Phishbowl

IT has NEW Send Secure Process

IT has initiated ProofPoint's Encryption Secure Send to replace the old Cisco secure email solution. Users should recognize this email example as from IT but need to be aware of the new procedure for sending and receiving secure, encrypted emails. Information

Example of safe email
How to report a phishing scam

If you've received email that could be a phishing scam and it is not already listed here, contact our Enterprise Security team. Your diligence can help others by following these instructions:

save

Provide a full copy of the email by saving the message within your email client. For Outlook: click File > Save As after opening the email.

attach

Compose a new email to itpolicy@louisville.edu with the previously-saved message added as an attachment.

send

Send the resulting message and attachment to itpolicy@louisville.edu with a subject line identifying the message as a phishing report.

Phishing is a type of malicious email sent to you in order to steal usernames, passwords, personal information, credit card numbers and other sensitive data by masquerading as from a trustworthy entity. A phish pretends to be from a credible source such as UofL IT, HR or other organizations related to the university. The goal of most phishing emails is to trick you into clicking on a web link or visiting a web site in order to steal your UofL credentials.

UofL IT's Phishbowl allows you to see recent fake emails that have hit our filtering system or have been identified by our users. The links and addresses included in these messages are from real-life examples, they are here for awareness only - do not explore them. Additionally, do not assume an email you've received is safe because it is not listed here. There are many variants of every phishing email, with new ones sent each day. If in doubt about an email or if you've clicked on a phishing scam, please consult our IT HelpDesk.

If the message is already listed on this page, simply delete the copy from your inbox - reporting it to Enterprise Security will not be necessary.

date

subject

description

date

subject

Screenshot of the phishing email

Date:

08-07-18

Sender:

Edward Arnold

Subject:

Louisville Wonder In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

08-07-18

Sender:

Edward Arnold

Subject:

Louisville Engineering In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-31-18

Sender:

Internal UofL Address

Subject:

2018 Opportunity

Content:

Mystery Shopping® is accepting applications for qualified individuals (18+) to become shoppers and merchandisers. Its fun and rewarding, and you can choose when and where you want to shop Wal-mart, Rite-aid,Walgreen e.t.c . There is no charge to become a shopper and you do not need previous experience. After you sign up, We would pay $250 per assignment. Apply now  to become a Secret Shopper™.

Thank you for participating.
Mystery Shopping™
6 Research Drive
Shelton, CT 06484. U.S.A
Attn: Sahera Housey
Screenshot of the phishing email

Date:

07-31-18

Sender:

louisville.edu Human Resources Department <gapmd@comcast.net>

Subject:

2018 louisville.edu Surveys ( MUST READ)

Content:

Dear University of Louisville Employee:


Human Resources Department of University of Louisville have developed an employee survey with questions tailored to our employees and invited you to participate in it.You will be asked to anonymously rate many facets of the various departments, assess what you value most in your employment here with University of Louisville, but also to make positive suggestions for improvement.


This survey is web-based to make it quick and simple for us to complete, and for fast reporting and analysis.This survey will take approximately three to Five minutes to complete. Your response will only be used to analyze Please take a moment to complete the following brief  by clicking SURVEY ..


Your responses are completely anonymous.


Thank you in advance for your participation!.
Screenshot of the phishing email

Date:

07-19-18

Sender:

Edward Arnold

Subject:

Louisville Business In Education Expo

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-19-18

Sender:

earnold@networkdomain.info

Subject:

FreeBox file received

Content:

This was a training email. Great job for finding it! Feel free to peruse the phish training page.

Screenshot of the phishing email

Date:

07-19-18

Sender:

Internal UofL Address

Subject:

Update

Content:

Dear all, 

This is to inform  you all that University of Louisville mail service is currently upgrading to the  latest 2018 anti-virus/anti-spam version.

You are require to validate/verify your account withing the next 48 hours.

Please click HERE to validate your account.

