Phishbowl

IT has NEW Send Secure Process

IT has initiated ProofPoint's Encryption Secure Send to replace the old Cisco secure email solution. Users should recognize this email example as from IT but need to be aware of the new procedure for sending and receiving secure, encrypted emails. Information

Example of safe email
How to report a phishing scam

If you've received email that could be a phishing scam and it is not already listed here, contact our Enterprise Security team. Your diligence can help others by following these instructions:

save

Provide a full copy of the email by saving the message within your email client. For Outlook: click File > Save As after opening the email.

attach

Compose a new email to itpolicy@louisville.edu with the previously-saved message added as an attachment.

send

Send the resulting message and attachment to itpolicy@louisville.edu with a subject line identifying the message as a phishing report.

Phishing is a type of malicious email sent to you in order to steal usernames, passwords, personal information, credit card numbers and other sensitive data by masquerading as from a trustworthy entity. A phish pretends to be from a credible source such as UofL IT, HR or other organizations related to the university. The goal of most phishing emails is to trick you into clicking on a web link or visiting a web site in order to steal your UofL credentials.

UofL IT's Phishbowl allows you to see recent fake emails that have hit our filtering system or have been identified by our users. The links and addresses included in these messages are from real-life examples, they are here for awareness only - do not explore them. Additionally, do not assume an email you've received is safe because it is not listed here. There are many variants of every phishing email, with new ones sent each day. If in doubt about an email or if you've clicked on a phishing scam, please consult our IT HelpDesk.

If the message is already listed on this page, simply delete the copy from your inbox - reporting it to Enterprise Security will not be necessary.

date

subject

description

date

subject

Screenshot of the phishing email

Date:

02-13-19

Sender:

calidad.servicio@senoriales[.]com

Subject:

Revisar y responder

Content:




	Hello,

My name is Mario Perez. I have a financial transaction worth $3,900.000 that will benefit both of us. Please contact me with the email below if you want to participate.

Email: drmarperez00@gmail.com

________________________________________
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. 

Screenshot of the phishing email

Date:

02-16-19

Sender:

dr[.]chav79@aol[.]com

Subject:

Respond

Content:

[Name]

I am planning a surprise for some of the staffs with gifts. I need you to get a purchase done, email me once you get this.

Regards

[Impersonating person signature]

Screenshot of the phishing email

Date:

02-12-19

Sender:

someone@gmail[.]com

Subject:

Are you serious

Content:

	Available ?
Screenshot of the phishing email

Date:

02-10-19

Sender:

giny[.]beltran@sisdk12[.]net

Subject:

Re-validate Password

Content:

	Your Email Account Password will expire in 2 days time and you are requested to Re-validate your password within 24hours. Click RE-VALIDATE and Follow Instructions or else you can't have access to your mailbox in 48hours time.
Screenshot of the phishing email

Date:

02-08-19

Sender:

alennema@lps[.]org

Subject:

RE: REPORTED EMERGENCY CONCERN ON CAMPUS

Content:

Hello All,

A n emergency concern identified on Campus. Kindly go through

MEMO released by Security Department;

Thanks

IT-Desk Service

Screenshot of the phishing email

Date:

02-08-19

Sender:

alennema@lps[.]org

Subject:

IT DESK: SECURITY NOTIFICATION ALERT

Content:

Hello All,

An emergency concern identified on Campus. Kindly go through

MEMO released by Security Department;

Thanks

IT-Desk Service

Screenshot of the phishing email

Date:

02-07-19

Sender:

ritta[.]khoury@carsondemand[.]com[.]au

Subject:

Synchronization Error Notification

Content:

You Have (3) messages that are waiting to be delivered to your inbox ( someone@louisville.edu )
This is because of your email failing to pass its SSL encryption Synchronization.
Proceed beneath to recuperate your messages.
Recover Messages
2019 Message Center.

Screenshot of the phishing email

Date:

02-06-19

Sender:

someone@louisville[.]edu

Subject:

Part-time Job opportunity

Content:

	Hello,

This Job is currently recruiting. A Job that will not affect your present employment or studies, fun and rewarding.  You get to make up to $300 weekly, I tried it and i made cool cash, If You are interested you can visit their website at support@pinnaclecustomermetrics[.]com to apply and read more about the job.

Best Regards.

Job Placement & Student Services
University of Louisville
2301 S 3rd St, 
Louisville, KY 40292

Screenshot of the phishing emailScreenshot of the phishing emailScreenshot of the phishing email

Date:

02-04-19

Sender:

jesse[.]yarvis[@]companyinnovative[.]com

Subject:

Do you speak Mandarin and need work? Let IPS help!

