Posts written by Mike

Uthscsa Benefit Report on October 28, 2021

October 28, 2021

This phish appears to come from the University’s Human Resources office regarding benefits payments.  The phish is poorly branded using an old logo and improper branding.  It contains two attachments: a Microsoft logo and a malicious HTML file.  The HTML file downloads malicious software to the computer and then sends the browser to a malicious […]

“Adjusted Payroll Schedule” OR “Payroll Adjusted Schedule”

October 28, 2021

Phishing messages claiming to be from Payroll with a link that goes to one of several malicious web sites that will try to download malicious software (malware) on to your computer.

Your UT Health San Antonio – Student LiveMail

April 20, 2021

E-mail from a compromised student account.  Clicking the link sends the user to a malicious web site to steal the recipient’s username and password.  A sample of the malicious site is listed below the example. Example of fake malicious web site:

“Exciting Job Offer!!”, “Work”, “Work && Get Paid!!”, “Part Time -Exercise!!” [possible subject lines]

January 14, 2021

E-mail sent from multiple compromised user accounts; clicking on link opens a compromised website to steal usernames and passwords.

Mailbox Revalidation!!

January 14, 2021

E-mail sent from a compromised user account; clicking on link opens a malicious website to steal usernames and passwords.

UT Health Verification

January 14, 2021

E-mail sent from compromised student account; links opens a malicious website to steal usernames and passwords.

Emergency Zoom meeting

June 25, 2020

This is a phishing message taking advantage of so many people working remotely and using teleconferencing products.  Zoom is extremely popular right now, with Microsoft Teams gaining in popularity.  Expect future phishing attacks to spoof Teams and WebEx, as well as products used by our collaborators, such as GoToMeeting and Adobe Connect.


June 5, 2020

Warning #####**! Check Your eMail Setup Configuration To Confirm Ownership 05/26/2020 07:36

May 27, 2020

This phishing message includes the recipient’s username in the subject line, replaced here by “#####”.  The attachment (HTML file) opens in the recipient’s default web browser, appearing to be an Outlook Web App login page (see following sample e-mail). The fake OWA page captures and encrypts the login username and password and sends it to […]