Phish Bowl

Bad actors use sophisticated phishing emails to steal credentials, personal information, and other sensitive data. The campus community should remain vigilant and on constant alert.   Below are some recent phishing emails circulating on campus.   If you have received them, please delete them.  

If you have received a suspicious email and it is not listed here, do NOT assume it is safe or legitimate - please report it and a member of DotCIO will assist in verifying if legitimate or a phish.  Always err on the side of caution.

Report a phishing attempt

Tips on identifying phish

Don't take the Bait - Training video on identifying phish

Date Date Method Subject Description From Validity Audience
20240223 02/23/2024 Email [EXTERNAL]Notification. phish_email.png A stolen MIT email account Phishing Attempt Faculty & Staff, Students
20240222 02/22/2024 Email [EXTERNAL]Rensselaer Polytechnic Donation

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hello,
One of my co-worker, XXXXXXX is downsizing and give away her late dad's piano to a loving home. The Piano is a 2014 Yamaha Baby Grand used like new, I will not be checking this email often , kindly contact her on xxxxxxxx@outlook.com to arrange inspection.
Please write Mrs.Elisabeth via your personal email for a swift response.

Thanks,
Bradford Lister
Director, Anderson Center for Innovation in
Undergraduate Education

Bradford Lister - using various gmail addresses Phishing Attempt Faculty & Staff, Students
20240212 02/12/2024 Email [EXTERNAL][#49512355] IMPORTANT: Information about your Google Workspace account rpi.edu

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hello,

We are reaching out to you on behalf of morric@rpi.edu who identified themselves as an employee within your organization and wishes to contact you about obtaining super administrator access to your Google Workspace account for rpi.edu.

Please be aware that the user has proven ownership to the DNS domain name rpi.edu, so while they do not have administrative access to your Google Workspace account they control a critical piece of your infrastructure.

If you believe that this request is legitimate, please reach out to morric@rpi.edu directly.

Best regards,

Google Workspace Support

noreply_cloud_support@google.com <noreply_cloud_support@google.com> Legitimate Communication Faculty & Staff
20240130 01/30/2024 Email [EXTERNAL]Possibility of Having a Free Toolbox and Welding Machine Ownership Inbox

Dear Faculty/Staff,

hope this email finds you well. I am writing to inform you that XXXXXXXX has expressed her willingness to donate her late father's Miller 951937 Dynasty 300 TIG Welder w/ TIGRunner Pkg & Wireless Foot Control, along with a complete set of Snap-On Tools and accessories.

If you are interested in any of the equipment, please indicate your interest by sending an email to XXXXX to arrange inspection and delivery or pickup with a moving company.

NB: Please write Mrs Jennifer with your personal email for a swift response.

Sincerely,

hendersonnancy377@gmail.com Phishing Attempt Faculty & Staff
20240101 01/01/2024 Email Confirm <Email Address> on Slack phish_email_1.jpg Support <support@atozdeals.co> Phishing Attempt Faculty & Staff, Students
20240101 01/01/2024 Email Start Your 7 Day Free Trial Now image_1.jpg Disney + <disney@atozdeals.co> Phishing Attempt Faculty & Staff, Students
20231231 12/31/2023 Email Attn Required : Delivery Delay

Dear Shopper,

We apologize but based on the substantial increase of online ordering over past 9 months, your delivery has been delayed.

Access the link below to confirm the best delivery date. 

Reschedule Delivery

Thank you for your continued business,

Delivery Coordinator

Delivery Coordinator <Coordinator@shipment-status.com> Phishing Attempt Faculty & Staff, Students
20231230 12/30/2023 Email <First Name>, You received an eFax

Fax Message [Caller-ID: 222-200-4120]

You have received a 4 pages fax.

* The reference number for this fax is AT-AT-99034jdks03szl-AT-AT.

View this fax using your PDF reader.

Click here to view this message 

Please visit <URL REMOVED> if you have any questions regarding this message or your service.

Thank you for using the eFax service

Home Contact Login

k2 Global Communications, Inc. All rights reserved.
eFaxing is a registered trademark of k2 Global Communications, Inc.

This account is subject to the terms listed in the eFax Customer Agreement.

 
FaxMessage <FaxMessage@shared-document.com> Phishing Attempt Faculty & Staff, Students
20231229 12/29/2023 Email HR Limited Discount Offer - Stand Up Desk

Hi <First Name>,

Your health and wellbeing is a top priority. The HR Team has worked with StandMore providing serious discounts to a Mini Desk Converter.   Enhancing  your workspace by standing reduces pain, decreases fatigue and improves mood. To take advantage of this limited offer from HR, access the site below.

