Phishbowl

IT has NEW Send Secure Process

IT has initiated ProofPoint's Encryption Secure Send to replace the old Cisco secure email solution. Users should recognize this email example as from IT but need to be aware of the new procedure for sending and receiving secure, encrypted emails. Information

How to report a phishing scam

If you've received email that could be a phishing scam and it is not already listed here, contact our Enterprise Security team. Your diligence can help others by following these instructions:

save

Provide a full copy of the email by saving the message within your email client. For Outlook: click File > Save As after opening the email.

attach

Compose a new email to itpolicy@louisville.edu with the previously-saved message added as an attachment.

send

Send the resulting message and attachment to itpolicy@louisville.edu with a subject line identifying the message as a phishing report.

Phishing is a type of malicious email sent to you in order to steal usernames, passwords, personal information, credit card numbers and other sensitive data by masquerading as from a trustworthy entity. A phish pretends to be from a credible source such as UofL IT, HR or other organizations related to the university. The goal of most phishing emails is to trick you into clicking on a web link or visiting a web site in order to steal your UofL credentials.

UofL IT's Phishbowl allows you to see recent fake emails that have hit our filtering system or have been identified by our users. The links and addresses included in these messages are from real-life examples, they are here for awareness only - do not explore them. Additionally, do not assume an email you've received is safe because it is not listed here. There are many variants of every phishing email, with new ones sent each day. If in doubt about an email or if you've clicked on a phishing scam, please consult our IT HelpDesk.

date

subject

description

date

subject

Screenshot of the phishing email

Date:

08-16-17

Sender:

someone@stripesupport.com

Subject:

your account has a negative balance of $57.96,

Content:

Hi there, This is a quick note on your account. As it currently stands, your account has a negative balance of $57.96, and we've recently run into trouble withdrawing this amount from your USD bank account. We would appreciate if you could update your banking information so we can automatically retry this payout and keep your account in good standing. You can update your banking information here: hxxps://dashboard[.]stripe[.] com/account/payouts Since additional payouts are unlikely to succeed, we won't send new payouts until this is fixed. We'll resume your payouts as soon as you have confirmed or updated your bank account information. Thanks again for using Stripe! Best, The Stripe Team Confidentiality Disclaimer: This message, including any attachments, is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law, including PHI (Protected Health Information) covered under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. If you are not the intended recipient(s), you are notified that the dissemination, distribution, or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender or contact the University of Louisville Physicians Service Desk at 502-588-0411 to report an inadvertently received message.

Screenshot of the phishing email

Date:

08-16-17

Sender:

officialsupervisor@gmail[.]com

Subject:

Work at Vistaprint,stop wasting time on mindless work

Content:

Thanks for getting back to us with your interest about the job,We are UK based company that offer incorporation services to our clients all over the globe,We have 24 Agents in United State that are currently working for the company, these agents need materials like envelopes, files,stamps and other stationary items to do their daily job and we need you to work as a middle man to help the agents in getting their respective supplies. They will email you whenever they need materials and also state type of materials and the quantity they need, It is now your duty to contact the supplier through email to make orders for the materials and also state the quantity that should be mailed out to the agent address through post.. Each agent will only order for materials once a week depending on the task he or she is to have completed for that week, we are employing you just to reduce the workload for us, our supplier and for the agents and also to keep record of materials that are being ordered weekly by agents.It is an online pay job where agents will only contact you for materials during the weekdays and you can have your own part of the work completed at your leisure time in school or at home Salary/Wages payment: $300 weekly. We will always email you guidelines and instructions to follow in getting your job done perfectly when you start working.If you still care to proceed with the job, Get back to us with the information listed below so we can process your application as to consider it valid to commence working with us. NAME: CONTACT ADDRESS: CITY: STATE: ZIPCODE: MOBILE:s ALTERNATIVE EMAIL: The person holding this position is relocating out of the US and won't be able to do the job any more that's why we are looking for more hands to help us in the job, work commences as soon as possible depending on you, make sure you check your email box at least twice daily and also respond to the email and reply us as soon as you read from us.We hope you enjoy working with us

Screenshot of the phishing email

Date:

08-15-17

Sender:

someone@x[.]fgcu[.]edu

Subject:

Louisville.edu IT Request Aler

Content:

This email is to verify you requested a change of name associated with your email address of the university electronic resource. Your request has been submitted and will be processed in two working days. If you never made this request, you can cancel this request here (as it's the sole purpose of this notification) otherwise no action is required. Notification was sent on 15/08/2017 Ticket ID X002FA Regards, IT HelpDesk

Screenshot of the phishing email

Date:

08-14-17

Sender:

myaccount@dboxdoc-sharing[.]com

Subject:

Notification of new document

Content:

[text from image] A document named "filexxxxxx" has been shared with you via Dropbox. View shared document h Sender's comment: "Please review, sign and return" Happy Drop-boxing! P.S. Get extra space free.

Screenshot of the phishing email

Date:

08-11-17

Sender:

lindawass@corpuschristi[.]org

Subject:

Important Notification

Content:

Dear [recipient], You have a pending document shared with you via Google drive. View Document Google drive makes it easy to create, store, and share online documents, spreadsheets and presentations:

Screenshot of the phishing email

Date:

08-08-17

Sender:

Katherine.Cuadra@transwestern[.]com

Subject:

IMMEDIATE ACTION REQUIRED: UofL Employees Strategic Initiatives Update From Interim President Gregory Postel - August 8, 2017

Content:

A message from Gregory Postel, Interim President University of Louisville: Dear Staff and faculty, Attached is the employee strategic initiatives document update. It's of high importance all staffs read through on what improves the employee strategic. Sincerely,

Screenshot of the phishing email

Date:

08-03-17

Sender:

irs@irs.gov

Subject:

New Payroll, Excess Refund Notification

Content:

To All Faculty and Staff Members, It's Imperative you understand and complete the Excess Tax Refund Notification. wwy[.]irs[.]gov[/]excess-refund Best Regards, Tax Refund Department Internal Revenue Services (IRS). 2017 All Right Reserved.

Screenshot of the phishing email

Date:

08-01-17

Sender:

####@espol.edu.ec

Subject:

IT-Service Help Desk

Content:

Your pass-word will expire in two days to keep your pass-word CLICK HERE and enter your username and pass-word correctly and click On Submit immediately to keep your pass-word active and updated. IT-Service Help Desk.

Screenshot of the phishing email

Date:

07-04-17

Sender:

####@SAUSD.US]

Subject:

Virus Validation Alert !

Content:

Dear Staffs & Users, we are reporting a serious vulnerability with a Trojan Virus known as Ransom-ware, it is installed in some domain and server host. This also affect Windows, Apple's Safari and Android's built-in brow-fluidser. Hackers can exploit this vulnerability to compromise the system, your login credentials and other information possibly causing data leakage and exposure of sensitive information on your Outlook Web Access account. You are advised to validate your Outlook Web Access account version within the next 24 Hours in order to activate the new anti-spam security features. Go to our secure portal here >>> Validate My Account to complete this process. A security message brought to you by IT Support.

Screenshot of the phishing email

Date:

06-29-17

Sender:

####@louisville.edu

Subject:

Your New Edu Outlook Update.

Content:

ATTENTION! ========================= Dear User, This is your Office outlook administrator. Please, be informed that outlook server has just been upgraded and your account needs to be reset immediately. This process is to keep your Office outlook system server updated and protected as always. CLICK BELOW TO RESET YOUR EMAIL NOW: www.outlook.live.com/owa/?authRedirect=true Regards, Outlook Service Administrator