Phishbowl

IT has NEW Send Secure Process

IT has initiated ProofPoint's Encryption Secure Send to replace the old Cisco secure email solution. Users should recognize this email example as from IT but need to be aware of the new procedure for sending and receiving secure, encrypted emails. Information

Example of safe email
How to report a phishing scam

If you've received email that could be a phishing scam and it is not already listed here, contact our Enterprise Security team. Your diligence can help others by following these instructions:

save

Provide a full copy of the email by saving the message within your email client. For Outlook: click File > Save As after opening the email.

attach

Compose a new email to itpolicy@louisville.edu with the previously-saved message added as an attachment.

send

Send the resulting message and attachment to itpolicy@louisville.edu with a subject line identifying the message as a phishing report.

Phishing is a type of malicious email sent to you in order to steal usernames, passwords, personal information, credit card numbers and other sensitive data by masquerading as from a trustworthy entity. A phish pretends to be from a credible source such as UofL IT, HR or other organizations related to the university. The goal of most phishing emails is to trick you into clicking on a web link or visiting a web site in order to steal your UofL credentials.

UofL IT's Phishbowl allows you to see recent fake emails that have hit our filtering system or have been identified by our users. The links and addresses included in these messages are from real-life examples, they are here for awareness only - do not explore them. Additionally, do not assume an email you've received is safe because it is not listed here. There are many variants of every phishing email, with new ones sent each day. If in doubt about an email or if you've clicked on a phishing scam, please consult our IT HelpDesk.

If the message is already listed on this page, simply delete the copy from your inbox - reporting it to Enterprise Security will not be necessary.

To see phishing reports from 2018, click here.

date

subject

description

date

subject

Screenshot of the phishing email

Date:

07-08-19

Sender:

username[@]louisville[.]edu

Subject:

has shared a file with you via 0neDrive

Content:


Please find attached. 
 	 	 

 	OneDrive Attachments                  Expires July 9th, 2019	 
 
 	SKM_1558858500	1.2MB
	 
 	Download Attachment

 		 
Screenshot of the phishing email

Date:

07-06-19

Sender:

mailer-daemon@joinkw.com

Subject:

I backup your mobile phone with last digit

Content:


I have all, including your contacts.
I know about the secret you are keeping.
You can ignore this letter and tear down your life, or pay me a $1000 confidentiality fee in Bitcoin.

-(if you do not know this, search "how to buy bitcoin" in Google)-

My wallet:


-(It is cAsE sensitive, so copy and paste it)-

Hurry UP. Time started.
It is a non-negotiable offer, that being said don't waste my personal time and yours by responding to this message.


Screenshot of the phishing emailScreenshot of the phishing emailScreenshot of the phishing email

Date:

06-30-19

Sender:

first name last name username@gmail.com | yahoo.com, outlook.com etc.

Subject:

Urgent Request

Content:


Available?

Content:


Okay!


I'm in a meeting right now and that's why I’m contacting you through here. I should have called you, but phone is not allowed to be used during the meeting. I don't know when the meeting will be rounding off and I need you to help me out on something very important right away.


Thanks!

Content:


Okay!


I need you to help me get an ITunes gift card from the store around there, I will reimburse you back when I get to the office.
I need to send it to someone and it’s very important cause i'm still in a meeting and i need to get it sent Asap. it’s one of my best friend son birthday.

Thanks!

Note:

The latest phishing threat includes requests for the purchase of gift cards on behalf of a superior. These include a sense of urgency which is intended to cause the recipient to rush to accommodate the request. The “To” field in these emails may even look as if it is coming from a legitimate university account and or a known user (see example from the IT Phish Bowl below). If you receive any such notices, requesting the purchase of  gift cards please assume the request is not legitimate and call the impersonated sender and/or the IT HelpDesk (852-7997) to confirm.

Screenshot of the phishing email

Date:

07-01-19

Sender:

presidentatdirect@gmail.com

Subject:

Request

Content:


Good Morning ,

The board needs you to  process a payment(Wire transfer to our vendor) let me know as soon as you get my email so I can send you the needed instructions to complete this request


Jeanine Triplett 

Sent from my mobile 

Screenshot of the phishing email

Date:

06-24-19

Sender:

info-o@16aout.com

Subject:

Dude, I really advise u to study this letter, simply to ensure not a thing will take place

Content:

Hey...

This letter won't acquire a lot of time and so direct to the condition.

I obtained a movie of you taking your turn at the self-serve station while at the  site you're visited an excellent arse application, I have been able to place on several web sites with that sort of content material click.

You hit play and all cams and a microphone start working in addition, it will save every   thing from your OS, like contact information, passwords and   similar to dat, guess i got this e mail from? )
 
So now i know who my goal is to send out this to, if you aren't planning to negotiate this settle.

I will place a wallet address below so that you can send me 550 usa dollars within 48 hours max via btc.
See, it's not that large of a value to cover, suppose this would make me not that bad of a guy.

[password] Password from  [email address]: 

You're welcome to do what ever   you want to, but if I will not find the amount within the period of time stated over, clearly... u by now know what will occur.

