024/05/03 - 17:55:52 (UTC -05:00)

Student Assistant Needed Research Positions Available

The email impersonates Rice's user Daniel J. Preston - djp. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via phone (424) 265- 2730.

From: <acekidmo@gmail[.]com>
2024/05/03 - 17:55:52 (UTC -05:00)
Subject: Student Assistant Needed Research Positions Available
To: undisclosed-recipients

2024/05/03 - 09:02:50 (UTC -05:00)

Reginald DesRoches

The attacker is requesting users to promptly provide their phone numbers.

From: <All addresses are from google.com: workspace024579, solimanagency.io, officialduty757, mailingrepresentation, confident, alcompany0122, instantresponse4000, officemailbox.us.inc, officialceo688, ceo810233, quickinform, tion063, workrelated8200, officalmailbox519, managementdirectory518, officialmanagement4919, officecompaniesmails, companyrequest.iq, quickinformation851, ceocommandservices, 4masons3optonline.net, ceoofficialmail055, p2324453, officeadkinssamlam, tech81445, companyexecutivedesk976, officedanielgodwin, urgenttaskmail7, workspace161718, braveheart8991, executivesboard82, j2505520, project47584, officemanuelance, urgenttextsmsg, urgentinformations1313, officialpersonnelerrands, staffsmailsr, taskopen53, managementtask19981980, inboxoffice526, theceoservice87, fastanswer28, officialworksmangement, inforequire001, taskc452, spacework8791, inboxoffice571, companyexecutives188, nowcompanyofficialmail, theofficeceo07>
2024/05/03 - 09:02:50 (UTC -05:00)
Subject: Reginald DesRoches
To: undisclosed-recipients

2024/05/03 - 13:27:29 (UTC -05:00)

Your 403b account needs attention.

The sender pretends to be "district-benefits[.]org" and endeavors to communicate by discussing its benefits.

From: <PlanAdministrator@ca[.]district-benefits[.]org>
2024/05/03 - 13:27:29 (UTC -05:00)
Subject: Your 403b account needs attention.
To: undisclosed-recipients

2024/05/01 - 07:09:53 (UTC -05:00)

Urgently needed your response Are you free? Your response is needed

The email, which pretends to be from Professor Reginald DesRoches of Rice University and other high-ranking such as Professors Jamie Ellen Padgett and Ross Thyer, is carefully written to deceive. It cleverly tries to manipulate the recipient into contacting them urgently.

From: <lleader@internet[.]ru>
2024/05/01 - 07:09:53 (UTC -05:00)
Subject: Urgently needed your response Are you free? Your response is needed
To: undisclosed-recipients

2024/04/30 - 11:11:52 (UTC -05:00)

Spring and Fall Employment Opportunity for Graduate and Undergraduate Students

The email impersonates Rice's user Dan Wallach - dwallach. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via email "d.wallach@outlook[.]com".

From: <akoredem63@gmail[.]com>
2024/04/30 - 11:11:52 (UTC -05:00)
Subject: Spring and Fall Employment Opportunity for Graduate and Undergraduate Students
To: undisclosed-recipients

2024/04/30 - 10:27:43 (UTC -05:00)

Do you have some minutes?

The email impersonates Rice's user Professor Matteo Pasquali - mp. The attacker tried to connect the users with this way. Also, email includes a malicious link.

From: <grouphlead@gmail[.]com>
2024/04/30 - 10:27:43 (UTC -05:00)
Subject: Do you have some minutes?
To: undisclosed-recipients

2024/04/29 - 02:56:49 (UTC -05:00)

this is for you

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money s/he wants.

From: <noreply@ticketspice[.]com>
2024/04/29 - 02:56:49 (UTC -05:00)
Subject: this is for you
To: undisclosed-recipients

2024/04/29 - 05:32:30 (UTC -05:00)

Payment Advice Copy-000026042024-VIRAL ENTERPRISE

The email contains a harmful attachment. The sender asserts it's a "payments execution."

From: <excheff@dejavahotel[.]com>
2024/04/29 - 05:32:30 (UTC -05:00)
Subject: Payment Advice Copy-000026042024-VIRAL ENTERPRISE
To: undisclosed-recipients

2024/04/27 - 21:47:25 (UTC -05:00)

Security status not satisfied.

The attacker is trying to intimidate users and extort money by saying that s/he has their records and that s/he will publish these records publicly if they do not deposit the money she wants.

