Posts written by gerwitz

Assistance Program Eligibility

July 10, 2024

One of the first things to check is who sent the email. Since the Employee Assistance Program is part of HR, it would make more sense for this to have come from someone in HR. The second red flag is the URL isn’t associated with UT Health SA. The third thing to check is how […]


Action Needed: Help Us Trace COVID-19 Exposure

June 4, 2024

A breach occurred at one of the UT Campuses and was the direct result of people believing the Phish was a legitimate request. The breach included gaining the credentials of the targeted employees and even registering the attacker’s phone with Duo. The result of the breach was 3 people had their payroll checks redirected to […]


bugs in your site

February 29, 2024

This is a new type of Phish where the person is offering up their services to help identify some vulnerabilities. They are hoping you will pay them for the information they give you. If not, they are counting on you feeling like they will exploit the vulnerabilities if you don’t pay. There are actually some […]


Apply Now

February 2, 2024

A quick browser search using the domain name iconpln.co.id and Red Cross shows a number of companies/universities reporting this phish. The Red Cross uses their own domain name for correspondence; their email address format is FirstName.LastName@redcross.org. Any email coming from the Red Cross would be using that format with redcross.org. The link points to arc-careers.com. […]


Suspicious Login Detected

January 2, 2024

This email is designed to have you access the PDF file in someone’s Google Drive or contact the email address to find out what to do next. This is a scam and the PDF file probably has malicious code. See the Red Flags listed below for information on why this is not a legitimate email. […]


Generous Christmas Gift

January 2, 2024

This has been identified as a Phishing Email. Here are the Red Flags to look for in this email. Unexpected Offer: The email presents an unusually generous offer, which is a common tactic used in phishing to lure individuals with the promise of high-value items for free. Generic Greeting: The email starts with a generic […]


Flexible Home Job

December 21, 2023

This email is an attempt to start a conversation where the sender will gather information used in applying for a job. In the past, we have seen the sender then ask for copies of Driver’s License and Social Security Card. This is designed to gather as much Personal Identifiable Information (PII). This information will be […]


Invoice Payment Confirmed…Settled…Dispatched

December 19, 2023

This Phishing email has a couple of different subject lines but they all have the same goal – make the recipient think they had already payed for items they didn’t order. The end goal is to get the recipient to call the phone number to have the payment rescinded. The person answering the phone will […]


Reset DD

December 14, 2023

This email originated from outside the university but it looked like it was coming from an employee because the scammers used an employee’s name in the signature line. The domain defenceantivirus.com was checked against a site which detects malware on domains and found to have a lot of malware. Anytime Direct Deposit is mentioned in […]


Confidential Message

December 14, 2023

This email asks the recipient to email a code to a specific address to read a confidential message. The email doesn’t include any information to help the recipient know what this is in reference to and it is asking the recipient to email a random, free, Gmail account. The email address listed as sender is […]