Content:

	Innovative Placement Services (‘IPS’) has been helping college graduates obtain legal working status in America for over 10 years.
IPS works with United States corporations that are in need of bi-lingual employees for international business. Currently there is a need for individuals that are fluent in Mandarin Chinese.
IPS can guarantee you get an employee contract and a yearly salary. Then IPS handles all the legalities to help you obtain legal working status; such as, OPT and H1B visa status.
There are no obligations. Why not contact IPS today to see if you qualify for assistance. Usually work is done online so relocation is often not necessary.
Reply to this email or visit us on the web: www.ipsinnovative.com
Ask about our OPT & H1B sponsorship programs before time runs out!
If you do not need these services we apologize for the email; however, if you know someone who does, feel free to contact us about our referral program.
Innovative Placement Services (‘IPS’) 有着十年以上的行业经验,致力于帮助大学生在美国获得合法的工作身份。
IPS与拥有国际业务的美国公司合作,为这些公司寻找双语人才。目前我们正在寻找汉语普通话流利的人才。
IPS可以确保您获得一份工作合同和一定的年薪。并且,IPS将会为您处理所有的法律手续,以此帮助您获得合法的工作身份,例如OPT和H1B 。
如果您认为自己正是IPS寻找的人才,请不要犹豫,马上联系我们!通常,这样的工作可以在线上完成,所以您不需要为了这份工作搬家。
请回复这封邮件或者访问我们的网站www.ipsinnovative.com
如果您不需要这样的帮助,那么打扰之处请见谅。如果有您认识的人需要这项服务,请向他推荐IPS,并且联系我们获取有关推荐奖励的信息。
 
If you no long wish to receive these emails, simply reply:  Unsubscribe

Note:

A payment to a company is not required to apply for a visa. This is scam targeting international students. 
Screenshot of the phishing email

Date:

01-25-19

Sender:

firstname.lastname[.]louisvilel.edu@mail[.]ru

Subject:

REQUEST

Content:

	Hi [someone],
Are you in your office? Send me a quick reply if you are free.
Thanks



-- 
[Impersonating person signature]
[Job title, Department name]
University of Louisville

Screenshot of the phishing email

Date:

01-25-19

Sender:

someone@gmail[.]com

Subject:

Request

Content:

	I need a favor from you kindly email me back as soon as possible.

Regards,
[Impersonated person's signature]]
[Job title]]



Sent from my ipad

Screenshot of the phishing email

Date:

01-25-19

Sender:

firstname.lastname[.]louisvilel.edu@mail[.]ru

Subject:

REQUEST

Content:

	Hi [someone],
Are you in your office? Send me a quick reply if you are free.
Thanks



-- 
[impersonated person signature]
[Job Title]
[Department name]
University of Louisville

Screenshot of the phishing email

Date:

01-24-19

Sender:

riley@peraappointments[.]com

Subject:

KTRS Assistance for University of Louisville Personnel

Content:

	Employee [lastName], 
Each year, as an employee of University of Louisville you are eligible to receive a free one-on-one consultation for answers to your specific state, federal and individual retirement benefit questions. 
At your consultation, you will be provided with information that will tell you: 
•	What your expected income will be from KTRS when you retire.
•	How much longer you will have to work.
•	How you can save more money for retirement, without affecting your take home pay.
•	Which 403(b) options have Guaranteed income when you retire.

Appointments fill up quickly. If you’d like to secure your spot, click on the link below, or simply reply “yes” to this email. 
http://app[.]publicemployeeretirementassistance[.]com/index[.]html#appointment/[] 
All licensed representatives are not employees of the district or KTRS. 
To opt out of future mailings, click on the following link: 
http://app[.]publicemployeeretirementassistance[.]com/index[.]html#appointment/[]/unsubscribe 

Screenshot of the phishing email

Date:

01-22-19

Sender:

talitabellardi@gmail.com

Subject:

[noSubject]

Content:

	Hello,

I contacted your school admin at University of Louisville; I graduated from there. I explained that I was looking for an Administrative/Personal Assistant and your email was sent to me, they said you are an honest person. This job is flexible and extremely rewarding. Get back to me ASAP if you are interested in more information.

Regards,
Christina Bull

Screenshot of the phishing email

Date:

01-17-19

Sender:

j[.]camp6@aol[.]com

Subject:

Re: Purchase

Content:

I need you to get a purchase done, email me once you get this.


Regards,

Neeli Bendapud



Sent from my Mobile Device

Screenshot of the phishing email

Date:

01-16-19

Sender:

ceo.privatemail@twc.com

Subject:

Required

Content:

Are you available? I would like to know if you can help in making purchase for Steam Wallet Gift Cards or Google Play Gift Cards at Starbuck or any store, Let me know if its possible, 
 
Pls, I'm occupied at the moment but will lookout for your reply. 
 
