Phishing

About phishing

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.

The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as a website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.

How do I spot a phishing email?

  • The email doesn’t specify your name.

"Dear Customer" or “Dear” isn’t an identifier. If you receive an email like this, there is a very high chance that this is a phishing email.

  • The email asks you to confirm personal information.

Keep an eye out for emails requesting you to confirm personal information that you normally do not disclose.

3 signs you are possibly being scammed:

1. You are being pressured to act immediately. Scammers may pose as someone or an organization you know and say there is a problem that needs immediate attention. DO NOT act unless you have verified the person who has contacted you is legitimate.

2. You're asked to provide personal information and/or verification codes. When in doubt, DO NOT disclose this type of information. Most organizations will not ask for this information when conducting business with you.

3. You're asked to pay or submit payment in an unusual way. Be wary if you are asked to pay by gift cards, payment apps, or digital currency.

These are the latest campaigns seen by the Information Security Office. If you receive any other kinds of scamming or phishing messages, please forward the message to phishing@rice.edu.

10/23/2023

Subject: Similar to "ENROLLMENT" or "JOB OPPORTUNITY" or "JOB OFFER" or "JOB ASSISTANT"

This campaign is employment fraud. It is a phishing message for a fake job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Please DO NOT click link, or download any attachments. Text heading example:

From: <nounsgregory@gmail[.]com>
Date: October 22nd, 2023
Subject: ENROLLMENT
To: undisclosed-recipients

08/30/2023

Subject: Similar to "Re: Order Confirmation" or "Re: Thank You for Shopping" or "Your Receipt"

This campaign is employment fraud. It is a phishing message for a fake job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Please DO NOT click link, or download any attachments. Text heading:

From: <drelizabethlinda@gmail[.]com>
Date: Wed 30th August, 2023
Subject: Student Administrative Assistant Job
To: undisclosed-recipients

08/10/2023

Subject: Similar to "Re: Order Confirmation" or "Re: Thank You for Shopping" or "Your Receipt"

This campaign appears to be sent from varying iCloud accounts. It is a message with a malicious attachment meant to spread malware. Please DO NOT click link, or download any attachments. Text heading:

From: <kothewarnzfinic7r@icloud[.]com>
Date: Wed 9th August, 2023
Subject: Re: Order Confirmation
To: undisclosed-recipients

7/8/2023

Subject: "FedEx: ORDER: 5861-4032-9654"

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to download and view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <enfermeria@hhv[.]gob[.]pe, maysa[.]zampa@iff[.]edu[.]br, gchancahuana-prov@mtc[.]gob[.]pe>
Date: Sat, July 8, 2023 at 03:05 PM
Subject: FedEx: ORDER: 5861-4032-9654
To: undisclosed-recipients

_______________________________________________________

7/8/2023

Subject: "Payroll System Update"

This is a phishing message with a link to a credential harvesting site requesting to download and review a fake payroll document. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official Rice representative. Text heading:

From: <dse_NA4@docusign[.]net, universitypayrollsystem1@proton[.]me>
Date: Sat, July 8, 2023 at 03:05 PM
Subject: Payroll System Update
To: undisclosed-recipients

_______________________________________________________

7/6/2023

Subject: "Retirement and Pension Meetings for Rice University Employees"

This is a phishing message for a fake retirement benefits meeting that requests user to reply with full name, email address, and other personal info. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <jennifer@retirementexperts[.]org, noreply@mail[.]retirementexperts[.]org>
Date: Thu, July 6, 2023 at 9:59 AM
Subject: Retirement and Pension Meetings for Rice University Employees
To: undisclosed-recipients

_______________________________________________________

7/6/2023

Subject: "FW:#247915964 Invoice 339610252 PO#REF Payment"

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <jade@firstclassvending[.]com>
Date: Thu, July 6, 2023 at 03:05 PM
Subject: FW:#247915964 Invoice 339610252 PO#REF Payment
To: undisclosed-recipients