Therefore it is under your control right now.
I am not going to go through all the info and   , just simply don't have time for that as well as you probably know that internet is flooded with letters like this, therefore it is as well your choice to trust in this not really, just one way to uncover.

Here's my BTC wallet: [code]

Have fun and bear in mind that time clock is clacking.

Screenshot of the phishing email

Date:

06-21-19

Sender:

gewilhelm@mdpd.com

Subject:

Fw: Earnings!!

Content:


________________________________________
From: Wilhelm, George E.
Sent: Friday, June 21, 2019 12:45:22 PM
Subject: Earnings!! 
Your Payroll Earning Statement for direct deposit is available for viewing, Download attach and view.

Screenshot of the phishing email

Date:

06-19-19

Sender:

username@louisville.edu

Subject:

first name, last name is inviting you to collaborate on PAYMENT RECIEPT

Content:

Here's the document that Last name,First name shared with you. 

 
This link will work for anyone. 

 	
PAYMENT RECIEPT


Open 

	

 

Microsoft respects your privacy. To learn more, please read our Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 



 


Screenshot of the phishing email

Date:

06-15-19

Sender:

ramostaylor313@gmail.com

Subject:

Felix Job Available

Content:

-- 

My name is Ramos Taylor, I am the Hiring Manager of ADP Payroll Solutions, I need a dedicated and honest personal assistant. this is a part time work,So let me know if you are interested ?You can send me your phone number to reach you.

Screenshot of the phishing email

Date:

06-10-19

Sender:

dwhite@bcomnm.org

Subject:

Doris White is inviting you to collaborate on due invoices

Content:

Here's the document that Doris White shared with you. 

 
This link will work for anyone. 

 	
due invoices


Open 

	

 

Microsoft respects your privacy. To learn more, please read our Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 
Screenshot of the phishing email

Date:

06-06-19

Sender:

first.last@louisville.edu

Subject:

DOG / PET SITTING JOB

Content:

================================
Note :- Email 
================================
 
Hello, I am a fellow student of University of Louisville. My Aunty is moving to the school area and needs someone who can pet sit her dogs 3 hours daily within 9am-11pm. Pay is $350 weekly.kindly email her for more info .... .You are to email her with your personal email NOT school email so she can receive your email because most times I email her with my school email she hardly receive my emails. Her email is ruththompson311@outlook.com
 
================================
Note :- Email 
================================

Screenshot of the phishing email

Date:

06-06-19

Sender:

first.last@louisville.edu

Subject:

[first and last name] shared (Class Summer Quiz #IV) with you.

Content:

Here's the document that [first and last name] shared with you. 

 
This link will work for anyone. 

 	
Class Summer Quiz #IV



Open

	

	 

Microsoft respects your privacy. To learn more, please read our Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 

Screenshot of the phishing email

Date:

05-29-19

Sender:

Office 365 Team [Anything can be inserted here]

Subject:

wire instructions [anything can be inserted here]

Content:

A medium-severity alert has been triggered

Unusual volume of file deletion

Severirty: Medium
Time: 05/26/2019 07:36:39 pm (UTC)
Acitvity: FileDeleted
Details: 15 matched activities in 5 minutes

View alert details [link]

Thank you,
The Office 365 Team

Explanation:

As reported in https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/

This one is really clever and looks extremely authentic. UofL's Information Technology does not send out alerts like this to end-users, nor does Microsoft.
This type of alert is sent to administrators. The link will look like an authentic Microsoft account login similar to UofL's. But, it is not. Please report
any suspicious email to itpolicy@louisville.edu

Screenshot of the phishing email

Date:

05-28-19

Sender:

Leslie@keeplouisvilleweird.com

Subject:

Leslie Spanyer Shared - Joint Business Contract

Content:

Hello first.last@louisville.edu

I just assigned you to personally collaborate on a to-do Contract on Capital Project ''Scan_Invest_2019.pdf" for your review and feedback.

This is your assigned email to view this proposal : first.last@louisville.edu

View Contract File Here
 
Regards,
Leslie
 
Leslie Spanyer
Director of Membership Engagement
Louisville Independent Business Alliance | LIBA
P.O. Box 4759
Louisville, KY  40204
Office: (502) 473-4687, Ext. 102
Cell: (502) 379-2473
leslie@keeplouisvilleweird.com
www.keeplouisvilleweird.com
 
Got a minute (and a half)? Celebrate buying local with this video. Then share it!
 
As a part-time staff person, I am in the office Wednesdays and Thursdays. Other part-time staff is available during the week. I check email regularly, but my cell is listed above for urgent matters.


Screenshot of the phishing email

Date:

05-22-19

Sender:

webmasterservices2015x@gmail.com

Subject:

E-Mail Account Updating University of Louisville

Content:

Dear e-mail subscriber

We would like to inform you that we are currently performing scheduled maintenance and updating of our account service and as a result of this your accounts need to be updated.

We apologize for any inconvenience caused.