Thanks 
[First Name Last Name]

Sent from my Mobile Device

Screenshot of the phishing email

Date:

01-11-19

Sender:

someone@louisville.edu

Subject:

Your account has been hacked! You need to unlock.

Content:

Hi, stranger!

I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.

You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).

While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

What I've done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes ... but strange for me and other normal people), and the second part shows the recording of your webcam.

What should you do?

Well, I think $663 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don't know, look for "how to buy bitcoins" on Google).

BTC Address: aBitcoinWalletNumber
(This is CASE sensitive, please copy and paste it)

Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don't get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer "Yes!" and resend this letter to youself. 
And I will definitely send your video to your any 17 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people's time by replying to this email.

Bye!

Note:

	Email headers show the FROM header was forged. The account was never hacked. If you have this extortion phish coming to your inbox, please report the phish scam.
Screenshot of the phishing email

Date:

12-13-18

Sender:

arlene.bearmc@telus[.]net

Subject:

aFirstName

Content:

Hi,

I have a new Bank Account and i will like to change my Paycheck Direct Deposit details. Can the change please be effective for the current pay cycle?.

Regards.

Dr. Neeli Bendapudi 

Note:

	Email headers look clear. But, this is a social engineering attempt to impersonate a UofL user.
Screenshot of the phishing email

Date:

12-11-18

Sender:

someone@louisville[.]edu

Subject:

New doc

Content:

You have been sent a new document(s) via Dropbox.
View document online [link]

Please note: Please ignore if you are not the intended recipient.

  
Sent via Dropbox, the award winning mobile admin platform for Field Service companies and contractors.
 
Dropbox™  Ltd.
Copyright © 2018 Dropbox, All rights reserved.

Screenshot of the phishing email

Date:

12-04-18

Sender:

support@sharefile[.]com

Subject:

Citrix ShareFile Password Reset

Content:

There has been a constant increase in internet-account credential (usernames and passwords) theft. Those same credentials are often used to access other accounts. In response to this, we are requiring a password reset and will be incorporating a regularly-scheduled, forced password reset into our normal operating procedures. Users will need to reset their passwords when logging into ShareFile. We believe this is an important step to continue to help our customers use our solutions securely.
To reset your password, please click here.
For help about how to reset your password, please click here.

Screenshot of the phishing emailScreenshot of the phishing email

Date:

11-26-18

Sender:

someone@gmail[.]com

Subject:

Hello are you campus

Content:

	Hello

	I’m in a meeting right now and that's why I’m contacting you through here. I should have call you, but phone is not allowed to be use during the meeting.I don't know when the meeting will be rounding up, And i want you to help me out on something very important right away.

	I’m in the meeting and unable to makes calls like I said earlier . This is very urgent and important . I need you to get this done ASAP 

        I need you to help me get Amazon Gifts card from the store,i will reimburse you back when i get to the office.I need to send it to someone and it is very important cause i'm still in a meeting and i need to get it sent Asap. it one of my best friend son birthday.

Screenshot of the phishing email

Date:

11-26-18

Sender:

someone@yahoo[.]com

Subject:

happy sunday

Content:

	good morning

	I'M IN A MEETING RIGHT NOW AND THAT'S WHY I’M CONTACTING YOU THROUGH HERE. I SHOULD HAVE CALLED YOU BUT PHONE IS NOT ALLOWED TO BE USED DURING THE MEETING. I DON'T KNOW WHEN THE MEETING WILL BE ROUNDING OFF AND I WANT YOU TO HELP ME OUT ON SOMETHING VERY IMPORTANT RIGHT AWAY.

	I NEED YOU TO HELP ME GET AMAZON GIFT CARDS FROM THE STORE, I WILL REIMBURSE YOU BACK WHEN I GET BACK TO THE OFFICE.
	I NEED TO SEND IT TO SOMEONE AND IT IS VERY IMPORTANT. I’M STILL IN A MEETING AND I NEED TO GET IT SENT RIGHT AWAY. IT’S ONE OF MY BEST FRIENDS SON’S BIRTHDAY.