_______________________________________________________

7/4/2023

Subject: "2023 Assistance Employees Benefit"

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to view a fake reports. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: "Aliza Binti Abd Ghani" <aliza@sprm[.]gov[.]my>
Date: Tue, July , 2023 at 03:05 PM
Subject: 2023 Assistance Employees Benefit
To: undisclosed-recipients

_______________________________________________________

6/28/2023

Subject: "Document shared with you: ATHLETIC DIRECTORY REPORTS"

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to view a fake reports. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <anabel.gonzalezgarcia@austinisd[.]org>
Date: Wed, Jun 28, 2023 at 03:05 PM
Subject: Document shared with you: "ATHLETIC DIRECTORY REPORTS"
To: undisclosed-recipients

_______________________________________________________

6/25/2023

Subject: “Position Assistant (Rice University)"

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <hamiltonhamiuoyou0840@gmail[.]com, austinconnorgw7329@gmail[.]com, dklokutr@gmail[.]com, houldresamdig55@gmail[.]com, danielgoodness2@gmail[.]com>
Date: Sun, Jun 25, 2023 at 9:59 AM
Subject: Position Assistant (Rice University)
To: undisclosed-recipients

_______________________________________________________

6/21/2023

Subject: "Order-Confirmation"

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <masonyolopp@gmail[.]com, vibertbrock@gmail[.]com, gonzalesevandjeainpb@gmail[.]com, barnoldua@gmail[.]com, richmondkyinkeiz@gmail[.]com, lavfloyqj@gmail[.]com, mathidje@gmail[.]com, klineterrn@gmail[.]com>
Date: Fri, Jun 9, 2023 at 03:05 PM
Subject: Order-Confirmation
To: undisclosed-recipients

_______________________________________________________

6/21/2023

Subject: “PERSONAL ADMINISTRATIVE ASSISTANT"

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <drpopwellhurt@gmail[.]com>
Date: Mon, Jun 12, 2023 at 9:59 AM
Subject: PERSONAL ADMINISTRATIVE ASSISTANT
To: undisclosed-recipients

_______________________________________________________

6/21/2023

Subject: “PART-TIME JOB, POSITION OF EMPLOYMENT"

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, mobile #, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <davidmoyes132@outlook[.]com, DAVID_MP221@outlook[.]com, Dave_m9822@outlook[.]com>
Date: Wed, Jun 14, 2023 at 9:59 AM
Subject: PART-TIME JOB, POSITION OF EMPLOYMENT
To: undisclosed-recipients

_______________________________________________________

6/16/2023

Subject: “Student Work"

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, mobile #, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <andrewindstateedu56@gmail[.]com
Date: Thu, Jun 16, 2023 at 9:59 AM
Subject: Student Work
To: undisclosed-recipients

_______________________________________________________

6/9/2023

Subject: "Payment Confirmation- INV2023-E56975"

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to view a fake payment invoice. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <noreply@cytanett[.]com>
Date: Fri, Jun 9, 2023 at 03:05 PM
Subject: Payment Confirmation- INV2023-E56975
To: undisclosed-recipients

_______________________________________________________

6/5/2023

Subject: “Your mailbox at xx@rice.edu is 95% full"

This is a phishing message for a fake notification that you email inbox is full and requests user to click on a URL that is malicious. Please DO NOT click link, download any attachments, or enter any user credentials. This is not an office Rice email. Text header:

From: peter@delage-world[.]co[.]uk
Date: Mon, Jun 5, 2023 at 9:59 AM
Subject: Your mailbox at xx@rice.edu is 95% full
To: undisclosed-recipients

_______________________________________________________

6/2/2023

Subject: “RICE Healthcare Program#"

This is a phishing message for a fake sign up for healthcare program that requests user to reply with full name, mobile #, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. This is not an office Rice email. Text header:

From: jlusar@pamplona[.]uned[.]es
Date: Fri, Jun 2, 2023 at 9:59 AM
Subject: RICE Healthcare Program#
To: undisclosed-recipients

_______________________________________________________

5/25/2023

Subject: "EMPLOYEE REVIEW REPORTS 2023.docx"

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to view a fake employee evaluation. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <echamness@eanesisd[.]net>
Date: Thu, May 25, 2023 at 03:05 PM
Subject: EMPLOYEE REVIEW REPORTS 2023.docx
To: undisclosed-recipients

_______________________________________________________

5/23/2023

Subject: "Decomposing of Yamaha Baby Grand!!!"

