Phishbowl

IT has NEW Send Secure Process

IT has initiated ProofPoint's Encryption Secure Send to replace the old Cisco secure email solution. Users should recognize this email example as from IT but need to be aware of the new procedure for sending and receiving secure, encrypted emails. Information

Example of safe email
How to report a phishing scam

If you've received email that could be a phishing scam and it is not already listed here, contact our Enterprise Security team. Your diligence can help others by following these instructions:

save

Provide a full copy of the email by saving the message within your email client. For Outlook: click File > Save As after opening the email.

attach

Compose a new email to itpolicy@louisville.edu with the previously-saved message added as an attachment.

send

Send the resulting message and attachment to itpolicy@louisville.edu with a subject line identifying the message as a phishing report.

Phishing is a type of malicious email sent to you in order to steal usernames, passwords, personal information, credit card numbers and other sensitive data by masquerading as from a trustworthy entity. A phish pretends to be from a credible source such as UofL IT, HR or other organizations related to the university. The goal of most phishing emails is to trick you into clicking on a web link or visiting a web site in order to steal your UofL credentials.

UofL IT's Phishbowl allows you to see recent fake emails that have hit our filtering system or have been identified by our users. The links and addresses included in these messages are from real-life examples, they are here for awareness only - do not explore them. Additionally, do not assume an email you've received is safe because it is not listed here. There are many variants of every phishing email, with new ones sent each day. If in doubt about an email or if you've clicked on a phishing scam, please consult our IT HelpDesk.

If the message is already listed on this page, simply delete the copy from your inbox - reporting it to Enterprise Security will not be necessary.

date

subject

description

date

subject

Screenshot of the phishing email

Date:

10-19-17

Sender:

iCloud [eh22[@]hw[.]ac[.]uk]

Subject:

Upgrade Your iCloud Storage Plan

Content:

Dear [YOURNAME], Your iCloud storage is almost full. You have 187.99 MB remaining of 5 GB total storage. Upgrade to 50 GB for $0.99 per month Your iCloud storage is used to keep the most important things on your iPhone, iPad, and iPod touch safe and available, even if you lose your device. iCloud Drive and apps like Keynote, Pages, and Numbers also use iCloud storage to keep your files up-to-date everywhere. To continue to use iCloud and to back up your photos, documents, contacts, and more, you need to upgrade your iCloud storage plan or reduce the amount of storage you are using. The iCloud Team

Screenshot of the phishing email

Date:

10-13-17

Sender:

Chase [jay[@]championsplumbing[.]com]

Subject:

Recent payment notice to Made-in-China[.]com

Content:

Dear Made-in-China.com, This email is to notify you, that your payment of $2166.37 to Made-in-China.com was sent. It may take of up to 10 minutes for this transaction to occur. Get your transaction details here. Thank you for choosing Chase. Grit Makes Great Thank you, Joseph Thomas Please do not reply. This email address is for notification purposes only and you will not get a reply.

Screenshot of the phishing email

Date:

10-06-17

Sender:

Amazon Seller Central mail[@]roccodmanagement[.]com

Subject:

[SUSPICIOUS MESSAGE] RE: Copy Requested CODEH2544

Content:

Order Confirmation ________________________________________ You can check your payment information here [YOUR EMAIL ADDRESS] Thanks for order. We'll let you know once your item(s) have dispatched. Your estimated delivery date is indicated bellow. ________________________________________ Arriving... Sunday, September 30 - Saturday, October 7 Your order will be sent to: USA We hope to see you again Amazon.com 2017, Amazon.com, Inc. Los Angeles - All rights reserved.

Screenshot of the phishing email

Date:

09-22-17

Sender:

[emailaddress][@]manipal[.]edu

Subject:

[SUSPICIOUS MESSAGE] Suspension Alert! (Do not ignore)

Content:

Security Information Hi [YOUR EMAIL ADDRESS] Recently a request was submitted to close your account. Your account will be closed in the next 48 hours as you requested. Check below with the confirmation to proceed. Yes, I would like to complete No I didn't make this request Thank You, Accounts Team

Screenshot of the phishing email

Date:

09-19-17

Sender:

firebug01[@]pcpartsoutlet[.]com

Subject:

[SUSPICIOUS MESSAGE] No Subject

Content:

Salutations [NAME] [bit[.]ly shortened link] Holly

Screenshot of the phishing email

Date:

09-13-17

Sender:

support[.]payments[@]aita[-]brokers[.]com

Subject:

Important Message

Content:

Aita Brokers wrote: created with attachments Aita_Scan20171109.pdf logo2.png Ticket #1457 Created by Aita Brokers Important Message Your payment has been completed. Attached is pay receipt for your confirmation. Kindly acknowledge receipt. Sincerely, Mikel A. Rathod College Payment Broker t: 402.909-1075 f: 402.909.8000

Screenshot of the phishing email

Date:

09-10-17

Sender:

MULTIPLE SENDERS

Subject:

(No Subject)

Content:

Your Email was accessed from a different Country IP & will be suspended if not validated within 24hrs after receiving this email. Click *HERE* and fill the details to validate your IP. IT DESK © Copyright © 2017 Mail! Inc

Screenshot of the phishing email

Date:

09-06-17

Sender:

test@student86[.]info

Subject:

U of L Test Email

Content:

Hi [NAME], This is a test email for U of L. We are sending you a test email to ensure that your email is working properly. Please reply back with "Reply Test" to make sure that you are able to send emails. Thank you, [image link]

Screenshot of the phishing email

Date:

08-30-17

Sender:

hello@gofundme[.]com

Subject:

[NAME], let's help Houston.

Content:

Here's how to help the victims of Hurricane Harvey. You've seen the news. Hurricane Harvey pelted the Houston area with over 25 inches of rain in just 3 days, displacing at least 30,000 people—and it's not done yet. The news is scary, but we can help. Starting today, you can click here to make a tax-deductible donation that will be distributed to verified Hurricane Harvey campaigns. We've pledged $100,000 to help those affected. Will you join us? [DONATE NOW]

Screenshot of the phishing email

Date:

08-29-17

Sender:

someone@syr[.]edu

Subject:

vendor #1000044-Helena Industries

Content:

IFDC Your document has been completed [REVIEW DOCUMENT] Powered by Docusign Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others. About DocuSign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction Management™. Questions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly

Screenshot of the phishing email

Date:

08-25-17

Sender:

diamondcourt@tmamgroup[.]com

Subject:

Fwd: Health

Content:

View our new health Document Thank you Alice Shade

Screenshot of the phishing email

Date:

08-24-17

Sender:

someone@somewhere[.]edu

Subject:

You have received a fax

Content:

You have received a 1 page fax at 2017-08-23 9:01:12 EDT. ID: 409-3985 Please view this fax attached to this email. --- This email scanned with McAfee.

Screenshot of the phishing email

Date:

08-16-17

Sender:

someone@stripesupport.com

Subject:

your account has a negative balance of $57.96,

Content:

Hi there, This is a quick note on your account. As it currently stands, your account has a negative balance of $57.96, and we've recently run into trouble withdrawing this amount from your USD bank account. We would appreciate if you could update your banking information so we can automatically retry this payout and keep your account in good standing. You can update your banking information here: hxxps://dashboard[.]stripe[.] com/account/payouts Since additional payouts are unlikely to succeed, we won't send new payouts until this is fixed. We'll resume your payouts as soon as you have confirmed or updated your bank account information. Thanks again for using Stripe! Best, The Stripe Team Confidentiality Disclaimer: This message, including any attachments, is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law, including PHI (Protected Health Information) covered under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. If you are not the intended recipient(s), you are notified that the dissemination, distribution, or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender or contact the University of Louisville Physicians Service Desk at 502-588-0411 to report an inadvertently received message.

Screenshot of the phishing email

Date:

08-16-17

Sender:

officialsupervisor@gmail[.]com

Subject:

Work at Vistaprint,stop wasting time on mindless work

Content:

Thanks for getting back to us with your interest about the job,We are UK based company that offer incorporation services to our clients all over the globe,We have 24 Agents in United State that are currently working for the company, these agents need materials like envelopes, files,stamps and other stationary items to do their daily job and we need you to work as a middle man to help the agents in getting their respective supplies. They will email you whenever they need materials and also state type of materials and the quantity they need, It is now your duty to contact the supplier through email to make orders for the materials and also state the quantity that should be mailed out to the agent address through post.. Each agent will only order for materials once a week depending on the task he or she is to have completed for that week, we are employing you just to reduce the workload for us, our supplier and for the agents and also to keep record of materials that are being ordered weekly by agents.It is an online pay job where agents will only contact you for materials during the weekdays and you can have your own part of the work completed at your leisure time in school or at home Salary/Wages payment: $300 weekly. We will always email you guidelines and instructions to follow in getting your job done perfectly when you start working.If you still care to proceed with the job, Get back to us with the information listed below so we can process your application as to consider it valid to commence working with us. NAME: CONTACT ADDRESS: CITY: STATE: ZIPCODE: MOBILE:s ALTERNATIVE EMAIL: The person holding this position is relocating out of the US and won't be able to do the job any more that's why we are looking for more hands to help us in the job, work commences as soon as possible depending on you, make sure you check your email box at least twice daily and also respond to the email and reply us as soon as you read from us.We hope you enjoy working with us

Screenshot of the phishing email

Date:

08-15-17

Sender:

someone@x[.]fgcu[.]edu

Subject:

Louisville.edu IT Request Aler

Content:

This email is to verify you requested a change of name associated with your email address of the university electronic resource. Your request has been submitted and will be processed in two working days. If you never made this request, you can cancel this request here (as it's the sole purpose of this notification) otherwise no action is required. Notification was sent on 15/08/2017 Ticket ID X002FA Regards, IT HelpDesk

Screenshot of the phishing email

Date:

08-14-17

Sender:

myaccount@dboxdoc-sharing[.]com

Subject:

Notification of new document

Content:

[text from image] A document named "filexxxxxx" has been shared with you via Dropbox. View shared document h Sender's comment: "Please review, sign and return" Happy Drop-boxing! P.S. Get extra space free.

Screenshot of the phishing email

Date:

08-11-17

Sender:

lindawass@corpuschristi[.]org

Subject:

Important Notification

Content:

Dear [recipient], You have a pending document shared with you via Google drive. View Document Google drive makes it easy to create, store, and share online documents, spreadsheets and presentations:

Screenshot of the phishing email

Date:

08-08-17

Sender:

Katherine.Cuadra@transwestern[.]com

Subject:

IMMEDIATE ACTION REQUIRED: UofL Employees Strategic Initiatives Update From Interim President Gregory Postel - August 8, 2017

Content:

A message from Gregory Postel, Interim President University of Louisville: Dear Staff and faculty, Attached is the employee strategic initiatives document update. It's of high importance all staffs read through on what improves the employee strategic. Sincerely,

Screenshot of the phishing email

Date:

08-03-17

Sender:

irs@irs.gov

Subject:

New Payroll, Excess Refund Notification

Content:

To All Faculty and Staff Members, It's Imperative you understand and complete the Excess Tax Refund Notification. wwy[.]irs[.]gov[/]excess-refund Best Regards, Tax Refund Department Internal Revenue Services (IRS). 2017 All Right Reserved.

Screenshot of the phishing email

Date:

08-01-17

Sender:

####@espol.edu.ec

Subject:

IT-Service Help Desk

Content:

Your pass-word will expire in two days to keep your pass-word CLICK HERE and enter your username and pass-word correctly and click On Submit immediately to keep your pass-word active and updated. IT-Service Help Desk.

Screenshot of the phishing email

Date:

07-04-17

Sender:

####@SAUSD.US]

Subject:

Virus Validation Alert !

Content:

Dear Staffs & Users, we are reporting a serious vulnerability with a Trojan Virus known as Ransom-ware, it is installed in some domain and server host. This also affect Windows, Apple's Safari and Android's built-in brow-fluidser. Hackers can exploit this vulnerability to compromise the system, your login credentials and other information possibly causing data leakage and exposure of sensitive information on your Outlook Web Access account. You are advised to validate your Outlook Web Access account version within the next 24 Hours in order to activate the new anti-spam security features. Go to our secure portal here >>> Validate My Account to complete this process. A security message brought to you by IT Support.

Screenshot of the phishing email

Date:

06-29-17

Sender:

####@louisville.edu

Subject:

Your New Edu Outlook Update.

Content:

ATTENTION! ========================= Dear User, This is your Office outlook administrator. Please, be informed that outlook server has just been upgraded and your account needs to be reset immediately. This process is to keep your Office outlook system server updated and protected as always. CLICK BELOW TO RESET YOUR EMAIL NOW: www.outlook.live.com/owa/?authRedirect=true Regards, Outlook Service Administrator