From: <Falsified header. Sender and recipients addresses are same with the user Rice account.>
2024/04/27 - 21:47:25 (UTC -05:00)
Subject: Security status not satisfied.
To: undisclosed-recipients

2024/04/26 - 16:40:52 (UTC -05:00)

HR and Employment Relations Information Session

The sender tells the recipients that their job applications have been accepted and that they will receive an informative e-mail in the future, and leaves their information for those who want to contact " intern@blasystems[.]com"

From: <ca75@rice[.]edu slj7@rice[.]edu fosterv@mail[.]gvsu[.]edu>
2024/04/26 - 16:40:52 (UTC -05:00)
Subject: HR and Employment Relations Information Session
To: undisclosed-recipients

Around 2024/04/22 - 11:52 to 12:08

Hiring For Research Position Research Opportunity Available Student Research Positions Part-Time Job Opening

The email impersonates Rice's user Daniel J. Preston - djp. It is a Part-Time job/research opportunity scam asking interested people from Rice and others to contact via phone (424) 265- 2730.

From: <jdane004@gmail[.]com>
Around 2024/04/22 - 11:52 to 12:08
Subject: Hiring For Research Position Research Opportunity Available Student Research Positions Part-Time Job Opening
To: undisclosed-recipients

Sun Apr 21 2024 01:00:00 GMT-0500 (Central Daylight Time)

Working for RICE University - REMOTE JOBS

This person(s) is operating a job scam. The message had a URL that pointed to a phishing (credential harvesting) website asking to log in with Rice credentials to view the job details.

From: <vhayes620@gmail[.]com, georgejefferson0001@gmail[.]com, Kimberly.nicole267@gmail[.]com>
Sun Apr 21 2024 01:00:00 GMT-0500 (Central Daylight Time)
Subject: Working for RICE University - REMOTE JOBS
To: undisclosed-recipients

2024/04/22 - 11:12:18 (UTC -05:00)

Research Assistance Needed Data Science Research Position On -Campus Research Opportunity Data Science Research

The email impersonates Rice's user Rebecca Schreib - rjs7. It is a Part-Time job scam asking interested people from Rice and others to contact via phone (‪772-245-7264‬).

From: <ahamdielekwa@gmail[.]com>
2024/04/22 - 11:12:18 (UTC -05:00)
Subject: Research Assistance Needed Data Science Research Position On -Campus Research Opportunity Data Science Research
To: undisclosed-recipients

Around 2024/04/19 - 15:32 to 16:40

"Global Account Manager – Accenture" "Visual Assistant (Remote)" "Expense Management Team Member" "Technology Expense Management (TEM) Operations Manager"

The email impersonates a member of Arkansas State University. Mention about providing part-time employment for qualified students, and ask them to send the resume to career@valuespendulum[.]com

From: <jeff.white@smail[.]astate[.]edu>
Around 2024/04/19 - 15:32 to 16:40
Subject: "Global Account Manager – Accenture" "Visual Assistant (Remote)" "Expense Management Team Member" "Technology Expense Management (TEM) Operations Manager"
To: undisclosed-recipients

Sat, 20 Apr 2024 14:13:07 PM (CDT)

Remote Assistant Position

The email impersonates a member of Arkansas State University. It is a Remote Assistant job scam asking interested people from Rice and others to send in their resume to employment@shahryaranaviation[.]com

From: <hannah.hopper1@smail[.]astate[.]edu>
Sat, 20 Apr 2024 14:13:07 PM (CDT)
Subject: Remote Assistant Position
To: undisclosed-recipients

Sat Apr 20 2024 18:30:00 GMT-0500 (Central Daylight Time)

1022790- Clinical Research Coordinator, Intervention Study

The email impersonates Rice's user Jacky Jiang - hj37. It is a Part-Time job scam asking interested people from Rice and others to send in their resume to employment@regemedical[.]com

From: <hj37@rice[.]edu>
Sat Apr 20 2024 18:30:00 GMT-0500 (Central Daylight Time)
Subject: 1022790- Clinical Research Coordinator, Intervention Study
To: undisclosed-recipients

2024/04/17 - 17:09:19 (UTC -05:00)

We have received your FAFSA

The email urged users to click the link to access "FAFSA." Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials. The email is sent from the compromised account "sf5@rice[.]edu".

From: <sf5@rice[.]edu>
2024/04/17 - 17:09:19 (UTC -05:00)
Subject: We have received your FAFSA
To: undisclosed-recipients

2024/04/17 - 15:26:14 (UTC -05:00)

Technology Expense Management (TEM) Operations Manager

The attacker purports to be "Beth Rivera," stating that she assists in the company's recruitment efforts. The email is sent from the compromised account "aer2@rice[.]edu".