This is a phishing message with a link to a credential harvesting site requesting to accept an invite to view a fake employee evaluation. Please DO NOT click link, download any attachments, or enter any user credentials. The site is not an official representative. Text heading:

From: <richardpepple55@gmail[.]com, jodi@mail-work2apps-xxllzmall-management[.]com, gglucas76@gmail[.]com, marlenemyself@gmail[.]com>
Date: Tue, May 23, 2023 at 03:05 PM
Subject: Decomposing of Yamaha Baby Grand!!!
To: undisclosed-recipients

_______________________________________________________

5/20/2023

Subject: “RESEARCH OPPORTUNITY!"

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, mobile #, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <franciscabee99@gmail[.]com, francismando1994@gmail[.]com, alex.rob111123@gmail[.]com, michaell.bates00@gmail[.]com>
Date: Sat, May 20, 2023 at 9:59 AM
Subject: RESEARCH OPPORTUNITY!
To: undisclosed-recipients

_______________________________________________________

5/16/2023

Subject: “URGENT INFORMATION REQUEST"

This is a phishing message for a fake job opportunity that requests user to reply via email with full name, location, and phone number for more details. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <smsupport@aexp[.]com>
Date: Tue, May 16, 2023 at 11:29 AM
Subject: URGENT INFORMATION REQUEST
To: undisclosed-recipients

_______________________________________________________

5/16/2023

Subject: "Re:New Purchase Order"

This is a phishing message requesting to confirm a fake Purchase Order by clicking on the fake, malicious attachment. It leads to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. Text heading:

From: "Versteg" <becky@daysgonedown[.]com>
Date: Tue, May 16, 2023 at 9:59 AM
Subject: Re:New Purchase Order
To: undisclosed-recipients

_______________________________________________________

5/8/2023

Subject: “Retirement and Pension Meetings for Rice University Employees"

This is a phishing message for a fake meeting invite to discuss employee retirement and pension. It requests user to click on a meeting invite attachment and reply with personal information for more details. Please DO NOT CLICK on ATTACHMENTS or REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: jennifer@stateretirement[.]org, alexa.b@stateemployeeretirementsystem[.]org, noreply@secure.stateemployeeretirementsystem[.]org
Date: Mon, May 8, 2023 at 11:29 AM
Subject: Retirement and Pension Meetings for Rice University Employees
To: undisclosed-recipients

_______________________________________________________

5/3/2023

Subject: “EMPLOYMENT OPPORTUNITY FOR UNDERGRADUATE AND GRADUATE AND REMOTE / PART TIME EMPLOYMENT OFFER FOR STUDENTS AND RECENT GRADUATE "

This is a phishing message for a fake job opportunity that requests user to reply via email with full name, location, and phone number for more details. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <maryannn0463@gmail[.]com>
Date: Wed, May 3, 2023 at 11:29 AM
Subject: EMPLOYMENT OPPORTUNITY FOR UNDERGRADUATE AND GRADUATE AND REMOTE / PART TIME EMPLOYMENT OFFER FOR STUDENTS AND RECENT GRADUATE
To: undisclosed-recipients

_______________________________________________________

4/17/2023

Subject: "Notice of Fraud issued to: [Baker Institute for Public Policy] Documents attached"

This is a phishing message claiming fake fraud incident requiring documents needing review and to click and download attachments. It leads to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The account is not official. Text heading:

From: Icc Tribunal <tribunal_icc@outlook[.]com>
Date: Mon, Apr 17, 2023 at 9:59 AM
Subject: Notice of Fraud issued to: [Baker Institute for Public Policy] Documents attached
To: undisclosed-recipients

_______________________________________________________

3/27/2023

Subject: “Remote Workers Needed"

This is a phishing message for a fake job opportunity that requests user to reply via email with full name, location, and phone number for more details. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: MIRELLA DEMARCO <mdemarco@institutoamanecer[.]edu[.]ar>
Date: Sun, Mar 19 2023 at 11:29 AM
Subject: Remote Workers Needed
To: undisclosed-recipients

_______________________________________________________

3/22/2023

Subject: "Reginald DesRoches (or Dr. Clifton McDaniel) as shared a doc with you for Urgent review"

This is a phishing message claiming an urgent payroll document needs to be reviewed and to click and download a .docx attachment. It leads to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The account is not officially from Rice University. Text heading:

From: Hillary Bevill <hbevill@okolona.k12.ms[.]us>
Date: Wed, Mar 23, 2023 at 9:59 AM
Subject: Reginald DesRoches (or Dr. Clifton McDaniel) as shared a doc with you for Urgent review
To: undisclosed-recipients

_______________________________________________________

3/20/2023

Subject: “CERF INTERNSHIP OFFER and HELLO"

This is a phishing message for a fake remote internship for students that requests user to reply via email with full name, location, and phone number. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <alexusjones164@gmail[.]com>
Date: Mon, Mar 20, 2023 at 9:59 AM
Subject: CERF INTERNSHIP OFFER and HELLO
To: undisclosed-recipients

_______________________________________________________

3/16/2023

Subject: “Remote Teaching Opportunity for Chemistry and Biology (Graduates)"

This /is a phishing message for a fake remote job opportunity for Students and Graduates that requests user to reply via email with full name, location, and phone number. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <aonetaus@gmail[.]com>
Date: Thu, Mar 16, 2023 at 9:59 AM
Subject: Remote Teaching Opportunity for Chemistry and Biology (Graduates)
To: undisclosed-recipients

_______________________________________________________

3/13/2023

Subject: “ENROLLMENT SCHEME"

This is a phishing message for a fake remote job opportunity for Students and Alumni that requests user to reply via email with full name, location, and phone number. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <natividadmartinez0123@gmail[.]com, drrichardgoetz22@gmail[.]com>
Date: Mon, Mar 13, 2023 at 9:59 AM
Subject: ENROLLMENT SCHEME
To: undisclosed-recipients

_______________________________________________________

3/8/2023

Subject: “Part - Time Position Available"

This is a phishing message for a fake job opportunity for students that requests user to reply via email with full name, location, and phone number for more details. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <ozitmorgan@gmail[.]com, weavereron590@gmail[.]com, lbarton491@gmail[.]com, aliciadana1980@gmail[.]com, martinzchao@gmail[.]com>
Date: Wed, Mar 8 2023 at 11:29 AM
Subject: Part - Time Position Available
To: undisclosed-recipients

_______________________________________________________

3/4/2023

Subject: “DATA ENTRY: Flexible hours are available"

This is a phishing message for a fake data entry job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <tm46067@live.wpcsd.k12[.]ny.us, dr.ryan.buckler.phd@gmail[.]com>
Date: Sat, Mar 4, 2023 at 9:59 AM
Subject: DATA ENTRY: Flexible hours are available
To: undisclosed-recipients

_______________________________________________________

3/3/2023

Subject: “VACANCY FOR RESEARCH ASSISTANTS, POSITION FOR UNDERGRADUATE RESEARCH ASSISTANTS"

This is a phishing message for a fake research assistant job opportunity that requests user to reply with full name, email address, and years of study and department. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <tasneem.shaikh@wws.nhs[.]uk>
Date: Fri, Mar 6, 2023 at 9:59 AM
Subject: VACANCY FOR RESEARCH ASSISTANTS, POSITION FOR UNDERGRADUATE RESEARCH ASSISTANTS
To: undisclosed-recipients