	THE AMOUNT I NEED YOU TO GET RIGHT NOW IS $400; 4/$100 L'LL BE REIMBURSING BACK TO YOU. I NEED PHYSICAL CARDS WHICH YOU ARE GOING TO GET FROM THE STORE. WHEN YOU GET THEM, SCRATCH IT AND TAKE PICTURES OF THE CARDS AND RECEIPT AND ATTACH IT TO HIS PHONE VIA TEXT MESSAGE 
	5593768611
	HIS NAME IS ANDREW LET HIM KNOW IT FROM ME LET ME KNOW WHEN YOU ARE ON YOUR WAY TO GET IT OK

Screenshot of the phishing email

Date:

11-26-18

Sender:

noreply_email_apple@weberhodgesgodwin.com

Subject:

Your invoice from Apple #ID: 237556

Content:

Receipt	
		
APPLE ID
someone@louisville.edu 
BILLED TO
Apple Store 	TOTAL
$29.99
INVOICE DATE
November 21, 2018, 7:14 pm		
ORDER ID
VBZONLNOPP
DOCUMENT NO.
675231833496		
		
App Store	TYPE	PURCHASED FROM	PRICE
 
Mobile Legends: Bang Bang, 1,500 Diamonds
Report a Problem 
In-App Purchase	IPAD PRO 9.7	$29.99
				
TOTAL		$29.99

	If you have any questions about your bill, visit iTunes Support. Learn how to manage your password preferences for iTunes, iBooks and App Store purchases. 	

	Apple ID Summary • Terms of Sale • Privacy Policy 

	Copyright © 2018 Apple Distribution International All rights reserved 

Screenshot of the phishing email

Date:

10-04-2018

Sender:

fuyguroglu@ciu[.]edu[.]tr

Subject:

E-Signature Forms

Content:

 University of Louisville   E-Signature Forms

E-Signature form "Special Instructional Assignments (Summer/Winter)" has been sent to you.
Click here to view the form.

If you need assistance, please contact the IT Helpdesk.

Warm Regards,
Help-desk.

Screenshot of the phishing email

Date:

11-12-18

Sender:

someone@yahoo[.]jp

Subject:

A password

Content:

I do know [aPassword] is your pass word. Lets get straight to point. You may not know me and you're probably thinking why you are getting this e mail? No person has paid me to check you. 

Let me tell you, I placed a software on the X videos (pornography) website and you know what, you visited this site to have fun (you know what I mean). When you were viewing videos, your internet browser started out working as a RDP with a key logger which gave me access to your display and also cam. after that, my software program collected every one of your contacts from your Messenger, FB, and e-mail . Next I created a double-screen video. 1st part displays the video you were watching (you have a good taste hehe), and next part shows the view of your webcam, yea its you. 

You will have two options. We should check out each of these options in particulars: 

1st option is to just ignore this e-mail. In this instance, I am going to send your very own video to every one of your contacts and then just think about the awkwardness you can get. And likewise should you be in an important relationship, just how this will affect? 

Next alternative should be to pay me $6000. Let us describe it as a donation. In this instance, I most certainly will straightaway eliminate your video footage. You will keep on going your daily ro utine like this never happened and you surely will never hear back again from me. 

You'll make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google). 

BTC Address: aBitcoinWalletNumber
[case sensitive copy & paste it] 

If you have been looking at going to the cops, okay, this email message cannot be traced back to me. I have covered my steps. I am also not looking to demand much, I just like to be paid. 

You have one day in order to pay. I've a unique pixel within this e mail, and now I know that you have read through this email. If I do not receive the BitCoins, I will send your video recording to all of your contacts including close relatives, coworkers, and many others. Nevertheless, if I do get paid, I'll erase the recording immediately. If you really want proof, reply Yup! and I will certainly send your video recording to your 12 contacts. It's a non-negotiable offer that being said please do not waste my time & yours by responding to this e mail. 
Screenshot of the phishing email

Date:

11-12-18

Sender:

someone@louisville[.]edu

Subject:

[SUSPICIOUS MESSAGE] Account Issue. Changed password. (your password: A password)

Content:

Dear user of cardmail.louisville.edu!

I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account someone@louisville[.]edu: aPassword (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... :)

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.

Transfer $830 to my Bitcoin cryptocurrency wallet: aBitcoinWalletNumber
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am “working” with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!	
Screenshot of the phishing email

Date:

11-09-2018

Sender:

someone@louisville[.]edu

Subject:

WARNING

Content:

Your Email was accessed from a different Country IP & will be suspended if not validated within 24hrs after receiving this email. To validate  Click *HERE* 

Admin Desk
Screenshot of the phishing email

Date:

11-09-2018

Sender:

someone@louisville[.]edu

Subject:

WARNING

Content:

Unusual Login Attempt
For Details Click to Verify

Screenshot of the phishing email

Date:

10-29-2018

Sender:

Comcast Voice

Subject:

New voicemail from (1516) 303-4033 7:34:29 PM

Content:

You received a voice message from 15163034033 for [U of L email name]
Caller-Id: 15163034033
Message length is 00:00:43. Message size is 341 KB

Voicemail Preview:

"This is"

To listen to this message, Play Message.