Mini Desk Converter

Sincerely,
HR Ergo Team

HR Ergonomics <HRErgo@employee-center.com> Phishing Attempt Faculty & Staff
20231228 12/28/2023 Email RPI Email: Delivery blocked

Delivery Alert
2023-12-28 20:22:07 (UTC)

A message has been blocked for delivery.

To view this message please click the View Message button below or contact your administrator.

View Message 


Email Detail Summary

Recipient: <EMAIL ADDRESS>

Subject: Fw: Status of results

Suspend delivery of alerts for 1 hour, 3 hours, 24 hours.

Email Security <security-alert@microsrcft.com> Phishing Attempt Faculty & Staff, Students
20231226 12/26/2023 Email Suspicious Login Detected [Action Required]

New sign-in to Firefox

Firefox on Mac OS X 10.14
Sophia, Bulgaria (estimated)
IP address: 111.134.26.33.40
2023-12-26 14:25:08

Manage account 

This is an automated email; if you did not authorize this action, then please change your password. For more information, please visit Mozilla Support.

Mozilla. 331 E Evelyn Ave, Mountain View, CA 94041
Mozilla Privacy Policy 

Firefox Security Team <firefox-security@employeecenters.com> Phishing Attempt Faculty & Staff, Students
20231225 12/25/2023 Email Final Warning - Your email will be deactivated

Macrosoft verification alert

Dear User,

Your email is currently not upgraded. Please upgrade to the newest version to avoid deactivation.

UPGRADE NOW 

Thank you for using Macrosoft Services.


We respect your privacy. To learn more, please read our privacy statement.

IT Support <outlook@emails-track.com> Phishing Attempt Faculty & Staff, Students
20231224 12/24/2023 Email Attn: Email shutdown request

Dear User,

Our records indicate that your email was requested to be shutdown.

If this request was made accidentally or you have no knowledge of this request, you are advised to cancel the request now.

Cancel De-activation

However, if you do not cancel this request, your account will be shutdown shortly and all your email data will be lost.

Regards,
Email Administrator
IT Services

This message was automatically generated from the E-mail security server, any replies will not be delivered.

Email Acct. Administrator <admin@emails-track.com> Phishing Attempt Faculty & Staff, Students
20231223 12/23/2023 Email Fw: Password Review

All Staff,

Please review and execute the security procedures below imediatly! You can also start here to begin. 

Regards,

IT Admin 

From: IT Security 
Sent: 2023-12-23 13:37:05
To: Company Name
Subject: Password Review

PLEASE READ

Due to a recent rise in attacks on computer networks, new regulations and policies have now mandated stricter information security standards. As passwords remain the primary method for defending against unauthorized access, your passwords must be checked for sufficient complexity. You will receive recommendations for making changes if they fall short of the new requirements.

Please help in completing this review as soon as possible by visiting here to test the strength of your passwords. Continuing to use an insecure password may result in your account being locked out.

Thanks for your support.

IT Security Team

***********************

This email may contain confidential and privileged information for the sole use of the intended recipient.
Any review or distribution by others is strictly prohibited.
If you are not the intended recipient,
please contact the sender and delete all copies. Thank you.

***********************

security <security@sec-monitor.com> Phishing Attempt Faculty & Staff, Students
20231223 12/23/2023 Email Your DocuSign login settings have been updated

Two-step verification settings have changed

Two-step verification has been enabled on your account. When logging in to DocuSign, you will now be prompted for additional verification.

Please log in to your DocuSign account to change your settings.

ACCESS CODE: 45867

Confirm Account Here

About DocuSign
Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction Management™.

Download the DocuSign App

 

DocuSign <support@shared-document.com> Phishing Attempt Faculty & Staff, Students
20231223 12/23/2023 Email Fwd: Rensselaer has invited you to collaborate on Box!

 Rensselaer HR has invited you to collaborate on a folder:

Reminder: waiting for your reply.

 

Updated Organization Chart

Collaborated Folder

Accept Invite

Get our app to view this on mobile. <URL REMOVED> to view Invite.

About Box Privacy Policy   Edit Notification Settings 900 Jefferson Avenue, Redwood City, CA 94063, USA

 

Rensselaer <delivery@shared-document.com> Phishing Attempt Faculty & Staff
20231222 12/22/2023 Email Your daily briefing

Hi <First Name> <Last Name>

Make today count!

Commitments and follow-ups

Lorrie Campbell

Documents to Review

Yesterday they asked, "Please look over these documents and return signed copies by the end of the day."

Did you find this email helpful? Send feedback

Microsft Corporation

One Microsft Way, Redmond, WA 98052, USA

Settings  |  Privacy Statement  |  Unsubscribe

This email is intended for <Email Address>

For people in Canada

This is a mandatory service communication. To set your contact preferences for other communications, visit the Promotional Communications Manager.