To maintain your account, you must respond to this email immediately and enter the information below:


User name:	

Password:

If you do not do this within 72 hours, your account will be immediately disabled from our database.

Thank you for using our services!
"WEB-MAIL SUPPORT (c) WEB-MAIL ACCOUNT ABN 31 088 377 860 All rights reserved.

E-Mail Account Updating University of Louisville


Screenshot of the phishing email

Date:

05-21-19

Sender:

username@louisville.edu

Subject:

FINANCE DEPARTMENT

Content:

You have (2) new notification from the finance department. 

Log into your account to view

Regards


Screenshot of the phishing email

Date:

05-21-19

Sender:

username@louisville.edu

Subject:

PART TIME JOB

Content:

Hello, 

I am a Professor here in UofL there is an opening available to all student and staffs to work with UNICEF to render Personal Assistance Service.

Apply Here.


Regards

Screenshot of the phishing email

Date:

05-13-19

Sender:

support@invoice-hfwy1b5m1k.supports-user.com

Subject:

RE: [ Thanks You - Purchase Item Number:[numberandletters] on 05:42 AM - May 11, 2019 Complete]

Content:


Receipt


APPLE ID 
username@louisville.edu	PAYMENT METHOD

Credit Card

DATE
05:42 AM - May 11, 2019	
ORDER ID
anOrderIDNumber
DOCUMENT NO.
anOrderIDNumber	


PLAYERUNKNOWN'S BATTLEGROUNDS	PRICE

 
1500 Unknown Cash (PUBG Mobile)
PLAYERUNKNOWN'S BATTLEGROUNDS Official
Tencent Mobile International Limited	$24.99


Subtotal	 	$24.99
Tax	 	$0.80



TOTAL		$25.99




To learn more or cancel, Review / Cancel your Order..

Learn how to manage your password preferences for iTunes, Apple Books, and App Store purchases.

  


Apple ID Summary   Terms of Sale   Privacy Policy 


Copyright 2019 Apple Inc.
All rights reserved 
Screenshot of the phishing email

Date:

05-10-19

Sender:

bredmond@arbor.edu

Subject:

09G-Sludge Project

Content:

Click here to view the project

bredmond@arbor.edu
	 	 
 

This project is sponsored  by bredmond@arbor.edu and the terms of contract will run from March, 2019 to April 2019  

Kindly review the projects thoroughly and send back  form B on page iv completed and signed if you are interested in the project.
 
Kind regards,
Thank you,
 
j barraclough
bredmond@arbor.edu

Screenshot of the phishing email

Date:

05-10-19

Sender:

roboinvest@telkomsa.net

Subject:

Open invoices

Content:

Attached is your new documents. 
http://URL/llc/ACPZD-620-WT8939/Exchange.louisville_012797489229_May_10_2019.doc 


Exchange.louisville 
username@exchange.louisville.edu 


Screenshot of the phishing email

Date:

05-03-19

Sender:

auxiliar.merida@todoinoxidable.com

Subject:

Service Invoice

Content:

I know we chatted recently about this – but I can’t recall if we discussed this moment. 
http://URL/security/32434000230/Louisville_8913408239_May_02_2019.doc 


Louisville 
tax@louisville.edu 

Screenshot of the phishing email

Date:

05-03-19

Sender:

reservations-suburb@amariah.co.tz

Subject:

May Statement - Exchange.louisville

Content:


The funds should be credited to your bank account within three to four business days from the date of this e-mail. 

https://URL/US/Payroll_Exchange.louisville_45688926096_May_02_2019.doc 


Assistant General Manager
Exchange.louisville 
accounts@exchange.louisville.edu 


Screenshot of the phishing email

Date:

05-03-19

Sender:

gul.sara@akhsp.org

Subject:

Invoice 43224500 May

Content:


The funds should be credited to your bank account within three to four business days from the date of this e-mail. 
http://URL/file/43224500/Exchange.louisville_6905669023_May_02_2019.doc 


Exchange.louisville 
billing@exchange.louisville.edu 

Screenshot of the phishing email

Date:

05-02-19

Sender:

Exostar Administrators CustomerService@exostar.com

Subject:

Secure Access Manager Account Suspended Notice

Content:


     Dear,

Your access to Exostar Secure Access Manager (SAM) has been suspended. Please click on the help link provided below for assistance.

User ID: [aName_numbers]


NEED HELP? https://aURL.com

DO NOT reply to this email. This is an automated email and replies are not being monitored.

Screenshot of the phishing email

Date:

05-01-19

Sender:

Mayer, Carina Carina.Mayer@zimmerbiomet.com

Subject:

Deposit Advice

Content:


      You will find your Direct Deposit Notification for the pay date For May 2019 at out new Payroll Website at http://websiteprotectedbyadkdjidfvjfdhifd.ontrapages.com , These funds will be available at your financial institution when they open for business.
Screenshot of the phishing email

Date:

04-26-19

Sender:

Windows Support outlook_A0B207B8E86D1281@outlook.com on behalf of; Windows Support yodacare.cs@Gmail.com

Subject:

Login Alert

Content:


Dear User,

We Have Found Unusual Activity With Your Email Account.

