Phishbowl

IT has NEW Send Secure Process

IT has initiated ProofPoint's Encryption Secure Send to replace the old Cisco secure email solution. Users should recognize this email example as from IT but need to be aware of the new procedure for sending and receiving secure, encrypted emails. Information

Example of safe email
How to report a phishing scam

If you've received email that could be a phishing scam and it is not already listed here, contact our Enterprise Security team. Your diligence can help others by following these instructions:

save

Provide a full copy of the email by saving the message within your email client. For Outlook: click File > Save As after opening the email.

attach

Compose a new email to itpolicy@louisville.edu with the previously-saved message added as an attachment.

send

Send the resulting message and attachment to itpolicy@louisville.edu with a subject line identifying the message as a phishing report.

Phishing is a type of malicious email sent to you in order to steal usernames, passwords, personal information, credit card numbers and other sensitive data by masquerading as from a trustworthy entity. A phish pretends to be from a credible source such as UofL IT, HR or other organizations related to the university. The goal of most phishing emails is to trick you into clicking on a web link or visiting a web site in order to steal your UofL credentials.

UofL IT's Phishbowl allows you to see recent fake emails that have hit our filtering system or have been identified by our users. The links and addresses included in these messages are from real-life examples, they are here for awareness only - do not explore them. Additionally, do not assume an email you've received is safe because it is not listed here. There are many variants of every phishing email, with new ones sent each day. If in doubt about an email or if you've clicked on a phishing scam, please consult our IT HelpDesk.

If the message is already listed on this page, simply delete the copy from your inbox - reporting it to Enterprise Security will not be necessary.

date

subject

description

date

subject

Screenshot of the phishing email

Date:

11-12-18

Sender:

someone@yahoo[.]jp

Subject:

A password

Content:

I do know [aPassword] is your pass word. Lets get straight to point. You may not know me and you're probably thinking why you are getting this e mail? No person has paid me to check you. 

Let me tell you, I placed a software on the X videos (pornography) website and you know what, you visited this site to have fun (you know what I mean). When you were viewing videos, your internet browser started out working as a RDP with a key logger which gave me access to your display and also cam. after that, my software program collected every one of your contacts from your Messenger, FB, and e-mail . Next I created a double-screen video. 1st part displays the video you were watching (you have a good taste hehe), and next part shows the view of your webcam, yea its you. 

You will have two options. We should check out each of these options in particulars: 

1st option is to just ignore this e-mail. In this instance, I am going to send your very own video to every one of your contacts and then just think about the awkwardness you can get. And likewise should you be in an important relationship, just how this will affect? 

Next alternative should be to pay me $6000. Let us describe it as a donation. In this instance, I most certainly will straightaway eliminate your video footage. You will keep on going your daily ro utine like this never happened and you surely will never hear back again from me. 

You'll make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google). 

BTC Address: aBitcoinWalletNumber
[case sensitive copy & paste it] 

If you have been looking at going to the cops, okay, this email message cannot be traced back to me. I have covered my steps. I am also not looking to demand much, I just like to be paid. 

You have one day in order to pay. I've a unique pixel within this e mail, and now I know that you have read through this email. If I do not receive the BitCoins, I will send your video recording to all of your contacts including close relatives, coworkers, and many others. Nevertheless, if I do get paid, I'll erase the recording immediately. If you really want proof, reply Yup! and I will certainly send your video recording to your 12 contacts. It's a non-negotiable offer that being said please do not waste my time & yours by responding to this e mail. 
Screenshot of the phishing email

Date:

11-12-18

Sender:

someone@louisville[.]edu

Subject:

[SUSPICIOUS MESSAGE] Account Issue. Changed password. (your password: A password)

Content:

Dear user of cardmail.louisville.edu!

I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account someone@louisville[.]edu: aPassword (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... :)

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.