Microsft Canada Inc.
1950 Meadowvale Blvd.
Mississauga, ON L5N 8L9 Canada

Cortana <cortana@microsrcft.com> Phishing Attempt Faculty & Staff, Students
20231221 12/21/2023 Email Unable to Verify Subscription phish_email_0.jpg Office Subscription Team <Verify-Subscription@msupdating.com> Phishing Attempt Faculty & Staff, Students
20231220 12/20/2023 Email Security Update

A system update was released today that needs to be appleid to all office computers and devices. Please folow the instructions below to install this update on your computer.

Thanks,

IT

From: Firewall Security Info [mailto:secuirty@it-ops.net]
Sent: Today, 9:15 AM
To: it-ops@securemaindesk.net
Subject: Firewall Security Update

Greetings,

A recent group of viruses have been released which put security systems at risk. These viruses exploit vulnerabilities in Internet Explorer and Outlook. These viruses corrupt data on the local systems and leak personal information. The viruses targeting Microsft Outlook are particularly dangerous because they only require the recipient to open the email message to execute.

Anyone running Microsft Windows XP, Vista, or 7 behind a B5 firewall should download the following patch and install it immediately, to block the firewall exploits.

Instructions:

1. Click on this link: <URL REMOVED>

2. On the resulting page, locate your sytem and click the "Download Patch" button.

3. A dialog box will pop up. Start the installation immediately by clicking the "Open" button. The installation takes less then 4 minutes and should not require a reboot.

Thank you, IT Ops Security Team

Please DO NOT REPLY to this email as this is not a monitored support address. If you have inquiries please visit <URL REMOVED>

IT <IT@employeecenters.com> Phishing Attempt Faculty & Staff
20231220 12/20/2023 Email [EXTERNAL]Disposal of a Yamaha Baby Grand !!!

Dear Student/Faculty/Staff,
One of our staff at Rensselaer Polytechnic Institute, Ms. Jingwen Tu is downsizing and looking to give away her late dad's Yamaha Baby Grand Piano to a loving home.

To indicate your interest kindly write to her directly at balcine1942@outlook.com for more details and inspection of the lovely piano.

Best Regards.
Karen Fajardo
HR SPECIALIST, SR.
2023 Rensselaer Polytechnic Institute

At times emails are sent outside of 8:00-5:00 business hours or on weekends. Please do not feel obligated to respond outside of normal working hours.

Karen Fajardo <manju_s1970@rediffmail.com> Phishing Attempt Faculty & Staff
20231219 12/19/2023 Email Critical security alert phish_email.jpg Google <google@ransombot.com> Phishing Attempt Faculty & Staff, Students
20231218 12/18/2023 Email Your membership has ended image.jpg Adobe Cloud - Account Cancelation Notice <AdobeSupport@securessoft.com> Phishing Attempt Faculty & Staff, Students
20231218 12/18/2023 Email Missing Loan Requirement

Just a reminder that you must complete a Master Promissory Note at studentaid.gov before your federal student loan can disburse.

Instructions on how to complete the MPN can be found here. We should receive your MPN electronically within 48 hours after you submit it.

Should you have any questions or concerns, please contact us.

Financial Aid <admin@financialadvicers.com> Phishing Attempt Faculty & Staff, Students
20231216 12/16/2023 Email IT Notification: Service Desk Ticket Update

Notification of Ticket Escalation

Workspace:           Service Desk
Ticket:                   Request action
Ticket number:     #5356045


Priority:  High           Status:  Request

 

Description:
I have marked your Request as Needed Action.

Please review the details of your request in the IT Service portal via the following link: Your Incident

The last action taken are as follows:


IT service:
system checked

If you do not reply to this request, it will automatically close in 5 business days.

Regards,
IT Service Desk
Information Technology Department

IT Service Desk <IT@emails-track.com> Phishing Attempt Faculty & Staff, Students
20231215 12/15/2023 Email VPN Access Termination

To <First Name> <Last Name>:

Please be advised that, effective tomorrow morning, we will terminate your corporate VPN access as the client you use to connect is out of date.

You can prevent termination of your corporate VPN access by logging into the VPN service and downloading the latest client here:

SSL VPN Client

Sincerely,

IT Department

IT Dept <it@networkdomain.info> Phishing Attempt Faculty & Staff, Students
20231214 12/14/2023 Email Over Quota

Dear User,

Your webmail has exceded the allotted monthly quota.

2242MB

To avoid account suspenson, click the link below to start the cleanup process to archive your mail.