Preview provided by Microsoft Speech Technology. Learn More...
Screenshot of the phishing email

Date:

10-24-18

Sender:

Helpdesk

Subject:

Maintenance Update

Content:

All servers maintained by IT will undergo routine maintenance.  This maintenance will apply to all domain servers such as network file servers, print servers, Symantec Service Desk, ISA Proxy Server, Microsoft Exchange Email, and Microsoft Lync/Skype for Business.
 
Click here to complete the update because during the maintenance, access to the aforementioned server resources will be intermittent or completely unavailable to the non-updated account.
 
Thank you for your patience while we work through this issue.
 
----Help Desk Team 
Screenshot of the phishing email

Date:

10-22-18

Sender:

From a U of L user

Subject:

Action Required!!!

Content:

Hello,


Our server was recently upgraded to provide you with a better protection and services. Kindly verify your Login Info below for a better protection.

Verify Now

Failure to verify your account within the next 24 to 48 hours will result to total account closure
Thank you for your prompt attention to this matter.

Cordially,

Chief Information Security Officer
Chief Security Officer
Information Technology Services
University of Louisville
Louisville, KY 40292 

Screenshot of the phishing email

Date:

10-08-18

Sender:

louisville.edu <mfmktn@mflour.com.my>

Subject:

(3) of your incoming mails is pending and blocked

Content:

Hi [U of L email name],

Your (3) Incoming important Mails have placed on Pending status. Due to low Mail-Storage.

Kindly Follow the link below to Upgrade your Mail-quota now to receiving all pending incoming mails. 

Upgrade Here

Thank you.

louisville.edu Sevice Team.

Screenshot of the phishing email

Date:

09-18-18

Sender:

Cain Arnold

Subject:

13 New Trends in Campus Facility Mgmt

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

09-14-18

Sender:

Mail Administrator <kania@indonesian-aerospace.com>

Subject:

Mailbox De-activation Notice

Content:

Deactivation Notice

We have received a request to delete your account, Your account will be removed from the site shortly and will be permanently deleted within 24hrs.

(Note: Please ignore this message if the request was from you, If you wish to cancel this request, do so immediately by verifying your details.)

Verify Now
	
If you have additional questions, please contact customer service.

Thanks,	
Mail Administrator.



*** Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. ***

Screenshot of the phishing email

Date:

09-11-18

Sender:

Melinda Sandton <sbpvt2012@yahoo.com.ph>

Subject:

Urgent

Content:

Dearest Friend,
My name is Mrs. Melinda Sandton, I am married to (Mr. Jack Sandton) from South Africa who has an appointment in Tokyo, Japan as the chief Managing director to (Abbes Suzuki Association Tokyo-Japan) under Engineering project/contract awarding section. My husband died as a result of brief illness called heart attack, while he was coming back from (ASA) new location area on project inspection on Saturday 8th Aug 2009 Before his death as a result of our joint account venture we have $15 million (US) dollars in our fixed deposit account.

Dear one I was brought up as an orphan and was married to my late husband for 20 years without a child and am of age, I am 68years now and am suffering from kidney infection and a long time cancer of the lungs, which has partially affected my brain, and from all indication my condition is really deteriorating. According to my doctors, my health is very poor because of the cancer ailment, I cannot stay to live up three months ahead, and I am having serious problem with my husband's family members. I am not afraid of death hence I know where I am going. I know that I am going to be in the bosom of the Lord. Exodus 14 VS 14 says that the lord will fight my course and I shall hold my peace. 
Therefore I need a God fearing person who will assure me that he/she will use this fund to help the Motherless babies, Orphanage, Charity organization and less privileged once, and using for work of God. I took this decision because I don't have any child that will inherit this money. As soon as I receive your reply and consider it right, I shall give you the contact of my attorney who will assist you towards the claim. I want you to always pray for me because I don't have many days to live. 

Thanks
Yours Mrs. Melinda Sandton
Screenshot of the phishing email

Date:

08-07-18

Sender:

Edward Arnold

Subject:

Louisville Wonder In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

08-07-18

Sender:

Edward Arnold

Subject:

Louisville Engineering In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-31-18

Sender:

Internal UofL Address

Subject:

2018 Opportunity

Content:

Mystery Shopping® is accepting applications for qualified individuals (18+) to become shoppers and merchandisers. Its fun and rewarding, and you can choose when and where you want to shop Wal-mart, Rite-aid,Walgreen e.t.c . There is no charge to become a shopper and you do not need previous experience. After you sign up, We would pay $250 per assignment. Apply now  to become a Secret Shopper™.

Thank you for participating.
Mystery Shopping™
6 Research Drive
Shelton, CT 06484. U.S.A
Attn: Sahera Housey
Screenshot of the phishing email

Date:

07-31-18

Sender:

louisville.edu Human Resources Department <gapmd@comcast.net>

Subject:

2018 louisville.edu Surveys ( MUST READ)

Content:

Dear University of Louisville Employee:


Human Resources Department of University of Louisville have developed an employee survey with questions tailored to our employees and invited you to participate in it.You will be asked to anonymously rate many facets of the various departments, assess what you value most in your employment here with University of Louisville, but also to make positive suggestions for improvement.