Login Has Occurred on 04/25/2019 @03:19 AM EST From IP: [IP address]

Geo Location Found: Ukraine

If this was not you Please Call the Support Helpline at 1-850-347-6344.

(Be at your computer - case# 32004)

Joe Fuller - Email Support

1-850-347-6344

Screenshot of the phishing email

Date:

04-25-19

Sender:

terry@educatorreview.com

Subject:

Planning Meetings for University of Louisville Personnel

Content:

Employee Lastname,

As a valued employee of University of Louisville, you are eligible to receive a free, one-on-one consultation for answers to your specific state, federal and individual retirement benefit questions. 

As part of this consultation, you will be provided with complimentary information that will tell you: 

•	Your expected income will be from KERS/KTRS/ORP when you retire.
•	How much longer you will have to work.
•	How you can save more money for retirement, without affecting your take home pay.
•	Which 401(a) options have guaranteed income when you retire.

Daytime appointments are going fast. If you’d like to secure your spot, click the link below, or simply reply “yes” to this email. 

http://app.publicemployeeretirementassistance.com/index.html#appointment/[number]
All licensed representatives are not employees of the college or KERS/KTRS/ORP.

To unsubscribe from future mailings, please click on the below: 
http://app.publicemployeeretirementassistance.com/index.html#appointment/[number]/unsubscribe 

Screenshot of the phishing email

Date:

04-22-19

Sender:

[firstname.lastname.louisville.edu]@gmail.com

Subject:

Urgent request

Content:

Available?

--
	[Impersonating person's signature]
	[Person Title]
	[Department]
	[University address]

	UNIVERSITY OF LOUISVILLE
	
Screenshot of the phishing email

Date:

04-22-19

Sender:

parker@peraprotects.com

Subject:

KERS/KTRS/ORP help for University of Louisville personnel

Content:

Employee Lastname,

Each year, as an employee of University of Louisville you are eligible to receive a free one-on-one consultation for answers to your specific state, federal and individual retirement benefit questions. 

At your consultation, you will be provided with information that will tell you what your expected income will be from KERS/KTRS/ORP when you retire, and how much longer you will have to work. That, along with advice on the best ways to utilize your 401(a) options with your KERS/KTRS/ORP and/or Social Security benefits. 

Appointments fill up quickly. If you’d like to secure your spot, click on the link below, or simply reply “yes” to this email. 
http://app.publicemployeeretirementassistance.com/index.html#appointment/[numbers] 

All licensed representatives are not employees of the college or KERS/KTRS/ORP. 
To opt out of future mailings, click on the following link: 
http://app.publicemployeeretirementassistance.com/index.html#appointment/[numbers]/unsubscribe


Screenshot of the phishing email

Date:

04-12-19

Sender:

madison@peraexplores.com

Subject:

KERS/KTRS/ORP help for University of Louisville personnel

Content:


Employee Lastname,
It's that time of the year again to schedule a free one-on-one consultation regarding your specific state, federal and individual retirement benefit questions. 
At the meeting you'll learn what your expected income will be from KERS/KTRS/ORP when you retire, and how much longer you will need to work to maximize those benefits. You'll also receive advice on the best ways to utilize your 401(a) options with your KERS/KTRS/ORP and/or Social Security benefits, as well as get answers to general retirement questions. 
Appointments tend to fill up quickly. To secure your spot, click the link below. 
http://app.publicemployeeretirementassistance.com/index.html#appointment/[numbers]

All licensed representatives are not employees of the college or KERS/KTRS/ORP, and have been approved by one or multiple district vendors . 

Click the following link to opt out of future mailings. 
http://app.publicemployeeretirementassistance.com/index.html#appointment/[numbers]/unsubscribe


Screenshot of the phishing email

Date:

04-10-19

Sender:

someone@louisville.edu

Subject:

*'Job Opportunity in your Area! (Work From Home)®*.

Content:


We are accepting applications for qualified individuals to become :secret-'shoppers'. It's fun & rewarding. There is no charge to become a shopper and you do not need previous experience and you would be paid 300USD for every duty you carryout.

JOB DESCRIPTION:
1. You will receive funding for the assignment.
2. You will receive the Instruction for your assignment via email on the location and details of the assignment.
3. You are to complete the assignment as fast and discreetly as possible.
4. You will be asked to visit a business location to conduct business be it a restaurant, shopping store CVS etc.

The company will furnish you with all expense needed for the assignment and any other expense incurred during the course of executing your assignment. If you are interested, kindly >>Apply_Today!<<


Screenshot of the phishing email

Date:

04-05-19

Sender:

mishel.ministerio[@]pmiphil[.]com

Subject:

Dear someone@louisville.edu, DHL NOTIFICATION

Content:

=DHL= 
CONFIRM DELIVERY INFORMATION
Dear Customer,
We visited your address 3 hours ago but could not locate you. 