From: <aer2@rice[.]edu>
2024/04/17 - 15:26:14 (UTC -05:00)
Subject: Technology Expense Management (TEM) Operations Manager
To: undisclosed-recipients

2024/04/17 - 08:05:00 (UTC -05:00)

Submission failed

The email urged users to click the link to download a file. Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials.

From: <johnskan@mail[.]gvsu[.]edu>
2024/04/17 - 08:05:00 (UTC -05:00)
Subject: Submission failed
To: undisclosed-recipients

2024/04/17 - 08:41:03 (UTC -05:00)

Rice University has received your FAFSA

The email urged users to click the link to access "myScholarships." Upon clicking, they were directed to a site masquerading as a Rice login page, prompting them to input their credentials.

From: <owenmad@mail.gvsu.edu>
2024/04/17 - 08:41:03 (UTC -05:00)
Subject: Rice University has received your FAFSA
To: undisclosed-recipients

2024/04/15 - 10:59:00 (UTC - 5:00)

On-campus Remote Job Opportunity-Work as a Research Assistant-Graduate and Undergraduate Students of Rice University

Sender claims to be Professor Michael Orchard offering part-time employment at Rice. Message prompts users to send their resume, full name, department, year of study, alternative mail address, and functional phone number to prof_orchard@outlook[.]com.

From: <markjohnsonb192@gmail[.]com>
2024/04/15 - 10:59:00 (UTC - 5:00)
Subject: On-campus Remote Job Opportunity-Work as a Research Assistant-Graduate and Undergraduate Students of Rice University
To: undisclosed-recipients

Around 2024/04/11 - 16:45 to 16:52

LOCAL JOB AD!

The attacker says that the people who receive this message have been randomly selected for the virtual assistant position. Require the recipients to send a copy of the resume to the attacker Gmail.

From: <449749929@alex4[.]moe[.]edu[.]eg>
Around 2024/04/11 - 16:45 to 16:52
Subject: LOCAL JOB AD!
To: undisclosed-recipients

2024/04/03 - 17:31:15 (UTC -05:00)

JOB OPPORTUNITY Casting PAID background actresses

The sender claims to be a member of "Santa Monica College" and offers a job. This is how the sender tried to communicate with users.

From: <alexandrakroix@gmail[.]com>
2024/04/03 - 17:31:15 (UTC -05:00)
Subject: JOB OPPORTUNITY Casting PAID background actresses
To: undisclosed-recipients

2024/04/01 - 13:58:18 (UTC -05:00)

For your own safety, I highly recommend reading this email.

The hacker says that the people who receive this message have access to inappropriate videos thanks to the viruses they have previously infected their phones and computers. They will publish them if they do not pay the requested money.

From: <Falsified header (sender's and recipient's addresses are the same.)>
2024/04/01 - 13:58:18 (UTC -05:00)
Subject: For your own safety, I highly recommend reading this email.
To: undisclosed-recipients

2024/03/29 - 09:36:42 (UTC -05:00)

Attention Please!!! Own A Welding Machine And Tools Box

The attacker collects people's information(mail/email address) by telling them, Mrs. Patricia Martin (Human Resources at Rice University) will donate her father's Welding machine.

From: <17010411422d@gmail[.]com>
2024/03/29 - 09:36:42 (UTC -05:00)
Subject: Attention Please!!! Own A Welding Machine And Tools Box
To: undisclosed-recipients

2024/03/29 - 09:35:00 (UTC -05:00)

Data Entry Assistant (100% Work From Home Part Time)

This is a phishing message for a fake data entry job opportunity that requests user to download a file and apply the job.

From: <pemrex005@gmail[.]com pemrex004@gmail[.]com dovealekxz@gmail[.]com>
2024/03/29 - 09:35:00 (UTC -05:00)
Subject: Data Entry Assistant (100% Work From Home Part Time)
To: undisclosed-recipients

2024/03/29 - 19:12:24 (UTC -05:00)

Late Fee Reminder.

The email prompted users to click on the link to open the document, leading them to a site that encouraged them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

From: <moramay@rice[.]edu>
2024/03/29 - 19:12:24 (UTC -05:00)
Subject: Late Fee Reminder.
To: undisclosed-recipients

3/29/2024 ~9:30

Data Entry Assistant (100% Work From Home Part Time)

This is a phishing message for a fake data entry job opportunity that requests user to reply with a resume or name and phone number to a secondary account dr.stevenstout@aol[.]com. Please DO NOT REPLY/SEND any personal info to the listed email address.