This survey is web-based to make it quick and simple for us to complete, and for fast reporting and analysis.This survey will take approximately three to Five minutes to complete. Your response will only be used to analyze Please take a moment to complete the following brief  by clicking SURVEY ..


Your responses are completely anonymous.


Thank you in advance for your participation!.
Screenshot of the phishing email

Date:

07-31-18

Sender:

Edward Arnold

Subject:

Louisville Business In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-27-18

Sender:

earnold@networkdomain.info

Subject:

FreeBox file received

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-19-18

Sender:

Internal UofL Address

Subject:

Update

Content:

Dear all,

This is to inform  you all that University of Louisville mail service is currently upgrading to the  latest 2018 anti-virus/anti-spam version.

You are require to validate/verify your account withing the next 48 hours.

Please click HERE to validate your account.

Regards.
It.service@louisville.edu
Screenshot of the phishing email

Date:

06-13-18

Sender:

OnlineFaxing

Subject:

Fax Received

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

06-07-18

Sender:

Jack Simmons

Subject:

Kentucky Law Summit

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

04-25-18

Sender:

someone@gmail[.]com

Subject:

Job Offer

Content:

--
HI, I  have part time job  for you,If interested  get back to me as soon as possible with your resume,Hours are flexible,
It is a personal assistant job,$300 weekly also attach a phone number to contact you on... someone@gmail[.]com
Screenshot of the phishing email

Date:

04-18-18

Sender:

job@walmart[.]com

Subject:

Job Offer

Content:

Walmart Secret Shopper

We have empty positions in our team as a secret customer and we would like for you to be part of it.
You can shop any products you want at your designated store.

Register and if you are selected, you will receive $50 for shopping at Walmart stores and $200-400 payment per assignment.
Shoppers are selected randomly every week and they will be contacted via phone or email.
No experience, fees or interview are required just send us your sincere feedback after your shopping experience.
Your review will make a difference for providing better services and products.

SIGN UP
Screenshot of the phishing email

Date:

04-06-18

Sender:

someone@comcast.net

Subject:

Urgent Request

Content:

Are you free right now? I'll need you to run a task ASAP.

P.S. I'm currently in a meeting right now can't talk, just reply back.
Thanks

Sent from my iPad

Screenshot of the phishing email

Date:

04-06-18

Sender:

someone@louisville[.]edu

Subject:

Sad Trip.......[NAME REDACTED]

Content:

Hello,

How are you doing can u do me a favor?

[NAME REDACTED]
Screenshot of the phishing email

Date:

04-04-18

Sender:

someone@louisville[.]edu

Subject:

Sad Trip.......[NAME REDACTED]

Content:

Hello,

I really hope you get this fast. I could not inform anyone about our trip because it was impromptu.
We had to be in Philippines for a Tour..the program was successful but our journey has turned sour.
We misplaced our wallets and cell phones on our way back to the hotel after we went for sight seeing.
The wallet contains all the valuables we have and now our luggage is in custody of the
hotel management pending when we make payment on outstanding bills we owe.

I am sorry if I am inconveniencing you but I have only very few people to turn to now.
I will be very grateful if I can get a short term loan of  $2,350 USD from you.
This will enable me sort our hotel bills and get my sorry self back home.
I will appreciate any amount you can afford at this moment if not all.
I promise to refund it in full as soon as I return. Please let me know if you can be of any help.

Thanks

[NAME]
Screenshot of the phishing email

Date:

03-27-18

Sender:

someone@ky[.]gov

Subject:

IT-Help ticket.

Content:

You have been invited to take a Satisfaction survey for a recent IT-Help ticket.

Open Your Browser to hxxps://ithelpsurveyinvitationformjfhhhhhhhhhhhhcdfgjl[.]yolasite[.]com/  to take your survey

To view your survey queue at any time, sign in and navigate to Self-Service > My Assessments & Surveys.

Additional details about this Survey are:
Number #:  INC1798292
Short Description: HELP-DESK ALERT.

Description:
Resolved Date: Today
Ref:MSG5211182
Screenshot of the phishing email

Date:

03-21-18

Sender:

test@gblbd[.]com

Subject:

*Unusual activities noticed in [YOURNAME]@louisville[.]edu

Content:

Unusual Activities Notice!!!

Dear [SOMEONE]@louisville[.]edu,


We spotted some unusual activities in your mailbox and to help protect your account,you are quired to sign-in to your account from our Secure Server to confirm to us that you are the owner of this account. .