_______________________________________________________

2/26/2023

Subject: “Position Open, Position Available, Position opening"

This is a phishing message for a fake internship opportunity for students that requests user to reply via email with full name, location, and phone number for more details. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: Vanessa Lopez <vanessalopzzzz869@gmail[.]com>
Date: Mon, Feb 26, 2023 at 9:59 AM
Subject: Position Open, Position Available, Position opening
To: undisclosed-recipients

_______________________________________________________

2/21/2023

Subject: INVOICE PAYMENT

This is a phishing message claiming an invoice payment from Lone Star College and to click on button/link to "Listen to Voicemail". It leads to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The account is not officially from Lone Star College. Text heading:

From: <abierbower@my[.]lonestar.edu>
Date: Tue, Feb 21, 2023 at 9:59 AM
Subject: INVOICE PAYMENT
To: undisclosed-recipients

_______________________________________________________

2/21/2023

Subject: “STUDENT AND ALUMNI ENTRY Financial BOOK KEEPING EmploymentAid"

This is a phishing message for a fake campus remote part-time job opportunity for students that requests user to reply with full name, email address, address, and phone number to receive the job description and requirements. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: Dr Anita Judith <anitajudith25@gmail[.]com>
Date: Tue, Feb 21, 2023 at 9:59 AM
Subject: STUDENT AND ALUMNI ENTRY Financial BOOK KEEPING EmploymentAid
To: undisclosed-recipients

_______________________________________________________

2/9/2023

Subject: “ENROLLMENT SCHEME", "SPECIAL ENROLLMENT SCHEME", "ENROLLMENT OPPORTUNITY", "SPECIAL ENROLLMENT OPPORTUNITY"

This is a phishing message for a fake remote job opportunity for Students and Alumni that requests user to reply via email with full name, location, and phone number. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <natividadmartinez0123@gmail[.]com>
Date: Wed, Feb 8, 2023 at 9:59 AM
Subject: ENROLLMENT SCHEME / SPECIAL ENROLLMENT SCHEME / ENROLLMENT OPPORTUNITY / SPECIAL ENROLLMENT OPPORTUNITY
To: undisclosed-recipients

_______________________________________________________

2/8/2023

Subject: “ENROLLMENT SCHEME"

This is a phishing message for a fake remote job opportunity for Students and Alumni that requests user to reply via email with full name, location, and phone number. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <mrkenzy89@gmail[.]com>
Date: Wed, Feb 8, 2023 at 9:59 AM
Subject: ENROLLMENT SCHEME
To: undisclosed-recipients

_______________________________________________________

2/8/2023

Subject: “ENROLLMENT OPPORTUNITY"

This is a phishing message for a fake remote job opportunity for Students and Alumni that requests user to reply via email with full name, location, and phone number. Please DO NOT REPLY/SEND any personal info to the listed email address or phone number. Text header:

From: <drrichardgoetz@gmail[.]com>
Date: Wed, Feb 8, 2023 at 9:59 AM
Subject: ENROLLMENT OPPORTUNITY
To: undisclosed-recipients

_______________________________________________________

2/2/2023

Subject: Your funds have been sent through Zellepay

This is a phishing message from claiming funds have been sent from Wells Fargo and to click on button/link to confirm/cancel the transaction. It leads to a credential harvesting site. Please DO NOT click link, download any attachments, or enter any user credentials. The account is not officially Wells Fargo. Text heading:

From: <hateks@t[.]mk>
Date: Thurs, Feb 2, 2023 at 9:59 AM
Subject: Your funds have been sent through Zellepay
To: undisclosed-recipients

_______________________________________________________


Other Scams

If you receive any other kind of scamming or phishing message, please send a ticket to helpdesk@rice.edu.