From: <troygrt@gmail[.]com>
3/29/2024 ~9:30
Subject: Data Entry Assistant (100% Work From Home Part Time)
To: undisclosed-recipients

Thu, 28 Mar 2024 22:19:20 PM (CDT)

PAST DUE FEE !!

The email prompted users to click the link to open the document, leading them to a site that encouraged them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

From: <bobos@rice[.]edu>
Thu, 28 Mar 2024 22:19:20 PM (CDT)
Subject: PAST DUE FEE !!
To: undisclosed-recipients

2024/03/28 - 21:51:40 (UTC -05:00)

PAST DUE NOTICE!

The email prompted users to click on the link to open the document, which led them to a site encouraging them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

From: <dlw7@rice[.]edu>
2024/03/28 - 21:51:40 (UTC -05:00)
Subject: PAST DUE NOTICE!
To: undisclosed-recipients

2024/03/29 - 01:38:23 (UTC -05:00)

PAST DUE BILL !!

The email prompted users to click on the link to open the document, which led them to a site encouraging them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site, prompting users to enter their login credentials.

From: <mmb3722@rice[.]edu>
2024/03/29 - 01:38:23 (UTC -05:00)
Subject: PAST DUE BILL !!
To: undisclosed-recipients

2024/03/28 - 15:06 - 16:01 (UTC -06:00)

URGENT: Print and submit document.

Email prompted users to click on link to open document which led them to a site prompting them to download the file. Once they clicked the button to download, a new tab was opened with a site that posed as a Rice login site prompting users to enter their login credentials.

From: <anitaps@rice[.]edu>
2024/03/28 - 15:06 - 16:01 (UTC -06:00)
Subject: URGENT: Print and submit document.
To: undisclosed-recipients

2024/03/27 - 07:39:59 (UTC -05:00)

WARNING: OVERDUE FEE.

This is a phishing message with a link to a website requesting a file download. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <edsnow@rice[.]edu>
2024/03/27 - 07:39:59 (UTC -05:00)
Subject: WARNING: OVERDUE FEE.
To: undisclosed-recipients

Fri Mar 22 2024 01:00:00 GMT-0500 (Central Daylight Time)

Urgent: Monkeypox Exposure Alert - Take Immediate Action!

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <Michelle.Roett@georgetown[.]edu>
Fri Mar 22 2024 01:00:00 GMT-0500 (Central Daylight Time)
Subject: Urgent: Monkeypox Exposure Alert - Take Immediate Action!
To: undisclosed-recipients

2024/03/21 - 09:11:16 (UTC -05:00)

Your (FSA) ACCOUNT

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <snakebitty1@gmail[.]com thresterdthrester@gmail[.]com constructionandslimited@gmail[.]com>
2024/03/21 - 09:11:16 (UTC -05:00)
Subject: Your (FSA) ACCOUNT
To: undisclosed-recipients

2024/03/20 - 07:31:49 (UTC -05:00)

Important Information About Your HealthEquity Account

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <acrawford4@vcu[.]edu>
2024/03/20 - 07:31:49 (UTC -05:00)
Subject: Important Information About Your HealthEquity Account
To: undisclosed-recipients

Between 2024/03/15 and 2024/03/18

Rice University:Approved Beneficial Program

This is a phishing message with a link to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <NetId@rice[.]edu>
Between 2024/03/15 and 2024/03/18
Subject: Rice University:Approved Beneficial Program
To: undisclosed-recipients

2024-02-22T18:28:47Z

Inquiry...

From: <admin@saltinecoms[.]com>
2024-02-22T18:28:47Z
Subject: Inquiry...
To: undisclosed-recipients

2024/02/19 - 18:56:57 (UTC -06:00)

Action Required NetID@rice.edu

This is a phishing message with a malicious link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <rice@itshelpdesks[.]com>
2024/02/19 - 18:56:57 (UTC -06:00)
Subject: Action Required NetID@rice.edu
To: undisclosed-recipients

2024/02/20 - 08:09:08 (UTC -06:00)

Research Mentor Opportunity | Harvard PhD

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <academic_recruitment@lumiere[.]education>
2024/02/20 - 08:09:08 (UTC -06:00)
Subject: Research Mentor Opportunity | Harvard PhD
To: undisclosed-recipients

2024/02/08 - 2024/02/09

(Remote) Personal Assistance Email Confirmation

This campaign is employment fraud. It is a phishing message for a fake job opportunity that requests user to click on a Google form link and reply with full name, personal email address, physical address, phone number, gender, and age. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Please DO NOT click the link, or download any attachments.