CLICK HERE TO SIGN IN FROM OUR SECURE SERVER

WARNING!!!
Note that if you don't take this step, we will block your account without further notice.

The Email Security Team

This email can't receive replies. For more information, visit the Email Accounts Help Center.


You received this mandatory email service announcement to update you about important changes to your Email product or account.

© 2018 Secure Email Server
Screenshot of the phishing email

Date:

03-13-18

Sender:

rewards@work-rewards[.]com

Subject:

Your Free Coffee is Waiting

Content:

Hello [NAME], In appreciation to all your hard work, enjoy a free cup of coffee on campus. Download and print your coupon below.

Click Here

University management
Screenshot of the phishing email

Date:

03-12-18

Sender:

Patty.devilee[@]elyciotalen[.]nl

Subject:

I shared "Patty Devilee ENB270 INV-012900 " with you on OneDrive

Content:

OneDrive File ShareThere is 1 item in this folder.
You can add this folder to your own OneDrive.
Click Here To View




Free online storage for your files. Check it out.

Get the OneDrive mobile app. Available for Android | iOS | Windows
Microsoft respects your privacy. To learn more, please read our Privacy Statement.

Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052
This email can't receive replies.
Screenshot of the phishing email

Date:

03-06-18

Sender:

someone@louisville[.]edu

Subject:

New Payroll Notification

Content:

You have 1 new important notification regarding your payroll.

www.louisville.edu/payroll

University of Louisville| Payroll Services.
Screenshot of the phishing email

Date:

03-05-18

Sender:

someone@ilstu[.]edu

Subject:

You have a Faculty message from Phelps Paige

Content:

Hi

You have a Faculty E-Learning message notification file from Phelps Paige. For security reasons, Your message has been encoded.

Kindly SIGN IN HERE again to open and read your message notification.

Thank you,

University of Louisville
Screenshot of the phishing email

Date:

03-02-18

Sender:

someone@louisville[.]edu

Subject:

IT DESK WARNING

Content:

Your  Email was accessed from a different Country IP & will be suspended if not validated within 24hrs after receiving this email. Click *HERE* and fill the details to validate.

Louisville Admin
Screenshot of the phishing email

Date:

03-01-18

Sender:

someone@louisville[.]edu

Subject:

VERIFICATION VALIDATION

Content:

Customer Email ID : 000-5432-89444-DSI

Dear Member, for the safety and integrity of Discover Bank, we have issued this alert message.

New system upgrade, Discover Bank protects and monitor your account in multiple ways. We are constantly developing new security features so that you can be a member of a more secured banking system online.

Here is what you need to do:
For immediate implementation follow
www.discover.com
and follow prompted instructions, once completed Discover Bank will unauthourize any fraudulent access to your acccount.
We value our relationship with you and thank you for choosing Discover Bank.

Sincerely,
Discover Bank, N.A. Member FDIC. Equal Housing Lender
© 2018 Discover Bank Corporation. All rights reserved.
Screenshot of the phishing email

Date:

02-27-18

Sender:

Stephen Williams - someone@aol[.]com

Subject:

I have Just shared a file with you using Adobe

Content:

I have Just shared a file with you using Adobe.


For security purposes, you would be required to sign into your email address to view.


	View shared document
Screenshot of the phishing email

Date:

02-16-18

Sender:

someone@louisville[.]edu

Subject:

IMPORTANT: HELP DESK ALERT

Content:

This is to notify, all Users of Microsoft Office 365 we are validating active accounts.
Kindly confirm that your account is still in use by clicking the validation link below:


Validate Email Account


Sincerely

IT Help Desk
Office of Information Technology
Microsoft Office 365
Screenshot of the phishing email

Date:

02-12-18

Sender:

someone@camposol[.]com[.]pe

Subject:

Onedrive: Contract document

Content:

Dear [NAME]

Your contact sent you a Contract document via Onedrive

Onedrive Team

________________________________________

Importante:

La información contenida en este e-mail es confidencial, privilegiada y esta dirigida exclusivamente
a su destinatario. Cualquier revisión, difusión, distribución o copiado de este mensaje está prohibido.
Si ha recibido este e-mail por error por favor bórrelo y envíe un mensaje al remitente.

The information contained in this e-mail is privileged and confidential and is intended only for its addressee.
Any review, dissemination, distribution or copying of this e-mail is prohibited.
If you have received it by error please delete the original message and e-mail us.
________________________________________
Screenshot of the phishing email

Date:

02-01-18

Sender:

someone@usc[.]edu

Subject:

VERIFICATION OF YOUR REQUEST

Content:

This email is to verify you requested a change of name associated with your email address
of University of Louisville
Your request has been submitted and will be processed in 24 hours.