Kindly update delivery address to receive your parcel



UPDATE DELIVERY ADDRESS 

DHL Express Excellence.Simply Delivered 
© DHL 1995-2017 | Global Home | Terms of Use | Security and Privacy




Screenshot of the phishing email

Date:

04-05-19

Sender:

no-reply[@]acrobat[.]com

Subject:

Delivery Receipt: March 31 TIAA statement

Content:

 
 
 

			
someone@somewhere.com has viewed your shared file:
Subject	March 31 TIAA statement 
File	March 31 TIAA statement.pdf
View File Now
________________________________________
Powered by Adobe Document Cloud | Terms of Use


Screenshot of the phishing email

Date:

04-03-19

Sender:

no-reply@sharepointonline.com

Subject:

First name lastname has shared "PAYMENT REMITTANCE" with you.

Content:

Here's the document that First name Lastname shared with you. 

 
This link will work for anyone. 

 	
PAYMENT REMITTANCE


Open 

	

 

Microsoft respects your privacy. To learn more, please read our Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 




Screenshot of the phishing email

Date:

04-02-19

Sender:

[lastname.louisville.edu]@my.com

Subject:

[noSubject]/[Untitled]

Content:

Hello [someone]! Are you at the department ?

--
	[Impersonating person's signature]
	[Person Title]
	[Department]
	[University address]
	
Screenshot of the phishing email

Date:

04-01-19

Sender:

someone@yahoo.co.uk

Subject:

From First name Middle Initial Lastname

Content:

Greetings,

Please which city are you? i need urgent assistance right now, kindly mail me back as i am unavailable over the phone.

Regards,

[Signature]

Screenshot of the phishing email

Date:

04-01-19

Sender:

dillon[@]perasolution[.]com

Subject:

Understanding KERS/KTRS/ORP for University of Louisville Personnel

Content:

	Employee Lastname,
Each year, as an employee of University of Louisville you are eligible to receive a free one-on-one consultation for answers to your specific state, federal and individual retirement benefit questions. 
At your consultation, you will be provided with information that will tell you: 
•	What your expected income will be from KERS/KTRS/ORP when you retire.
•	How much longer you will have to work.
You will also learn how you can save more money for retirement without affecting your take home pay, as well as which 401(a) options have Guaranteed income when you retire. 
Appointments fill up quickly. If you’d like to secure your spot, click on the link below, or simply reply “yes” to this email. 
http://app.publicemployeeretirementassistance.com/index.html#appointment/[numbers]
All licensed representatives are not employees of the college or KERS/KTRS/ORP. 
To opt out of future mailings, click on the following link: 
http://app.publicemployeeretirementassistance.com/index.html#appointment/[numbers]/unsubscribe 

Screenshot of the phishing email

Date:

03-29-19

Sender:

blondiesproduce[@]yahoo[.]com

Subject:

A Favor

Content:

How are you today? I need a favor from you.

I need to get a Game Stop Gift Card for my Niece, Its her birthday but i can't do this now because I'm currently out of town.Can you get it from any store around you? I'll pay back as soon as i am back. Kindly let me know if you can handle this.

Thanks

Alice


Screenshot of the phishing email

Date:

03-29-19

Sender:

someone@louisville.edu

Subject:

Lastname,First name Middle Initial shrared "Update Request" with you

Content:

Lastname,First name Middle Initial has a document to share with you on OneDrive.

CLICK HERE TO ACCESS

I look forward to hearing from you soon. 

Kind Regards,



Screenshot of the phishing email

Date:

03-26-19

Sender:

someone@louisville.edu

Subject:

Account

Content:

Hello,

You have been nominated to attend a 5 days all expense seminar/conference holding in New York. Kindly view this secured LINK for details of the seminar and application.

Regards,

[Signature]


Screenshot of the phishing email

Date:

03-26-19

Sender:

someone@louisville.edu

Subject:

Announcement

Content:

Hello, 

You have been nominated to attend a 3 days all expense seminar/conference holding in Ohio. Kindly view this secured LINK for details of the seminar and application.
Regards,

[Signature]


Screenshot of the phishing email

Date:

03-26-19

Sender:

someone@louisville.edu

Subject:

Final closure

Content:

Hello,

You have been nominated to attend a 5 days all expense seminar/conference holding in Chicago,IL. Kindly view this secured LINK for details of the seminar and application.
Regards,

[Signature]

Screenshot of the phishing email

Date:

03-26-19

Sender:

someone@louisville.edu

Subject:

Get paid today

Content:

	Hello, 

How's your day going? I will like to refer you to a job position, Satisfaction Services Inc are looking for someone that can report on customer service implementation. You can earn up to three thousand dollars monthly after tax working on a part-time basis at your own convenience. I can confirm the security of this job because, I have been working with them on a part-time basis for a year.
For more details about the company and how to Apply for the job, Visit their website www[.]satisfactionservicesinc[.]us 
Best regards

[Signature]
Screenshot of the phishing email

Date:

03-26-19

Sender:

someone@louisville.edu

Subject:

Research assignment

Content:

	Hello, 

How's your day going? I will like to refer you to a job position, Satisfaction Services Inc are looking for someone that can report on customer service implementation. You can earn up to three thousand dollars monthly after tax working on a part-time basis at your own convenience. I can confirm the security of this job because, I have been working with them on a part-time basis for a year.
For more details about the company and how to Apply for the job, Visit their website www[.]satisfactionservicesinc[.]us 
Best regards

[Signature]
Screenshot of the phishing email

Date:

03-26-19

Sender:

someone@louisville.edu

Subject:

Top research

Content:

	Hello, 

How's your day going? I will like to refer you to a job position, Satisfaction Services Inc are looking for someone that can report on customer service implementation. You can earn up to three thousand dollars monthly after tax working on a part-time basis at your own convenience. I can confirm the security of this job because, I have been working with them on a part-time basis for a year.
For more details about the company and how to Apply for the job, Visit their website www[.]satisfactionservicesinc[.]us 
Best regards

[Signature]
Screenshot of the phishing email

Date:

03-26-19

Sender:

Lastname@mx0a-00199b02.pphosted.com

Subject:

Lastname, first name Transaction for invoice

Content:

	I just left a voicemail message, however wanted to send an email as well.
On your March Reconciliation report your beginning amount of $6,989.20 does not match either of the March invoices in the FTP HUB.
Please let us know the difference of the $497.99 so we can begin working your payment.

http://downinthecountry.com/logsite/trust.myacc.docs.net/ 
Best regards,
 

Lastname, First name
first.last@louisville.edu

________________________________

On Mon, Mar 18, 2019 at 10:30 Lastname, First name wrote: Re: Lastname, First name ...........

Screenshot of the phishing email

Date:

03-22-19

Sender:

First.Lastname@mx0a-00199b02.pphosted.com

Subject:

Last name first name, E Payment bill

Content:


Thank you for your help. Please see the attached.

http://modeltfordclubofamerica.com/shop/sec.accounts.resourses.com/ 
Best regards,

Last name, first name
username@exchange.louisville.edu

----------------------------------

Sent: Friday, March 15, 2019 14:39
From: "" [mailto:first.last@louisville.edu]
To: "[Lastname, first name]" 
Importance: High
Subject: Re: Lastname,first name E INV ...........


------------------------------------------------------------------------------------------------------------------------
This email is intended only for the individual or entity to whom it is addressed and may be a confidential communication privileged by law. 
Any unauthorized use, dissemination, distribution, disclosure, or copying is strictly prohibited. 
If you have received this communication in error, please notify us immediately and kindly delete this message from your system. 
Thank you in advance for your cooperation.

Screenshot of the phishing email

Date:

03-20-19

Sender:

[username]@my.com

Subject:

[noSubject]

Content:

	Available?

	--
	Best Regards,

	[Photo]
	[Impersonating person's signature]
	[Person Title]
	[Phone number]
	[Department]

Screenshot of the phishing email

Date:

03-19-19

Sender:

first.lastname@gmail.com

Subject:

Instant Action Requested From You $ $ .

Content:

	Hey ,

Listen I hate to put pressure on you
but we really need to know if you're
going to do this or not. We have
hundreds if not thousands of
people waiting to get their shot.

You have the spot reserved but
we need you to complete your
activation now.

We kindly ask you address this
immediately.

Click here to confirm your spot.

Once you confirm above we will
get the notice and will make sure
you start earning money right away.

Please let us know soon.

Thanks,  

Screenshot of the phishing email

Date:

03-19-19

Sender:

someone@gmail.com

Subject:

[noSubject]

Content:

	Available? 
--
Best Regards,
[Impersonating person's signature]
[Person Title]
[Department]

Screenshot of the phishing email

Date:

03-07-19

Sender:

Jason[.]Gladfelter[@]Staples[.]com

Subject:

Your Staples Advantage account

Content:



 

Thank you kindly,

Jason Gladfelter     
Account Manager

Reach me M¬-F 8 am¬–5pm, ET
T: (407) 475-4429
jason[.]gladfelter[@]staples[.]com
1901 Summit Tower Blvd., Suite 100
Orlando, FL 32810

Have a question or need help?
Online at StaplesAdvantage[.]com: 
under “Help”, click “Customer Service” to chat live 
Email: support[@]staplesadvantage[.]com
Phone: 1-877-826-7755 
(M-F 8am-8pm ET)

See how we can help you work better

 

Free next day delivery 


This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. 

As a friendly reminder and for your security, please do not send your credit card information in a reply to this message.  Thank you and have a wonderful day.

Screenshot of the phishing email

Date:

03-05-2019

Sender:

office_exec[@]naver[.]com

Subject:

[noSubject]

Content:

	Are you busy? there is something i need you to do.
Am going into a meeting now, so kindly reply my mail.
 