Transfer $830 to my Bitcoin cryptocurrency wallet: aBitcoinWalletNumber
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am “working” with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!	
Screenshot of the phishing email

Date:

11-09-2018

Sender:

someone@louisville[.]edu

Subject:

WARNING

Content:

Your Email was accessed from a different Country IP & will be suspended if not validated within 24hrs after receiving this email. To validate  Click *HERE* 

Admin Desk
Screenshot of the phishing email

Date:

11-09-2018

Sender:

someone@louisville[.]edu

Subject:

WARNING

Content:

Unusual Login Attempt
For Details Click to Verify

Screenshot of the phishing email

Date:

10-29-2018

Sender:

Comcast Voice

Subject:

New voicemail from (1516) 303-4033 7:34:29 PM

Content:

You received a voice message from 15163034033 for [U of L email name]
Caller-Id: 15163034033
Message length is 00:00:43. Message size is 341 KB

Voicemail Preview:

"This is"

To listen to this message, Play Message.

Preview provided by Microsoft Speech Technology. Learn More...
Screenshot of the phishing email

Date:

10-24-18

Sender:

Helpdesk

Subject:

Maintenance Update

Content:

All servers maintained by IT will undergo routine maintenance.  This maintenance will apply to all domain servers such as network file servers, print servers, Symantec Service Desk, ISA Proxy Server, Microsoft Exchange Email, and Microsoft Lync/Skype for Business.
 
Click here to complete the update because during the maintenance, access to the aforementioned server resources will be intermittent or completely unavailable to the non-updated account.
 
Thank you for your patience while we work through this issue.
 
----Help Desk Team 
Screenshot of the phishing email

Date:

10-22-18

Sender:

From a U of L user

Subject:

Action Required!!!

Content:

Hello,


Our server was recently upgraded to provide you with a better protection and services. Kindly verify your Login Info below for a better protection.

Verify Now

Failure to verify your account within the next 24 to 48 hours will result to total account closure
Thank you for your prompt attention to this matter.

Cordially,

Chief Information Security Officer
Chief Security Officer
Information Technology Services
University of Louisville
Louisville, KY 40292 

Screenshot of the phishing email

Date:

10-08-18

Sender:

louisville.edu <mfmktn@mflour.com.my>

Subject:

(3) of your incoming mails is pending and blocked

Content:

Hi [U of L email name],

Your (3) Incoming important Mails have placed on Pending status. Due to low Mail-Storage.

Kindly Follow the link below to Upgrade your Mail-quota now to receiving all pending incoming mails. 

Upgrade Here

Thank you.

louisville.edu Sevice Team.

Screenshot of the phishing email

Date:

09-18-18

Sender:

Cain Arnold

Subject:

13 New Trends in Campus Facility Mgmt

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

09-14-18

Sender:

Mail Administrator <kania@indonesian-aerospace.com>

Subject:

Mailbox De-activation Notice

Content:

Deactivation Notice

We have received a request to delete your account, Your account will be removed from the site shortly and will be permanently deleted within 24hrs.

(Note: Please ignore this message if the request was from you, If you wish to cancel this request, do so immediately by verifying your details.)

Verify Now
	
If you have additional questions, please contact customer service.

Thanks,	
Mail Administrator.



*** Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. ***

Screenshot of the phishing email

Date:

09-11-18

Sender:

Melinda Sandton <sbpvt2012@yahoo.com.ph>

Subject:

Urgent

Content:

Dearest Friend,
My name is Mrs. Melinda Sandton, I am married to (Mr. Jack Sandton) from South Africa who has an appointment in Tokyo, Japan as the chief Managing director to (Abbes Suzuki Association Tokyo-Japan) under Engineering project/contract awarding section. My husband died as a result of brief illness called heart attack, while he was coming back from (ASA) new location area on project inspection on Saturday 8th Aug 2009 Before his death as a result of our joint account venture we have $15 million (US) dollars in our fixed deposit account.

