Alerts

Security Alert
Jul 31, 2014 - 10:20 am

There have been several reports of a phishing email sent from the "Help Desk" with the subject Your Salary Raise Confirmation. and a request to click on a link. Do not do so. Instead, alert Google by reportiing it as phishing (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish.

 


 

Example:

From: BU-HR <employeebenefits@brown.edu>
Date: July 26, 2014 at 8:57:43 AM EDT
To: **************
Subject: Your Salary Raise Confirmation


 




Hello,

The University is having a salary increment program again this year with an average of 2.5%

The Human Resources department evaluated you for a raise on your next paycheck.

Click below to confirm and access your salary revision documents:




Click Here to access the documents

Security Alert
Jul 1, 2014 - 4:26 pm

Various reports this morning of phishing emails with the subject line Message from Brown Information Security: Your email account has been compromised. This is bogus and should be reported as phishing (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish


EXAMPLE:​

From: Brown University <marco_defilippo_roia@brown.edu>
Date: Tue, Jun 24, 2014 at 10:36 AM
Subject: Message from Brown Information Security: Your email account has been compromised
To: 

Dear User, 

You have almost exceeded your mailbox storage quota. To avoid deactivation and update of your mailbox account please *Click Here* 

***********************

Security Alert
Jun 20, 2014 - 9:38 am

Several different phishing emails have been spotted at Brown over the last few weeks: "I.T HELP-DESK" with a subject line "Re-Validate", more reports with the subject lines "Account Information!", "View Return Status" and "​Review Your Tax Return Status."  Most are being sent from compromised Brown accounts, so may be more likely to fool the recipient.

Here are some of subject lines of those reported since May 1. Some had CLICK HERE links, others had attachments, most were sent from Brown addresses but not all. Read Anatomy of a Phish for tips on commonalities and how to spot a phish. Full examples are included at the end of this post.

  • Account Information! (from various addresses, including Brown University)
  • Attention ::: View Return Status (IRS.gov)
  • From IRS.gov (IRS)
  • IRS e-file: Update Now (from Brown University and others)
  • Message from Brown Information Security: Your email account has been compromised
  • Re-Validate (from I.T Help Desk)
  • Re-Validate Your School Mail Box (from I.T HELP-DESK)
  • Review Your Tax Return Status (Brown.edu) (from INTERNAL REVENUE SERVICE )
  • Verify Project Proposal! (various addresses) 

If you receive one, report it as phishing to the Gmail team (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it. More about phishing at www.brown.edu/go/phishing and What to do When You Spot a Phish.

------------------------------------------------------------
From: Brown University < baldwbw0@sewanee.edu>
Date: June 3, 2014 at 18:37:42 EDT
To: undisclosed-recipients:;
Subject: Message from Brown Information Security: Your email account has been compromised
Reply-To: desk101@att.net

Dear User,

You have almost exceeded your mailbox storage quota. To avoid
deactivation and update of your mailbox account please *click here*

***********************

------------------------------------------------------------

------------------------------------------------------------

From: I.T HELP-DESK
Date: Fri, May 2, 2014 at 10:22 PM
Subject: Re-Validate
To:

Re-Validate- < Click Here>>

NOTE: That Failure to comply may result in the loss of your account within the next 24 hours.

Signed By Webmaster.
Maintained by the Technology Department. Copyright 2014

------------------------------------------------------------

Date: Mon, May 5, 2014 at 1:00 PM
Subject: Account Information!
To:

Your Mailbox has exceeded Its storage limit as Set By Your Administrator, and you will not be able to receive new emails until you Re-Validate it.

To Re-Validate- < Click Here >

Signed By Webmaster.
Maintained by the Technology Department. Copyright 2014

------------------------------------------------------------

From: INTERNAL REVENUE SERVICE <IRS.gov.helpdesk1@outlook.com>
Date: Tue, May 6, 2014 at 10:01 AM
Subject: Review Your Tax Return Status (Brown.edu)
To:

Internal Revenue Service. Verify and Update your IRS e-file immediately, To Update - < Click Here > Ignore only if recently updated. If you have any difficulty updating, reply our help-desk.

USA . gov is the U.S. government's official web portal.
***************************
IRS e-file. Since 1990
This U.S GOVERNMENT SYSTEM IS FOR AUTHORIZED USE ONLY!
Copyright 2014.
***************************

Security Alert
May 19, 2014 - 11:00 am

Beware of an email from Blackboard Systems <blackboard-alerts@systems.com> that has been sent to Brown users. Like similar phishing emails, this one attempts to get you to click on the provided link to view the new article that was supposedly "posted to you." Below is an example, with one of the clues highlighted: rolling over the link (but don't click on it) directs you to the site for the Euromed Civil Society.

