Recent Examples of Phishing
These are some examples of phishing emails seen on campus. Do NOT assume a suspect email is safe, just because it is not listed here. There are many variants of each, and new ones are being sent out each day.
Job Offer
Fake job offers will attempt to collect personal and banking information. In this instance look at the reply to field for a solid red flag: Reply-To: Walgreens <norelpy@jobs.wlagreens.com>
From: Walgreens <consumer@e24653.f.akamaiedge.net>
Date: July 16, 2019 at 09:06:22 PDT
To: Undisclosed recipients:;
Subject: Job Offer
Reply-To: Walgreens <norelpy@jobs.wlagreens.com>
Walgreens Secret Reviewers
We are looking for secret reviewers to rate their local Walgreens store!
No experience needed, just your honest opinion.
The task requires you to shop and evaluate our employees.
You will get paid to shop and you can keep the products.
You will be paid with amounts between $200-400 per assignment.
Reviewers are selected randomly every week and if selected, they will be contacted via phone or email.
Join our team by filling in the application form.
Join Us*
* If you have received this message inside your spam folder some links and other functionality might be disabled, move it to inbox folder in case you are having problems pressing 'Join Us'.
© Copyright 2019 Walgreen Co. All rights reserved.
You can unsubscribe from this list.
Open Opportunity
Beware of overly generous pay. Check the reputation of the email address with emailrep.io or similar tool.
From: Eve Marrs <evemarrs1941@gmail.com>
Subject: Open Opportunity
Date: July 11, 2019 at 4:05:22 PM PDT
To: undisclosed-recipients:;
Hello,
I am offering a post that only requires 1-2 hours, 2-3 days in a week, you can work at your convenience and earn 230 weekly. Respond for more details if interested.
Best Regards,
Eve Marrs
Email with Attached PDF
Note the inaccurate email address in the "From:" field.
From: Marc Tessier-Lavigne <jcerqueira@nafcs.org>
Subject: NEW DEVELOPMENT FILE TO ACCESS [DOCX.11] 31.01.12.2017
Date: January 31, 2017 at 8:30:41 AM PST
To: undisclosed-recipients:;
I am pleased to inform you that there will be a new development at the
Stanford University that will benefit all of it's members. You can read pdf
attached file for more information.
Thanks
Marc Tessier-Lavigne
Office of the President
Building 10
Stanford University
Stanford, CA 94305-2061
phone:(650) 723-2481
fax:(650) 725-6847
president@stanford.edu
Request for W-2 Forms and Earnings Summary
Note the inaccurate, non-Stanford email address for Marc Tessier-Lavigne in the "From:" field.
From: Marc Tessier-Lavigne <marctessier-lavigne@execs.com>
Date: January 20, 2017 at 7:45:30 AM PST
To: <kelly.wright@stanford.edu>
Subject: Imperative
Hi Kelly,
Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our staff for a quick review. Prepare the lists and email them to me asap.
Best regards
Marc Tessier-Lavigne
Provost and President
Email Account Update
From: <mailadmin@stanford.edu >
Sent: Friday, Sept. 30, 2016 10:31 AM
To: <employee name>
Subject: Email Account Update
Due to migration to a new Open Source Email Collaboration Solution (SunsetGates), it is mandatory that you update your Stanford University information immediately, using the update link below:
http://update.sunsetgates.com/update/server/admindesk/index.htm
Failure to update, will result to closure of your account.
Thanks for your Co-Operation.
Email Admin Desk
Request
True sending account is: alabman566@gmail.com not jhennessay@stanford.edu.
President Hennessy's name is spelled incorrectly.
From: John Hennessay <jhennessay@stanford.edu>
Sent: Monday, May 2, 2016 11:31 AM
To: <employee name>
Subject: Request
<Name>,
Are you at your desk? I need you to send me an email attachment with the individual 2015 W-2 (PDF) and earnings summary of all the employees
Thank You
Sent from my iPhone
[email-campaign] Stanford Webmail UPDATE 2016
Mon 2/1/2016 9:35 AM
From: email-campaign <email-campaign-bounces@lists.stanford.edu>
Sent: Sat 1/30/2016 10:02 AM
To: email-campaign@lists.stanford.edu;
Checkout the new Stanford webmail and know if it has started working for you, its secured, faster and easy, you can give it a try by signing with your correct user and password.
click here to sign in: http://soconnectzm.voici.org/
Thanks
Stanford Mail Service
_______________________________________________
email-campaign mailing list
email-campaign@lists.stanford.edu
https://mailman.stanford.edu/mailman/listinfo/email-campaign
Invoice Attached
A Trojan malware email attachment is affecting computers Stanford-wide. The subject of the email is 2 Invoices Attached. The symptoms of an infected machine are the browsers continually crashing; otherwise, there are no additional signs.
University IT Computer Resource Consulting (CRC) has received guidance from the Information Security Office that if the attachment is opened on a Windows machine (not just previewed in Outlook/Office 365) a complete rebuild of the machine is required. Macs, phones, and Chromebooks are not affected.
Please advise your users NOT to open the attachment. If they have opened the attachment, please advise them to submit a HelpSU request so CRC or the appropriate IT team can remediate their machine.
More information on the malware can be found at: http://sanesecurity.blogspot.com/2015/11/2-invoices-attached-invoices17080258doc.html
Good morning,
Please see the attached invoices and remit payment according to the terms listed at the bottom of the invoice. If you have any questions please let us know.
Thank you!
