Posts written by gerwitz
Payroll schedule notification
May 11, 2023
This email has a link that will download malware to your computer or device. The External Email Notification shows it is coming from an address which isn’t associated with UT HSA. If you receive an email similar to this, delete it.
You have a new message OR Notification
May 11, 2023
Clicking on the link in this email will cause it to download malware to your computer/device. The malware takes over the mailbox and begins sending this same email to everyone in the address book from the compromised user’s account. If you receive an email similar to this, delete it. The email will have the subject […]
Document shared with you: “Faculty Bonus.docx”
May 9, 2023
This email appears to come from a Google Drive share and a number of its links are legitimately from Google. Anyone can get a Google Drive account and host documents with malicious code. This email was sent to a number of people who work for Dr. Hardin but she did not share this document. They […]
Re: no subject (Mailbox storage increase)
May 2, 2023
The scammer is hoping the receiver will click on the link to increase the amount of storage in the receiver’s mailbox. Hovering over the link shows it is pointing to a non-Microsoft domain. Brizy.site is a website service similar to GoDaddy or WordPress. Anyone can create a website hosted with Brizy.site. This scammer created one […]
Your plan renewal is in process
May 2, 2023
This email is designed to compel the receiver into calling the Helpdesk number provided, and cancel the renewal because it is an error. The Helpdesk person who answers the phone will be very helpful in acquiring the caller’s Personally Identifiable Information (PII) and bank information so they may credit the account. The Helpdesk phone number […]
COLLEGE FUNDS APPROVED FOR APRIL 2023
April 4, 2023
This is an attempt to gather Personally Identifiable Information (PII) from students. There is a recent trend to target students with promises for financial services, and this is just one more attempt to gather information. The first step of this scam was to use a compromised UTHSA email. This allows the scammer to send the […]
Quick Request
April 3, 2023
This is similar to a previous Phish listed on the Phish Bowl, “Kindly provide your available cell number”. This time the scammer went a step further and set up a free Outlook email account with the name of the Chair they are impersonating. The name of the Chair is changed to a fake name in […]
Student, Student Benefit, or College Relief
March 31, 2023
This email was sent from a compromised account so it didn’t come from an external address. The scammer was successful at compromising an internal account and used that account to access the Global Address List and send emails to multiple people at the university. Neither the sending email address or the contact email address listed […]
Kindly provide your available cell number
March 31, 2023
Many people received an email with this subject line, “Kindly provide your available cell number”. The email signature was simple and had the name of one of our Deans or a Chair of a department. This phishing scam utilized our public data to gather the names of high level people in our organization. But the […]
Submission of Research Paper
March 28, 2023
This email has a few red flags: The domain name of the sender and the domain name of the link at the bottom of the page are both recent purchases. This normally means there is a low trust for these domains. The sender doesn’t seem to have any affiliation with the site linked at the […]