From: <ah100@rice[.]edu pac@rice[.]edu acz5@rice[.]edu>
2024/02/08 - 2024/02/09
Subject: (Remote) Personal Assistance Email Confirmation
To: undisclosed-recipients

2024/02/08 - 09:13:28 (UTC -06:00)

Rice University Employees: Retirement Planning Sessions Available

This is a phishing message for a fake retirement benefits meeting that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <brittany@stateadvisors[.]co olivia@stateadvisors[.]co>
2024/02/08 - 09:13:28 (UTC -06:00)
Subject: Rice University Employees: Retirement Planning Sessions Available
To: undisclosed-recipients

2024/02/03 - 11:41:26 (UTC -06:00)

OPEN SLOTS!!

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <rachaelhinman@alum[.]calarts[.]edu>
2024/02/03 - 11:41:26 (UTC -06:00)
Subject: OPEN SLOTS!!
To: undisclosed-recipients

2024/02/03 - 11:15:00 (UTC -06:00)

Essential Information About Your HealthEquity Account

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <amplify@axway[.]com>
2024/02/03 - 11:15:00 (UTC -06:00)
Subject: Essential Information About Your HealthEquity Account
To: undisclosed-recipients

2024/02/02 - 08:40

A new payment schedule has been approved.

This is a phishing message masquerading as an extortion attempt. Please DO NOT REPLY/SEND any personal or payment information to the listed email address or wallet. Text header:

From: <Falsified header.>
2024/02/02 - 08:40
Subject: A new payment schedule has been approved.
To: undisclosed-recipients

2024/01/28 - 10:19:15 (UTC -06:00)

Office of Financial Aid | Students Employment

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <norasheriff9@gmail[.]com>
2024/01/28 - 10:19:15 (UTC -06:00)
Subject: Office of Financial Aid | Students Employment
To: undisclosed-recipients

2024/01/28 - 10:19:15 (UTC -06:00)

Office of Financial Aid | Students Employment

This is a phishing message for a fake job offer that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <norasheriff9@gmail[.]com>
2024/01/28 - 10:19:15 (UTC -06:00)
Subject: Office of Financial Aid | Students Employment
To: undisclosed-recipients

2024/01/26 - 13:13

STUDENTS INFORMATION SUPPORT

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <mariammicheal2026@gmail[.]com>
2024/01/26 - 13:13
Subject: STUDENTS INFORMATION SUPPORT
To: undisclosed-recipients

Between 2024/01/24 and 2024/01/25

Response for you're doing.

This is a phishing message masquerading as an extortion attempt. Please DO NOT REPLY/SEND any personal or payment information to the listed email address or wallet. Text header:

From: <Falsified header.>
Between 2024/01/24 and 2024/01/25
Subject: Response for you're doing.
To: undisclosed-recipients

2024/01/23 | 6:30 - 12:20

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <brainben580@gmail[.]com kenthomas075@gmail[.]com markbrain217@gmail[.]com>
2024/01/23 | 6:30 - 12:20
Subject: Student Research Opportunity
To: undisclosed-recipients

2024/01/22 - 09:30

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <benlin0007@gmail[.]com>
2024/01/22 - 09:30
Subject: Student Research Opportunity
To: undisclosed-recipients

2024/01/22 | 8:29 AM - 9:39 AM

Student Research Opportunity

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <benhu0117@gmail[.]com>
2024/01/22 | 8:29 AM - 9:39 AM
Subject: Student Research Opportunity
To: undisclosed-recipients

2024/01/18 - 11:08

UNDERGRADUATE RESEARCH ASSISTANT NEEDED

From: <J.Everitt2@uni[.]brighton[.]ac[.]uk>
2024/01/18 - 11:08
Subject: UNDERGRADUATE RESEARCH ASSISTANT NEEDED
To: undisclosed-recipients

2024/01/11 - 16:02:18 (UTC -06:00)

DS & SDE at Amazon

From: <info@preinssol[.]com>
2024/01/11 - 16:02:18 (UTC -06:00)
Subject: DS & SDE at Amazon
To: undisclosed-recipients

2024/01/11 between 3:03pm CST to 3:05pm CST

Email Confirmation

From: <c_lai6@u[.]pacific[.]edu>
2024/01/11 between 3:03pm CST to 3:05pm CST
Subject: Email Confirmation
To: undisclosed-recipients


Other Scams

If you receive any other kind of scamming or phishing message, please send a ticket to helpdesk@rice.edu.