Start Process

- IT Security

IT Security <it-ops@employeecenters.com> Phishing Attempt Faculty & Staff, Students
20231214 12/14/2023 Email Attn: Email shutdown request image_0.jpg Email Acct. Administrator <admin@emails-track.com> Phishing Attempt Faculty & Staff, Students
20231213 12/13/2023 Email Free Piano Donation. !!!

Dear Student/Staff/Faculty,

One of our staff, Mr. Carl Dever, is downsizing and looking to give away his late dad's piano to a loving home. The Piano is a 2014 Yamaha Baby Grand size used like new. You can write to him to indicate your interest on his private email (Carldever02@writeme.com) to arrange an inspection and delivery with a moving company. Kindly write Mr. Dever via your private email for a swift response.

Tracy Bossert <lassana28@optonline.net> Phishing Attempt Faculty & Staff
20231212 12/12/2023 Email New Voicemail!

You received a new voicemail: VOICE601-878-8837.wav (501 KB)

.WAV (501)  

Your VM info <voicemail@uinfo.co> Phishing Attempt Faculty & Staff, Students
20231212 12/12/2023 Email Enrollment in ID Theft Protection

Dear Employee

Given the number of data breaches that have occurred over the last twelve months, your company, is providing ID Theft Protection at no cost to you.   The benefits of the program include, but are not limited to, the following:

  • Identity theft repair services if you have already become a victim of identity theft
  • Credit monitoring services to alert you of any changes in your credit status
  • Identity theft insurance for up to $1,000,000
  • Fraud monitoring and detection for enrolled credit/debit cards
  • Phone alerts or notification of suspicious activity


Again, there is no cost to you as this service is being paid for by your company as a benefit to employees.  Enrollment is easy, just click the link below then enter the authorization code.

<URL REMOVED>

Authorization code: T94A3

If you have any questions, please contact your administrator.


Sincerely,

Secure-Monitor ID Theft Protection

Customer Support <support@securessoft.com> Phishing Attempt Faculty & Staff, Students
20231209 12/09/2023 Email Suspicious Activity

Hi,

We discovered ilegal activity on your account from a different IP location other then the IP associated with your account.
<Email Address>

Your security is our top priority and we highly advise that you check activity immediately. We will continue to monitor your account and will notify you in the event of another security incident.

Check activity

Sincerely,

IT Ops

This email can't receive replies. For more information, visit the IT Ops Help Center

You received this mandatory email service announcement to update you about important changes to your account.

© 2017 IT Ops, 24139 Main Street, Mountain View, CA 94043, USA

IT Ops <it-ops@employeecenters.com> Phishing Attempt Faculty & Staff, Students
20231209 12/09/2023 Email Here's Your Invoice 4555366 phish_email_2.jpg Accounts Payable <billing@shared-document.com> Phishing Attempt Faculty & Staff
20231207 12/07/2023 Email [EXTERNAL]Office 365 Error: Mandatory Software Update

We attempted to update or patch your laptop to Office 365 but encountered several errors. In order to resolve these corporate risk issues, we need you to perform a few diagnostic checks on your system. You can find instructions to do this by downloading the PDF.

We require you to do this by the end of the day so the upgrade can run smoothly overnight.NOTE:  If you experience trouble with the attachment, click here.

IT Department <itsupport@securessoft.com> Phishing Attempt Faculty & Staff, Students
20231206 12/06/2023 Email Microsft Teams Collaboration phish_email_3.jpg Microsft Collaboration Team <admin@microsrcft.com> Phishing Attempt Faculty & Staff, Students
20231202 12/02/2023 Email [EXTERNAL]RPI Financial Aid Pell Notification

Based on our records you were awarded a Federal Pell Grant for 2023. Please be advised if your enrollment changes, your Federal Pell Grant could be reduced or canceled. If you have any additional questions please contact our office.

Please login to RPI Portal through https://ssologin.rpi.edu/ to view your award package.

Financial Aid <financial@financialadvicers.com> Phishing Attempt Faculty & Staff, Students
20231103 11/03/2023 Email [EXTERNAL]Benefits

Solicitation - As a school employee, you get education discounts from hundreds of organizations and retailers including Apple, Amazon, and Microsoft, not to mention cell phone providers, insurance companies, clothing stores, and more.

Williams, Cheryl <cheryl@academicmail.net> Phishing Attempt Faculty & Staff, Students
20231029 10/29/2023 Email [EXTERNAL] Confirmation needed urgently

With reference to your pending payment I am contacting you in regards with the CHANGE OF BENEFICARY'S APPLICATION ....

qP.W.B <supports@zoetoday.com> Phishing Attempt Faculty & Staff
Back to top