Skip to main content

Recent Examples of Phishing

These are some examples of phishing emails seen on campus. Do NOT assume a suspect email is safe, just because it is not listed here. There are many variants of each, and new ones are being sent out each day.

Job Offer

Fake job offers will attempt to collect personal and banking information. In this instance look at the reply to field for a solid red flag: Reply-To: Walgreens <norelpy@jobs.wlagreens.com>

From: Walgreens <consumer@e24653.f.akamaiedge.net>
Date: July 16, 2019 at 09:06:22 PDT
To: Undisclosed recipients:;
Subject: Job Offer
Reply-To: Walgreens <norelpy@jobs.wlagreens.com>

Walgreens Secret Reviewers
We are looking for secret reviewers to rate their local Walgreens store!

No experience needed, just your honest opinion.
The task requires you to shop and evaluate our employees.

You will get paid to shop and you can keep the products.

You will be paid with amounts between $200-400 per assignment.

Reviewers are selected randomly every week and if selected, they will be contacted via phone or email.

Join our team by filling in the application form.

Join Us*
* If you have received this message inside your spam folder some links and other functionality might be disabled, move it to inbox folder in case you are having problems pressing 'Join Us'.
© Copyright 2019 Walgreen Co. All rights reserved.
You can unsubscribe from this list.

Open Opportunity

Beware of overly generous pay. Check the reputation of the email address with emailrep.io or similar tool.

From: Eve Marrs <evemarrs1941@gmail.com>
Subject: Open Opportunity
Date: July 11, 2019 at 4:05:22 PM PDT
To: undisclosed-recipients:;

Hello,

I am offering a post that only requires 1-2 hours, 2-3 days in a week, you can work at your convenience and earn 230 weekly. Respond for more details if interested.

Best Regards,

Eve Marrs

Email with Attached PDF

Note the inaccurate email address in the "From:" field.

Screenshot of phishing PDF that was attached to this email.

From: Marc Tessier-Lavigne <jcerqueira@nafcs.org>
Subject: NEW DEVELOPMENT FILE TO ACCESS [DOCX.11] 31.01.12.2017
Date: January 31, 2017 at 8:30:41 AM PST
To: undisclosed-recipients:;

I am pleased to inform you that there will be a new development at the

Stanford University that will benefit all of it's members. You can read pdf

attached file for more information.

Thanks

Marc Tessier-Lavigne
Office of the President
Building 10
Stanford University
Stanford, CA 94305-2061
phone:(650) 723-2481
fax:(650) 725-6847
president@stanford.edu

Request for W-2 Forms and Earnings Summary

Note the inaccurate, non-Stanford email address for Marc Tessier-Lavigne in the "From:" field.

From: Marc Tessier-Lavigne <marctessier-lavigne@execs.com>
Date: January 20, 2017 at 7:45:30 AM PST
To: <kelly.wright@stanford.edu>
Subject: Imperative

Hi Kelly,

Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our staff for a quick review. Prepare the lists and email them to me asap.

Best regards
Marc Tessier-Lavigne
Provost and President

Email Account Update

From: <mailadmin@stanford.edu >
Sent: Friday, Sept. 30, 2016 10:31 AM
To: <employee name>
Subject: Email Account Update

Due to migration to a new Open Source Email Collaboration Solution (SunsetGates), it is mandatory that you update your Stanford University information immediately, using the update link below:

http://update.sunsetgates.com/update/server/admindesk/index.htm

Failure to update, will result to closure of your account.

Thanks for your Co-Operation.

Email Admin Desk

Request

True sending account is: alabman566@gmail.com not jhennessay@stanford.edu.

President Hennessy's name is spelled incorrectly.

From: John Hennessay <jhennessay@stanford.edu>
Sent: Monday, May 2, 2016 11:31 AM
To: <employee name>
Subject: Request

<Name>,

Are you at your desk? I need you to send me an email attachment with the individual 2015 W-2 (PDF) and earnings summary of all the employees

Thank You

Sent from my iPhone

[email-campaign] Stanford Webmail UPDATE 2016

Mon 2/1/2016 9:35 AM
From: email-campaign <email-campaign-bounces@lists.stanford.edu>
Sent: Sat 1/30/2016 10:02 AM
To: email-campaign@lists.stanford.edu;
Checkout the new Stanford webmail and know if it has started working for you, its secured, faster and easy, you can give it a try by signing with your correct user and password.

click here to sign in: http://soconnectzm.voici.org/

Thanks

Stanford Mail Service
_______________________________________________
email-campaign mailing list
email-campaign@lists.stanford.edu
https://mailman.stanford.edu/mailman/listinfo/email-campaign

Invoice Attached

A Trojan malware email attachment is affecting computers Stanford-wide. The subject of the email is 2 Invoices Attached. The symptoms of an infected machine are the browsers continually crashing; otherwise, there are no additional signs.

University IT Computer Resource Consulting (CRC) has received guidance from the Information Security Office that if the attachment is opened on a Windows machine (not just previewed in Outlook/Office 365) a complete rebuild of the machine is required. Macs, phones, and Chromebooks are not affected.

Please advise your users NOT to open the attachment. If they have opened the attachment, please advise them to submit a HelpSU request so CRC or the appropriate IT team can remediate their machine.

More information on the malware can be found at: http://sanesecurity.blogspot.com/2015/11/2-invoices-attached-invoices17080258doc.html

Good morning,

Please see the attached invoices and remit payment according to the terms listed at the bottom of the invoice. If you have any questions please let us know.

Thank you!