If you never made this request, you can cancel this request here (as it's the sole purpose of this notification)
otherwise no action is required.



Best Regards,
Information Technology Service
University of Louisville
Louisville, KY 40292




Confidentiality Notice:  This email message, including any attachments, is for the sole use of the intended recipient's) and may contain confidential and privileged information.  Any unauthorized use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
Screenshot of the phishing email

Date:

01-25-18

Sender:

someone@louisville[.]edu

Subject:

IMPORTANT: JUST SENT AN URGENT DOC!

Content:

Hello,
You Have One Important Document Uploaded For You Via Drop Box.

www.dropbox.com

Dropbox Service!
Regards.
Screenshot of the phishing email

Date:

01-25-18

Sender:

peoples-soft[.]2018@comcast[.]net

Subject:

Employee Service 2018

Content:

Hello,

Kindly sign in and review our mandatory 2018 updates.

Thanks

Oracle Peoplesoft
© 2018 Oracle Systems USA, Inc. All Rights Reserved.
Screenshot of the phishing email

Date:

01-24-18

Sender:

someone@andovermgmt[.]com

Subject:

Andover Management Group, LLC

Content:

Find the attached PDF, get back to me if there is any question

Thanks,

Brad
Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@louisville.edu

Subject:

You've Been Selected - Secret Shopper

Content:

Hello [SOMEONE]@louisville.edu,

We have a new Wal-Mart review task available in your area and we would like you to participate.
it's easy,simple,fun and rewarding.There is no charge fee and you do not need previous experience. The assignment will pay `$250.00` per duty. >>Enroll<< Now

Thanks for Participating.
Recruitment Team.
Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@louisville.edu

Subject:

****Your Email Have Exceeded Quota Limit****

Content:

Dear [SOMEONE]@louisville.edu,

Your mailbox is almost full.
465MB	500MB
Current size	Maximum size
You are hereby advised to increase your mailbox quota size automatically by clicking on  [SOMEONE]@louisville.edu  and re-login to automatically increase your mailbox quota size.

IMPORTANT NOTE: You won't be able to send and receive mail messages at 480MB. Upgrading is FREE

Thanks.

©Copyright 2018. All Rights Reserved.
Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@somewhere.com

Subject:

URGENT NOTIFICATION

Content:

This email is to verify you requested a change of name associated with your email address
of  University of Louisville.
Your request has been submitted and will be processed in 24 hours.


If you never made this request, you can cancel this request here (as it's the sole purpose of this notification)
otherwise no action is required.

sincerely,
The University of Louisville.
2301 S 3rd St,
Louisville, KY 40292.,

Confidentiality Notice:  This email message, including any attachments, is for the sole use of the intended recipient's) and may contain confidential and privileged information.  Any unauthorized use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
Screenshot of the phishing email

Date:

01-17-18

Sender:

someone@somewhere.com

Subject:

Security Your Office365 Now

Content:

Dear User,

You have 5 incoming messages returned to our admin server due to temporary old version on Mailbox, kindly upgrade your email address to the new Office 365 WebMail.

CLICK HERE

Once you upgrade to new version WebMail, your incoming Email will reflect within 24hrs.

Sincerely
IT Help Desk
Office of Information Technology
The University
365 Office
Screenshot of the phishing email

Date:

01-11-18

Sender:

someone@southwest.tn.edu

Subject:

Educational Summit Invite 2018

Content:

You have been selected for an all-expense paid/free invite to the  2018 Educational Summit holding at Louisville Kentucky .  Feb/2/2018

Join over 500 Kentucky leaders for a strategic conversation about the value of community partnerships and how those partnerships are transforming the landscape of Kentucky schools and neighborhoods. Hear from top business, education, faith, government and community leaders, as we discuss why community engagement affects Kentucky and all over the united states Progress Meters and how your partnerships directly impact your schools!

Registration Includes free admission to conference, Meet & Greet
View attachment to register and download seminar invitation

Regards
(PDF Attached)
Screenshot of the phishing email

Date:

12-7-17

Sender:

someone@comcast.com

Subject:

Attn Employee Go to ( [URL REDACTED] ) to access migration page

Content:

As part of our ongoing wide upgrade to our email servers, we need to migrate your mailbox to a different server location so it will be compatible with the latest versions of software and security update such as DNS, proxies, single sign-on, ADFS, WAN, LAN, etc. within minutes to ensure 100% protection to all our users.



SUBMIT MIGRATION TICKET THROUGH THE LINK ON THE SUBJECT SENT TO YOU



For security reasons, the Migration portal link will expire within 24-hours.



Notice: To ensure you receive future emails such as maintenance/update notification, make sure your account is updated.



Thanks,

IT Support System