These are some examples of phishing emails seen on campus. Do NOT assume a suspect email is safe, just because it is not listed here. There are many variants of each, and new ones are being sent out each day.
Beware of overly generous pay. Check the reputation of the email address with emailrep.io or similar tool.
From: Eve Marrs <evemarrs1941@gmail.com>
Subject: Open Opportunity
Date: July 11, 2019 at 4:05:22 PM PDT
To: undisclosed-recipients:;
Hello,
I am offering a post that only requires 1-2 hours, 2-3 days in a week, you can work at your convenience and earn 230 weekly. Respond for more details if interested.
Best Regards,
Eve Marrs
Note the inaccurate email address in the "From:" field.
From: Marc Tessier-Lavigne <jcerqueira@nafcs.org>
Subject: NEW DEVELOPMENT FILE TO ACCESS [DOCX.11] 31.01.12.2017
Date: January 31, 2017 at 8:30:41 AM PST
To: undisclosed-recipients:;
I am pleased to inform you that there will be a new development at the
Stanford University that will benefit all of it's members. You can read pdf
attached file for more information.
Thanks
Marc Tessier-Lavigne
Office of the President
Building 10
Stanford University
Stanford, CA 94305-2061
phone:(650) 723-2481
fax:(650) 725-6847
president@stanford.edu
Note the inaccurate, non-Stanford email address for Marc Tessier-Lavigne in the "From:" field.
From: Marc Tessier-Lavigne <marctessier-lavigne@execs.com>
Date: January 20, 2017 at 7:45:30 AM PST
To: <kelly.wright@stanford.edu>
Subject: Imperative
Hi Kelly,
Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our staff for a quick review. Prepare the lists and email them to me asap.
Best regards
Marc Tessier-Lavigne
Provost and President
From: <mailadmin@stanford.edu >
Sent: Friday, Sept. 30, 2016 10:31 AM
To: <employee name>
Subject: Email Account Update
Due to migration to a new Open Source Email Collaboration Solution (SunsetGates), it is mandatory that you update your Stanford University information immediately, using the update link below:
http://update.sunsetgates.com/update/server/admindesk/index.htm
Failure to update, will result to closure of your account.
Thanks for your Co-Operation.
Email Admin Desk
True sending account is: alabman566@gmail.com not jhennessay@stanford.edu.
President Hennessy's name is spelled incorrectly.
From: John Hennessay <jhennessay@stanford.edu>
Sent: Monday, May 2, 2016 11:31 AM
To: <employee name>
Subject: Request
<Name>,
Are you at your desk? I need you to send me an email attachment with the individual 2015 W-2 (PDF) and earnings summary of all the employees
Thank You
Sent from my iPhone
Mon 2/1/2016 9:35 AM
From: email-campaign <email-campaign-bounces@lists.stanford.edu>
Sent: Sat 1/30/2016 10:02 AM
To: email-campaign@lists.stanford.edu;
Checkout the new Stanford webmail and know if it has started working for you, its secured, faster and easy, you can give it a try by signing with your correct user and password.
click here to sign in: http://soconnectzm.voici.org/
Thanks
Stanford Mail Service
_______________________________________________
email-campaign mailing list
email-campaign@lists.stanford.edu
https://mailman.stanford.edu/mailman/listinfo/email-campaign
A Trojan malware email attachment is affecting computers Stanford-wide. The subject of the email is 2 Invoices Attached. The symptoms of an infected machine are the browsers continually crashing; otherwise, there are no additional signs.
University IT Computer Resource Consulting (CRC) has received guidance from the Information Security Office that if the attachment is opened on a Windows machine (not just previewed in Outlook/Office 365) a complete rebuild of the machine is required. Macs, phones, and Chromebooks are not affected.
Please advise your users NOT to open the attachment. If they have opened the attachment, please advise them to submit a HelpSU request so CRC or the appropriate IT team can remediate their machine.
More information on the malware can be found at: http://sanesecurity.blogspot.com/2015/11/2-invoices-attached-invoices17080258doc.html
Good morning,
Please see the attached invoices and remit payment according to the terms listed at the bottom of the invoice. If you have any questions please let us know.
Thank you!
This example is pretty flagrant in many respects. The grammar is very bad (note the first sentence is not even a complete sentence). It does not come from a Stanford address (what is telkomsa.net?) It is signed "Standford". The email is addressed to "info@cs.stanford.edu". Even if that is a legitimate address, it would clearly go to a very large number of people, but the email itself suggests that the individual recipient's account has been compromised. And, of course, the email includes a link to click where the recipient is supposed to "update settings". Do not trust links like this, especially when they do not even pretend to go to a stanford.edu site.
From: Help Desk <online2793774@telkomsa.net>
Date: June 20, 2015 at 7:57:55 AM PDT
To: info@cs.stanford.edu
Subject: update
It had been detected that your cs-stanford-edu email account. Mail delivery system had been affected with virus. Your email account had been sending virus included with your mail to recipient's account and as such a threat to our database. You'll need to update the settings on your cs-stanford-edu email account by clicking on this link: http://forms.logiforms.com/formdata/user_forms/66949_9366478/321793
From
CS. Standford
ITS Helpdesk
Copyright Stanford University. Stanford, California 94305.