Dear one I was brought up as an orphan and was married to my late husband for 20 years without a child and am of age, I am 68years now and am suffering from kidney infection and a long time cancer of the lungs, which has partially affected my brain, and from all indication my condition is really deteriorating. According to my doctors, my health is very poor because of the cancer ailment, I cannot stay to live up three months ahead, and I am having serious problem with my husband's family members. I am not afraid of death hence I know where I am going. I know that I am going to be in the bosom of the Lord. Exodus 14 VS 14 says that the lord will fight my course and I shall hold my peace. 
Therefore I need a God fearing person who will assure me that he/she will use this fund to help the Motherless babies, Orphanage, Charity organization and less privileged once, and using for work of God. I took this decision because I don't have any child that will inherit this money. As soon as I receive your reply and consider it right, I shall give you the contact of my attorney who will assist you towards the claim. I want you to always pray for me because I don't have many days to live. 

Thanks
Yours Mrs. Melinda Sandton
Screenshot of the phishing email

Date:

08-07-18

Sender:

Edward Arnold

Subject:

Louisville Wonder In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

08-07-18

Sender:

Edward Arnold

Subject:

Louisville Engineering In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-31-18

Sender:

Internal UofL Address

Subject:

2018 Opportunity

Content:

Mystery Shopping® is accepting applications for qualified individuals (18+) to become shoppers and merchandisers. Its fun and rewarding, and you can choose when and where you want to shop Wal-mart, Rite-aid,Walgreen e.t.c . There is no charge to become a shopper and you do not need previous experience. After you sign up, We would pay $250 per assignment. Apply now  to become a Secret Shopper™.

Thank you for participating.
Mystery Shopping™
6 Research Drive
Shelton, CT 06484. U.S.A
Attn: Sahera Housey
Screenshot of the phishing email

Date:

07-31-18

Sender:

louisville.edu Human Resources Department <gapmd@comcast.net>

Subject:

2018 louisville.edu Surveys ( MUST READ)

Content:

Dear University of Louisville Employee:


Human Resources Department of University of Louisville have developed an employee survey with questions tailored to our employees and invited you to participate in it.You will be asked to anonymously rate many facets of the various departments, assess what you value most in your employment here with University of Louisville, but also to make positive suggestions for improvement.


This survey is web-based to make it quick and simple for us to complete, and for fast reporting and analysis.This survey will take approximately three to Five minutes to complete. Your response will only be used to analyze Please take a moment to complete the following brief  by clicking SURVEY ..


Your responses are completely anonymous.


Thank you in advance for your participation!.
Screenshot of the phishing email

Date:

07-31-18

Sender:

Edward Arnold

Subject:

Louisville Business In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-27-18

Sender:

earnold@networkdomain.info

Subject:

FreeBox file received

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-19-18

Sender:

Internal UofL Address

Subject:

Update

Content:

Dear all,

This is to inform  you all that University of Louisville mail service is currently upgrading to the  latest 2018 anti-virus/anti-spam version.

You are require to validate/verify your account withing the next 48 hours.

Please click HERE to validate your account.

Regards.
It.service@louisville.edu
Screenshot of the phishing email

Date:

06-13-18

Sender:

OnlineFaxing

Subject:

Fax Received

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

06-07-18

Sender:

Jack Simmons

Subject:

Kentucky Law Summit

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

04-25-18

Sender:

someone@gmail[.]com

Subject:

Job Offer

Content:

--
HI, I  have part time job  for you,If interested  get back to me as soon as possible with your resume,Hours are flexible,
It is a personal assistant job,$300 weekly also attach a phone number to contact you on... someone@gmail[.]com
Screenshot of the phishing email

Date:

04-18-18

Sender:

job@walmart[.]com

Subject:

Job Offer

Content:

Walmart Secret Shopper

We have empty positions in our team as a secret customer and we would like for you to be part of it.
You can shop any products you want at your designated store.

Register and if you are selected, you will receive $50 for shopping at Walmart stores and $200-400 payment per assignment.
Shoppers are selected randomly every week and they will be contacted via phone or email.
No experience, fees or interview are required just send us your sincere feedback after your shopping experience.
Your review will make a difference for providing better services and products.