Regards.
It.service@louisville.edu

Screenshot of the phishing email

Date:

04-25-18

Sender:

someone@gmail[.]com

Subject:

Job Offer

Content:

HI, I have part time job for you,If interested get back to me as soon as possible with your resume,Hours are flexible, It is a personal assistant job,$300 weekly also attach a phone number to contact you on... someone@gmail[.]com

Screenshot of the phishing email

Date:

04-18-18

Sender:

job@walmart[.]com

Subject:

Job Offer

Content:

Walmart Secret Shopper We have empty positions in our team as a secret customer and we would like for you to be part of it. You can shop any products you want at your designated store. Register and if you are selected, you will receive $50 for shopping at Walmart stores and $200-400 payment per assignment. Shoppers are selected randomly every week and they will be contacted via phone or email. No experience, fees or interview are required just send us your sincere feedback after your shopping experience. Your review will make a difference for providing better services and products. SIGN UP

Screenshot of the phishing email

Date:

04-06-18

Sender:

someone@comcast.net

Subject:

Urgent Request

Content:

Are you free right now? I'll need you to run a task ASAP. P.S. I'm currently in a meeting right now can't talk, just reply back. Thanks Sent from my iPad

Screenshot of the phishing email

Date:

04-06-18

Sender:

someone@louisville[.]edu

Subject:

Sad Trip.......[NAME REDACTED]

Content:

Hello, How are you doing can u do me a favor? [NAME REDACTED]

Screenshot of the phishing email

Date:

04-04-18

Sender:

someone@louisville[.]edu

Subject:

Sad Trip.......[NAME REDACTED]

Content:

Hello, I really hope you get this fast. I could not inform anyone about our trip because it was impromptu. We had to be in Philippines for a Tour..the program was successful but our journey has turned sour. We misplaced our wallets and cell phones on our way back to the hotel after we went for sight seeing. The wallet contains all the valuables we have and now our luggage is in custody of the hotel management pending when we make payment on outstanding bills we owe. I am sorry if I am inconveniencing you but I have only very few people to turn to now. I will be very grateful if I can get a short term loan of $2,350 USD from you. This will enable me sort our hotel bills and get my sorry self back home. I will appreciate any amount you can afford at this moment if not all. I promise to refund it in full as soon as I return. Please let me know if you can be of any help. Thanks

Screenshot of the phishing email

Date:

03-27-18

Sender:

someone@ky[.]gov

Subject:

IT-Help ticket.

Content:

You have been invited to take a Satisfaction survey for a recent IT-Help ticket. Open Your Browser to hxxps://ithelpsurveyinvitationformjfhhhhhhhhhhhhcdfgjl[.]yolasite[.]com/ to take your survey To view your survey queue at any time, sign in and navigate to Self-Service > My Assessments & Surveys. Additional details about this Survey are: Number #: INC1798292 Short Description: HELP-DESK ALERT. Description: Resolved Date: Today Ref:MSG5211182

Screenshot of the phishing email

Date:

03-21-18

Sender:

test@gblbd[.]com

Subject:

*Unusual activities noticed in [YOURNAME]@louisville[.]edu

Content:

Unusual Activities Notice!!! Dear [SOMEONE]@louisville[.]edu, We spotted some unusual activities in your mailbox and to help protect your account,you are quired to sign-in to your account from our Secure Server to confirm to us that you are the owner of this account. . CLICK HERE TO SIGN IN FROM OUR SECURE SERVER WARNING!!! Note that if you don't take this step, we will block your account without further notice. The Email Security Team This email can't receive replies. For more information, visit the Email Accounts Help Center. You received this mandatory email service announcement to update you about important changes to your Email product or account. © 2018 Secure Email Server

Screenshot of the phishing email

Date:

03-13-18

Sender:

rewards@work-rewards[.]com

Subject:

Your Free Coffee is Waiting

Content:

Hello [NAME], In appreciation to all your hard work, enjoy a free cup of coffee on campus. Download and print your coupon below. Click Here University management

Screenshot of the phishing email

Date:

03-12-18

Sender:

Patty.devilee[@]elyciotalen[.]nl

Subject:

I shared "Patty Devilee ENB270 INV-012900 " with you on OneDrive

Content:

OneDrive File ShareThere is 1 item in this folder. You can add this folder to your own OneDrive. Click Here To View Free online storage for your files. Check it out. Get the OneDrive mobile app. Available for Android | iOS | Windows Microsoft respects your privacy. To learn more, please read our Privacy Statement. Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052 This email can't receive replies.