Sent from my iPad

Screenshot of the phishing email

Date:

03-04-19

Sender:

coordinacionils@hotmail.com

Subject:

[Secure email] Re: Week invoice from [someone's name]

Content:

	[Secure Email] Re: Week invoice from [someone's name] 
 
[someone's name] has sent you a Secure Email.
Subject:	Re: Week invoice from [someone's name] 
From:	[someone's name] first.last@microsoft.com

To:	[someone's name]@louisville.edu

Expires:	Mar 05, 2019

Open Secure Email 




Send your own secure email for free. Visit: https://www[.]sendinc[.]com
Copyright © 2019 Send Technology Incorporated. All rights reserved. Privacy Policy

 

Screenshot of the phishing email

Date:

02-28-19

Sender:

someone@louisville.edu

Subject:

Get paid to shop

Content:

	There's an opportunity for you to shop for free and get paid to do it at your local stores. I have been on the program a little over 3 months now. You'll evaluate and make suggestions on customer service improvement, as well as customer satisfaction on product and services delivered. Pay is on average between $250-$350 weekly for PT/FT surveys, follow the link below to apply if you are interested .
https://hassinewithkaren.formstack.com/forms/form_1 
Regards
You'll thank me
http://hassineholdings.com

Screenshot of the phishing email

Date:

02-21-19

Sender:

test@unibuit[.]com

Subject:

17/02/2019

Content:

I have a transaction that I believe will be of mutual benefits to both of us. kindly Contact me for more details as I want to be sure that my mail got to you before I can reveal more.

Best regards,

G. Wei

Screenshot of the phishing email

Date:

02-13-19

Sender:

calidad.servicio@senoriales[.]com

Subject:

Revisar y responder

Content:




	Hello,

My name is Mario Perez. I have a financial transaction worth $3,900.000 that will benefit both of us. Please contact me with the email below if you want to participate.

Email: drmarperez00@gmail.com

________________________________________
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. 

Screenshot of the phishing email

Date:

02-16-19

Sender:

dr[.]chav79@aol[.]com

Subject:

Respond

Content:

[Name]

I am planning a surprise for some of the staffs with gifts. I need you to get a purchase done, email me once you get this.

Regards

[Impersonating person signature]

Screenshot of the phishing email

Date:

02-12-19

Sender:

someone@gmail[.]com

Subject:

Are you serious

Content:

	Available ?
Screenshot of the phishing email

Date:

02-10-19

Sender:

giny[.]beltran@sisdk12[.]net

Subject:

Re-validate Password

Content:

	Your Email Account Password will expire in 2 days time and you are requested to Re-validate your password within 24hours. Click RE-VALIDATE and Follow Instructions or else you can't have access to your mailbox in 48hours time.
Screenshot of the phishing email

Date:

02-08-19

Sender:

alennema@lps[.]org

Subject:

RE: REPORTED EMERGENCY CONCERN ON CAMPUS

Content:

Hello All,

A n emergency concern identified on Campus. Kindly go through

MEMO released by Security Department;

Thanks

IT-Desk Service

Screenshot of the phishing email

Date:

02-08-19

Sender:

alennema@lps[.]org

Subject:

IT DESK: SECURITY NOTIFICATION ALERT

Content:

Hello All,

An emergency concern identified on Campus. Kindly go through

MEMO released by Security Department;

Thanks

IT-Desk Service

Screenshot of the phishing email

Date:

02-07-19

Sender:

ritta[.]khoury@carsondemand[.]com[.]au

Subject:

Synchronization Error Notification

Content:

You Have (3) messages that are waiting to be delivered to your inbox ( someone@louisville.edu )
This is because of your email failing to pass its SSL encryption Synchronization.
Proceed beneath to recuperate your messages.
Recover Messages
2019 Message Center.

Screenshot of the phishing email

Date:

02-06-19

Sender:

someone@louisville[.]edu

Subject:

Part-time Job opportunity

Content:

	Hello,

This Job is currently recruiting. A Job that will not affect your present employment or studies, fun and rewarding.  You get to make up to $300 weekly, I tried it and i made cool cash, If You are interested you can visit their website at support@pinnaclecustomermetrics[.]com to apply and read more about the job.

Best Regards.

Job Placement & Student Services
University of Louisville
2301 S 3rd St, 
Louisville, KY 40292

Screenshot of the phishing emailScreenshot of the phishing emailScreenshot of the phishing email

Date:

02-04-19

Sender:

jesse[.]yarvis[@]companyinnovative[.]com

Subject:

Do you speak Mandarin and need work? Let IPS help!