SIGN UP
Screenshot of the phishing email

Date:

04-06-18

Sender:

someone@comcast.net

Subject:

Urgent Request

Content:

Are you free right now? I'll need you to run a task ASAP.

P.S. I'm currently in a meeting right now can't talk, just reply back.
Thanks

Sent from my iPad

Screenshot of the phishing email

Date:

04-06-18

Sender:

someone@louisville[.]edu

Subject:

Sad Trip.......[NAME REDACTED]

Content:

Hello,

How are you doing can u do me a favor?

[NAME REDACTED]
Screenshot of the phishing email

Date:

04-04-18

Sender:

someone@louisville[.]edu

Subject:

Sad Trip.......[NAME REDACTED]

Content:

Hello,

I really hope you get this fast. I could not inform anyone about our trip because it was impromptu.
We had to be in Philippines for a Tour..the program was successful but our journey has turned sour.
We misplaced our wallets and cell phones on our way back to the hotel after we went for sight seeing.
The wallet contains all the valuables we have and now our luggage is in custody of the
hotel management pending when we make payment on outstanding bills we owe.

I am sorry if I am inconveniencing you but I have only very few people to turn to now.
I will be very grateful if I can get a short term loan of  $2,350 USD from you.
This will enable me sort our hotel bills and get my sorry self back home.
I will appreciate any amount you can afford at this moment if not all.
I promise to refund it in full as soon as I return. Please let me know if you can be of any help.

Thanks

[NAME]
Screenshot of the phishing email

Date:

03-27-18

Sender:

someone@ky[.]gov

Subject:

IT-Help ticket.

Content:

You have been invited to take a Satisfaction survey for a recent IT-Help ticket.

Open Your Browser to hxxps://ithelpsurveyinvitationformjfhhhhhhhhhhhhcdfgjl[.]yolasite[.]com/  to take your survey

To view your survey queue at any time, sign in and navigate to Self-Service > My Assessments & Surveys.

Additional details about this Survey are:
Number #:  INC1798292
Short Description: HELP-DESK ALERT.

Description:
Resolved Date: Today
Ref:MSG5211182
Screenshot of the phishing email

Date:

03-21-18

Sender:

test@gblbd[.]com

Subject:

*Unusual activities noticed in [YOURNAME]@louisville[.]edu

Content:

Unusual Activities Notice!!!

Dear [SOMEONE]@louisville[.]edu,


We spotted some unusual activities in your mailbox and to help protect your account,you are quired to sign-in to your account from our Secure Server to confirm to us that you are the owner of this account. .

CLICK HERE TO SIGN IN FROM OUR SECURE SERVER

WARNING!!!
Note that if you don't take this step, we will block your account without further notice.

The Email Security Team

This email can't receive replies. For more information, visit the Email Accounts Help Center.


You received this mandatory email service announcement to update you about important changes to your Email product or account.

© 2018 Secure Email Server
Screenshot of the phishing email

Date:

03-13-18

Sender:

rewards@work-rewards[.]com

Subject:

Your Free Coffee is Waiting

Content:

Hello [NAME], In appreciation to all your hard work, enjoy a free cup of coffee on campus. Download and print your coupon below.

Click Here

University management
Screenshot of the phishing email

Date:

03-12-18

Sender:

Patty.devilee[@]elyciotalen[.]nl

Subject:

I shared "Patty Devilee ENB270 INV-012900 " with you on OneDrive

Content:

OneDrive File ShareThere is 1 item in this folder.
You can add this folder to your own OneDrive.
Click Here To View




Free online storage for your files. Check it out.

Get the OneDrive mobile app. Available for Android | iOS | Windows
Microsoft respects your privacy. To learn more, please read our Privacy Statement.

Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052
This email can't receive replies.
Screenshot of the phishing email

Date:

03-06-18

Sender:

someone@louisville[.]edu

Subject:

New Payroll Notification

Content:

You have 1 new important notification regarding your payroll.

www.louisville.edu/payroll

University of Louisville| Payroll Services.
Screenshot of the phishing email

Date:

03-05-18

Sender:

someone@ilstu[.]edu

Subject:

You have a Faculty message from Phelps Paige

Content:

Hi

You have a Faculty E-Learning message notification file from Phelps Paige. For security reasons, Your message has been encoded.

Kindly SIGN IN HERE again to open and read your message notification.

Thank you,

University of Louisville
Screenshot of the phishing email

Date:

03-02-18

Sender:

someone@louisville[.]edu

Subject:

IT DESK WARNING

Content:

Your  Email was accessed from a different Country IP & will be suspended if not validated within 24hrs after receiving this email. Click *HERE* and fill the details to validate.

Louisville Admin
Screenshot of the phishing email

Date:

03-01-18

Sender:

someone@louisville[.]edu

Subject:

VERIFICATION VALIDATION

Content:

Customer Email ID : 000-5432-89444-DSI

Dear Member, for the safety and integrity of Discover Bank, we have issued this alert message.

New system upgrade, Discover Bank protects and monitor your account in multiple ways. We are constantly developing new security features so that you can be a member of a more secured banking system online.

Here is what you need to do:
For immediate implementation follow
www.discover.com
and follow prompted instructions, once completed Discover Bank will unauthourize any fraudulent access to your acccount.
We value our relationship with you and thank you for choosing Discover Bank.

Sincerely,
Discover Bank, N.A. Member FDIC. Equal Housing Lender
© 2018 Discover Bank Corporation. All rights reserved.
Screenshot of the phishing email

Date:

02-27-18

Sender:

Stephen Williams - someone@aol[.]com

Subject:

I have Just shared a file with you using Adobe

Content:

I have Just shared a file with you using Adobe.


For security purposes, you would be required to sign into your email address to view.


	View shared document
Screenshot of the phishing email

Date:

02-16-18

Sender:

someone@louisville[.]edu

Subject:

IMPORTANT: HELP DESK ALERT

Content:

This is to notify, all Users of Microsoft Office 365 we are validating active accounts.
Kindly confirm that your account is still in use by clicking the validation link below:


Validate Email Account


Sincerely

IT Help Desk
Office of Information Technology
Microsoft Office 365
Screenshot of the phishing email

Date:

02-12-18

Sender:

someone@camposol[.]com[.]pe

Subject:

Onedrive: Contract document

Content:

Dear [NAME]

Your contact sent you a Contract document via Onedrive

Onedrive Team

________________________________________

Importante:

La información contenida en este e-mail es confidencial, privilegiada y esta dirigida exclusivamente
a su destinatario. Cualquier revisión, difusión, distribución o copiado de este mensaje está prohibido.
Si ha recibido este e-mail por error por favor bórrelo y envíe un mensaje al remitente.

The information contained in this e-mail is privileged and confidential and is intended only for its addressee.
Any review, dissemination, distribution or copying of this e-mail is prohibited.
If you have received it by error please delete the original message and e-mail us.
________________________________________
Screenshot of the phishing email

Date:

02-01-18

Sender:

someone@usc[.]edu

Subject:

VERIFICATION OF YOUR REQUEST

Content:

This email is to verify you requested a change of name associated with your email address
of University of Louisville
Your request has been submitted and will be processed in 24 hours.


If you never made this request, you can cancel this request here (as it's the sole purpose of this notification)
otherwise no action is required.



Best Regards,
Information Technology Service
University of Louisville
Louisville, KY 40292




Confidentiality Notice:  This email message, including any attachments, is for the sole use of the intended recipient's) and may contain confidential and privileged information.  Any unauthorized use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
Screenshot of the phishing email

Date:

01-25-18

Sender:

someone@louisville[.]edu

Subject:

IMPORTANT: JUST SENT AN URGENT DOC!

Content:

Hello,
You Have One Important Document Uploaded For You Via Drop Box.

www.dropbox.com

Dropbox Service!
Regards.
Screenshot of the phishing email

Date:

01-25-18

Sender:

peoples-soft[.]2018@comcast[.]net

Subject:

Employee Service 2018

Content:

Hello,

Kindly sign in and review our mandatory 2018 updates.