Screenshot of the phishing email

Date:

03-06-18

Sender:

someone@louisville[.]edu

Subject:

New Payroll Notification

Content:

You have 1 new important notification regarding your payroll. www.louisville.edu/payroll University of Louisville| Payroll Services.

Screenshot of the phishing email

Date:

03-05-18

Sender:

someone@ilstu[.]edu

Subject:

You have a Faculty message from Phelps Paige

Content:

Hi You have a Faculty E-Learning message notification file from Phelps Paige. For security reasons, Your message has been encoded. Kindly SIGN IN HERE again to open and read your message notification. Thank you, University of Louisville

Screenshot of the phishing email

Date:

03-02-18

Sender:

someone@louisville[.]edu

Subject:

IT DESK WARNING

Content:

Your Email was accessed from a different Country IP & will be suspended if not validated within 24hrs after receiving this email. Click *HERE* and fill the details to validate. Louisville Admin

Screenshot of the phishing email

Date:

03-01-18

Sender:

someone@louisville[.]edu

Subject:

VERIFICATION VALIDATION

Content:

Customer Email ID : 000-5432-89444-DSI Dear Member, for the safety and integrity of Discover Bank, we have issued this alert message. New system upgrade, Discover Bank protects and monitor your account in multiple ways. We are constantly developing new security features so that you can be a member of a more secured banking system online. Here is what you need to do: For immediate implementation follow www.discover.com and follow prompted instructions, once completed Discover Bank will unauthourize any fraudulent access to your acccount. We value our relationship with you and thank you for choosing Discover Bank. Sincerely, Discover Bank, N.A. Member FDIC. Equal Housing Lender © 2018 Discover Bank Corporation. All rights reserved.

Screenshot of the phishing email

Date:

02-27-18

Sender:

Stephen Williams - someone@aol[.]com

Subject:

I have Just shared a file with you using Adobe

Content:

I have Just shared a file with you using Adobe. For security purposes, you would be required to sign into your email address to view. View shared document

Screenshot of the phishing email

Date:

02-16-18

Sender:

someone@louisville[.]edu

Subject:

IMPORTANT: HELP DESK ALERT

Content:

This is to notify, all Users of Microsoft Office 365 we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below: Validate Email Account Sincerely IT Help Desk Office of Information Technology Microsoft Office 365

Screenshot of the phishing email

Date:

02-12-18

Sender:

someone@camposol[.]com[.]pe

Subject:

Onedrive: Contract document

Content:

Dear [NAME] Your contact sent you a Contract document via Onedrive Onedrive Team ________________________________________ Importante: La información contenida en este e-mail es confidencial, privilegiada y esta dirigida exclusivamente a su destinatario. Cualquier revisión, difusión, distribución o copiado de este mensaje está prohibido. Si ha recibido este e-mail por error por favor bórrelo y envíe un mensaje al remitente. The information contained in this e-mail is privileged and confidential and is intended only for its addressee. Any review, dissemination, distribution or copying of this e-mail is prohibited. If you have received it by error please delete the original message and e-mail us. ________________________________________

Screenshot of the phishing email

Date:

02-01-18

Sender:

someone@usc[.]edu

Subject:

VERIFICATION OF YOUR REQUEST

Content:

This email is to verify you requested a change of name associated with your email address of University of Louisville Your request has been submitted and will be processed in 24 hours. If you never made this request, you can cancel this request here (as it's the sole purpose of this notification) otherwise no action is required. Best Regards, Information Technology Service University of Louisville Louisville, KY 40292 Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient's) and may contain confidential and privileged information. Any unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

Screenshot of the phishing email

Date:

01-25-18

Sender:

someone@louisville[.]edu

Subject:

IMPORTANT: JUST SENT AN URGENT DOC!