If you receive one, report it as phishing to the Gmail team (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it. More about phishing at www.brown.edu/go/phishing and What to do When You Spot a Phish.

Security Alert
May 19, 2014 - 10:59 am

Various reports this morning of phishing emails with the subject lines UPDATE YOUR IRS IMMEDIATELY and View Return Status (IRS.gov). These are bogus and should be reported as phishing (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.

From http://www.irs.gov/uac/Report-Phishing: The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish 

Examples:

---------- Forwarded message ----------
From: Internal Revenue Service < NAME VARIES @brown.edu>
Date: Wed, Apr 30, 2014 at 6:42 AM
Subject: UPDATE YOUR IRS IMMEDIATELY
To:

Update your IRS e-file immediately, To Update -  < Click Here >

USA.gov is the U.S. government's official web portal.

==================================

---------- Forwarded message ----------
From: Taxslayer.com < NAME VARIES @brown.edu>
Date: Wed, Apr 30, 2014 at 4:14 AM
Subject: View Return Status (IRS.gov)
To:

Verify and Update your IRS e-file immediately, To Update -  < Click here to update >

USA.gov is the U.S. government's official web portal.

Security Alert
May 1, 2014 - 11:41 am

Be on the lookout for the latest phish, this one supposedly from "Internal Revenue Services" promising you a view of you tax return status. An example is provided below.

If you received one of these phishing emails and have not already deleted it, report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing").

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish 


Security Alert
Apr 28, 2014 - 10:44 am

A variety of phishing email messages were reported this afternoon, with subject lines like "Account Information!", "View And Verify IRS Status" and "Attention ::: View Return Status (Brown University)".  Do NOT respond to or click on any links in these emails.

If you received one of these phishing emails and have not already deleted it, report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing").  Below are a couple of examples from today's catch. 

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish



From: Brown University <jacques_susset@brown.edu>
Subject: Account Information!
Date: April 21, 2014 at 12:23:23 PM EDT
To: undisclosed-recipients:;

Your Mailbox has exceeded Its storage limit as Set By Your Administrator, and you will not be able to receive new emails until you Re-Validate it.

To  Re-Validate-  < Click Here >
 
Signed By Webmaster.
Maintained by the Technology Department. Copyright 2014

-------------------------------
From: Brown University (IRS) <mackenzie_daly@brown.edu>
Date: Mon, Apr 21, 2014 at 2:43 PM
Subject: View And Verify IRS Status (Brown University)
To:

Internal Revenue Service.

Verify and Update your IRS e-file immediately, To Update -  < Click Here >

USA . gov is the U.S. government's official web portal.
***************************
IRS e-file. Since 1990
This U.S GOVERNMENT SYSTEM IS FOR AUTHORIZED USE ONLY!
Copyright 2014.
***************************

Security Alert
Apr 9, 2014 - 1:24 pm

First reported in December, the Googledoc phishing scam has been spotted again. Today's variation has the subject line "Edward Wing Sent You a Google Doc." Do NOT click on the link. If you have not already deleted it, mark the email as phishing and then delete it. An example follows. 

If you received this (or other phishing emails), report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing"). Doing so forwards the message to the GMail Team for analysis and filtering.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish

Security Alert
Apr 9, 2014 - 1:24 pm

​Another round of phishing emails tonight from a few different Brown addresses, with some of the the usual hallmarks (grammar and formatting errors with request to view a Google Doc). Do NOT click on the link provided.

If you do receive a phish, report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing"). This will send that message immediately to the GMail Team for analysis and filtering.  An example follows.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish

---------- Forwarded message ----------
From: Jacobs, Nancy <nancy_jacobs@brown.edu>  OR  "Cook, Harold" <harold_cook@brown.edu>
Date: Wed, Apr 2, 2014 at 5:45 PM
Subject: IMPORTANT NEWSLETTER
To:  < long list of email addresses >

Hi All,

Kindly view this newsletter i uploaded for you using Google Docs secure File uploader.

Click here to open: Newsletter -DA06 and sign in with your email for your secure access, it's a very important news.

Thanks, 


Security Alert
Apr 9, 2014 - 1:23 pm

Be on the lookout for an email  from "Blackboard Articles <articles@www.blackboard.com>", which was reported this weekend (example below). Like similar phishing emails, it attempts to trick you to click on the link (hovering over it displays a very suspicious non-Blackboard URL). Don't fall for it!

If you received this (or other phishing emails), report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing"). Doing so forwards the message to the GMail Team for analysis and filtering.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish

Blackboard PhishBlackboard Phish