Thanks

Oracle Peoplesoft
© 2018 Oracle Systems USA, Inc. All Rights Reserved.
Screenshot of the phishing email

Date:

01-24-18

Sender:

someone@andovermgmt[.]com

Subject:

Andover Management Group, LLC

Content:

Find the attached PDF, get back to me if there is any question

Thanks,

Brad
Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@louisville.edu

Subject:

You've Been Selected - Secret Shopper

Content:

Hello [SOMEONE]@louisville.edu,

We have a new Wal-Mart review task available in your area and we would like you to participate.
it's easy,simple,fun and rewarding.There is no charge fee and you do not need previous experience. The assignment will pay `$250.00` per duty. >>Enroll<< Now

Thanks for Participating.
Recruitment Team.
Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@louisville.edu

Subject:

****Your Email Have Exceeded Quota Limit****

Content:

Dear [SOMEONE]@louisville.edu,

Your mailbox is almost full.
465MB	500MB
Current size	Maximum size
You are hereby advised to increase your mailbox quota size automatically by clicking on  [SOMEONE]@louisville.edu  and re-login to automatically increase your mailbox quota size.

IMPORTANT NOTE: You won't be able to send and receive mail messages at 480MB. Upgrading is FREE

Thanks.

©Copyright 2018. All Rights Reserved.
Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@somewhere.com

Subject:

URGENT NOTIFICATION

Content:

This email is to verify you requested a change of name associated with your email address
of  University of Louisville.
Your request has been submitted and will be processed in 24 hours.


If you never made this request, you can cancel this request here (as it's the sole purpose of this notification)
otherwise no action is required.

sincerely,
The University of Louisville.
2301 S 3rd St,
Louisville, KY 40292.,

Confidentiality Notice:  This email message, including any attachments, is for the sole use of the intended recipient's) and may contain confidential and privileged information.  Any unauthorized use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
Screenshot of the phishing email

Date:

01-17-18

Sender:

someone@somewhere.com

Subject:

Security Your Office365 Now

Content:

Dear User,

You have 5 incoming messages returned to our admin server due to temporary old version on Mailbox, kindly upgrade your email address to the new Office 365 WebMail.

CLICK HERE

Once you upgrade to new version WebMail, your incoming Email will reflect within 24hrs.

Sincerely
IT Help Desk
Office of Information Technology
The University
365 Office
Screenshot of the phishing email

Date:

01-11-18

Sender:

someone@southwest.tn.edu

Subject:

Educational Summit Invite 2018

Content:

You have been selected for an all-expense paid/free invite to the  2018 Educational Summit holding at Louisville Kentucky .  Feb/2/2018

Join over 500 Kentucky leaders for a strategic conversation about the value of community partnerships and how those partnerships are transforming the landscape of Kentucky schools and neighborhoods. Hear from top business, education, faith, government and community leaders, as we discuss why community engagement affects Kentucky and all over the united states Progress Meters and how your partnerships directly impact your schools!

Registration Includes free admission to conference, Meet & Greet
View attachment to register and download seminar invitation

Regards
(PDF Attached)
Screenshot of the phishing email

Date:

12-7-17

Sender:

someone@comcast.com

Subject:

Attn Employee Go to ( [URL REDACTED] ) to access migration page

Content:

As part of our ongoing wide upgrade to our email servers, we need to migrate your mailbox to a different server location so it will be compatible with the latest versions of software and security update such as DNS, proxies, single sign-on, ADFS, WAN, LAN, etc. within minutes to ensure 100% protection to all our users.



SUBMIT MIGRATION TICKET THROUGH THE LINK ON THE SUBJECT SENT TO YOU



For security reasons, the Migration portal link will expire within 24-hours.



Notice: To ensure you receive future emails such as maintenance/update notification, make sure your account is updated.



Thanks,

IT Support System