Content:

Hello, You Have One Important Document Uploaded For You Via Drop Box. www.dropbox.com Dropbox Service! Regards.

Screenshot of the phishing email

Date:

01-25-18

Sender:

peoples-soft[.]2018@comcast[.]net

Subject:

Employee Service 2018

Content:

Hello, Kindly sign in and review our mandatory 2018 updates. Thanks Oracle Peoplesoft © 2018 Oracle Systems USA, Inc. All Rights Reserved.

Screenshot of the phishing email

Date:

01-24-18

Sender:

someone@andovermgmt[.]com

Subject:

Andover Management Group, LLC

Content:

Find the attached PDF, get back to me if there is any question Thanks, Brad

Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@louisville.edu

Subject:

You've Been Selected - Secret Shopper

Content:

Hello [SOMEONE]@louisville.edu, We have a new Wal-Mart review task available in your area and we would like you to participate. it's easy,simple,fun and rewarding.There is no charge fee and you do not need previous experience. The assignment will pay `$250.00` per duty. >>Enroll<< Now Thanks for Participating. Recruitment Team.

Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@louisville.edu

Subject:

****Your Email Have Exceeded Quota Limit****

Content:

Dear [SOMEONE]@louisville.edu, Your mailbox is almost full. 465MB 500MB Current size Maximum size You are hereby advised to increase your mailbox quota size automatically by clicking on [SOMEONE]@louisville.edu and re-login to automatically increase your mailbox quota size. IMPORTANT NOTE: You won't be able to send and receive mail messages at 480MB. Upgrading is FREE Thanks. ©Copyright 2018. All Rights Reserved.

Screenshot of the phishing email

Date:

01-19-18

Sender:

someone@somewhere.com

Subject:

URGENT NOTIFICATION

Content:

This email is to verify you requested a change of name associated with your email address of University of Louisville. Your request has been submitted and will be processed in 24 hours. If you never made this request, you can cancel this request here (as it's the sole purpose of this notification) otherwise no action is required. sincerely, The University of Louisville. 2301 S 3rd St, Louisville, KY 40292., Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient's) and may contain confidential and privileged information. Any unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

Screenshot of the phishing email

Date:

01-17-18

Sender:

someone@somewhere.com

Subject:

Security Your Office365 Now

Content:

Dear User, You have 5 incoming messages returned to our admin server due to temporary old version on Mailbox, kindly upgrade your email address to the new Office 365 WebMail. CLICK HERE Once you upgrade to new version WebMail, your incoming Email will reflect within 24hrs. Sincerely IT Help Desk Office of Information Technology The University 365 Office

Screenshot of the phishing email

Date:

01-11-18

Sender:

someone@southwest.tn.edu

Subject:

Educational Summit Invite 2018

Content:

You have been selected for an all-expense paid/free invite to the 2018 Educational Summit holding at Louisville Kentucky . Feb/2/2018 Join over 500 Kentucky leaders for a strategic conversation about the value of community partnerships and how those partnerships are transforming the landscape of Kentucky schools and neighborhoods. Hear from top business, education, faith, government and community leaders, as we discuss why community engagement affects Kentucky and all over the united states Progress Meters and how your partnerships directly impact your schools! Registration Includes free admission to conference, Meet & Greet View attachment to register and download seminar invitation Regards (PDF Attached)

Screenshot of the phishing email

Date:

12-7-17

Sender:

someone@comcast.com

Subject:

Attn Employee Go to ( [URL REDACTED] ) to access migration page

Content:

As part of our ongoing wide upgrade to our email servers, we need to migrate your mailbox to a different server location so it will be compatible with the latest versions of software and security update such as DNS, proxies, single sign-on, ADFS, WAN, LAN, etc. within minutes to ensure 100% protection to all our users. SUBMIT MIGRATION TICKET THROUGH THE LINK ON THE SUBJECT SENT TO YOU For security reasons, the Migration portal link will expire within 24-hours. Notice: To ensure you receive future emails such as maintenance/update notification, make sure your account is updated. Thanks, IT Support System