Content:

	Innovative Placement Services (‘IPS’) has been helping college graduates obtain legal working status in America for over 10 years.
IPS works with United States corporations that are in need of bi-lingual employees for international business. Currently there is a need for individuals that are fluent in Mandarin Chinese.
IPS can guarantee you get an employee contract and a yearly salary. Then IPS handles all the legalities to help you obtain legal working status; such as, OPT and H1B visa status.
There are no obligations. Why not contact IPS today to see if you qualify for assistance. Usually work is done online so relocation is often not necessary.
Reply to this email or visit us on the web: www.ipsinnovative.com
Ask about our OPT & H1B sponsorship programs before time runs out!
If you do not need these services we apologize for the email; however, if you know someone who does, feel free to contact us about our referral program.
Innovative Placement Services (‘IPS’) 有着十年以上的行业经验,致力于帮助大学生在美国获得合法的工作身份。
IPS与拥有国际业务的美国公司合作,为这些公司寻找双语人才。目前我们正在寻找汉语普通话流利的人才。
IPS可以确保您获得一份工作合同和一定的年薪。并且,IPS将会为您处理所有的法律手续,以此帮助您获得合法的工作身份,例如OPT和H1B 。
如果您认为自己正是IPS寻找的人才,请不要犹豫,马上联系我们!通常,这样的工作可以在线上完成,所以您不需要为了这份工作搬家。
请回复这封邮件或者访问我们的网站www.ipsinnovative.com
如果您不需要这样的帮助,那么打扰之处请见谅。如果有您认识的人需要这项服务,请向他推荐IPS,并且联系我们获取有关推荐奖励的信息。
 
If you no long wish to receive these emails, simply reply:  Unsubscribe

Note:

A payment to a company is not required to apply for a visa. This is scam targeting international students. 
Screenshot of the phishing email

Date:

01-25-19

Sender:

firstname.lastname[.]louisvilel.edu@mail[.]ru

Subject:

REQUEST

Content:

	Hi [someone],
Are you in your office? Send me a quick reply if you are free.
Thanks



-- 
[Impersonating person signature]
[Job title, Department name]
University of Louisville

Screenshot of the phishing email

Date:

01-25-19

Sender:

someone@gmail[.]com

Subject:

Request

Content:

	I need a favor from you kindly email me back as soon as possible.

Regards,
[Impersonated person's signature]]
[Job title]]



Sent from my ipad

Screenshot of the phishing email

Date:

01-25-19

Sender:

firstname.lastname[.]louisvilel.edu@mail[.]ru

Subject:

REQUEST

Content:

	Hi [someone],
Are you in your office? Send me a quick reply if you are free.
Thanks



-- 
[impersonated person signature]
[Job Title]
[Department name]
University of Louisville

Screenshot of the phishing email

Date:

01-24-19

Sender:

riley@peraappointments[.]com

Subject:

KTRS Assistance for University of Louisville Personnel

Content:

	Employee [lastName], 
Each year, as an employee of University of Louisville you are eligible to receive a free one-on-one consultation for answers to your specific state, federal and individual retirement benefit questions. 
At your consultation, you will be provided with information that will tell you: 
•	What your expected income will be from KTRS when you retire.
•	How much longer you will have to work.
•	How you can save more money for retirement, without affecting your take home pay.
•	Which 403(b) options have Guaranteed income when you retire.

Appointments fill up quickly. If you’d like to secure your spot, click on the link below, or simply reply “yes” to this email. 
http://app[.]publicemployeeretirementassistance[.]com/index[.]html#appointment/[] 
All licensed representatives are not employees of the district or KTRS. 
To opt out of future mailings, click on the following link: 
http://app[.]publicemployeeretirementassistance[.]com/index[.]html#appointment/[]/unsubscribe 

Screenshot of the phishing email

Date:

01-22-19

Sender:

talitabellardi@gmail.com

Subject:

[noSubject]

Content:

	Hello,

I contacted your school admin at University of Louisville; I graduated from there. I explained that I was looking for an Administrative/Personal Assistant and your email was sent to me, they said you are an honest person. This job is flexible and extremely rewarding. Get back to me ASAP if you are interested in more information.

Regards,
Christina Bull

Screenshot of the phishing email

Date:

01-17-19

Sender:

j[.]camp6@aol[.]com

Subject:

Re: Purchase

Content:

I need you to get a purchase done, email me once you get this.


Regards,

Neeli Bendapud



Sent from my Mobile Device

Screenshot of the phishing email

Date:

01-16-19

Sender:

ceo.privatemail@twc.com

Subject:

Required

Content:

Are you available? I would like to know if you can help in making purchase for Steam Wallet Gift Cards or Google Play Gift Cards at Starbuck or any store, Let me know if its possible, 
 
Pls, I'm occupied at the moment but will lookout for your reply. 
 
Thanks 
[First Name Last Name]

Sent from my Mobile Device

Screenshot of the phishing email

Date:

01-11-19

Sender:

someone@louisville.edu

Subject:

Your account has been hacked! You need to unlock.

Content:

Hi, stranger!

I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.

You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).

While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

What I've done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes ... but strange for me and other normal people), and the second part shows the recording of your webcam.

What should you do?

Well, I think $663 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don't know, look for "how to buy bitcoins" on Google).

BTC Address: aBitcoinWalletNumber
(This is CASE sensitive, please copy and paste it)

Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don't get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer "Yes!" and resend this letter to youself. 
And I will definitely send your video to your any 17 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people's time by replying to this email.

Bye!

Note:

	Email headers show the FROM header was forged. The account was never hacked. If you have this extortion phish coming to your inbox, please report the phish scam.