Recent Examples of Phishing

These are some examples of phishing emails seen on campus. Do NOT assume a suspect email is safe, just because it is not listed here. There are many variants of each, and new ones are being sent out each day.

New internship opportunity

September 5, 2025

Stanford Action Required: Employee Pay Raise and Strategic Organizational Restructuring

September 4, 2025

Join CARE's Mission: Paid Virtual Work-Study Opportunity for Students

September 4, 2025

ALERT! - Active Credential Harvesting Campaign

September 4, 2025

Good morning. An active credential harvesting campaign is coming in as an attachment with a QR code embedded in the PDF. Subject line is: Stanford Action required: Kindly Update Promptly - Employee ID-7597555367237216985958244. The downloadable PDF is named Stanford.pdfThe email is self-addressed, where the sender and recipient are the same. The QR code contains a phishing URL attempting to harvest credentials with the link of https[:]//brightnationti[.]eu/DL8WZbP56/#username@stanford.edu. resolving to https[:]//telemeter[.]brightnationti[.]eu/DL8WZbP56/#username@stanford.edu. Each recipient link is uniquely crafted with their username in the address.