Assistance Program Eligibility

July 10, 2024

One of the first things to check is who sent the email. Since the Employee Assistance Program is part of HR, it would make more sense for this to have come from someone in HR. The second red flag is the URL isn’t associated with UT Health SA. The third thing to check is how […]

🛡️ Alert From Google

June 25, 2024

This phishing email uses several tactics to deceive recipients into clicking on a malicious link. The email impersonates Google with suspicious branding and contains an external email address that doesn’t match legitimate Google domains. The content of the email creates a sense of urgency by warning about a detected virus, prompting users to click a […]

6550-Uthscsa: Accept the proposal and return

June 5, 2024

This phishing email targeting UTHSCSA employees leverages several tactics to deceive recipients and avoid detection. Here are the key elements and red flags: Suspicious Branding and Font: The DocuSign logo appears distorted and irregular, which is a common indicator of a phishing attempt. Authentic emails from companies typically maintain consistent and professional branding. Sender Address […]

Action Needed: Help Us Trace COVID-19 Exposure

June 4, 2024

A breach occurred at one of the UT Campuses and was the direct result of people believing the Phish was a legitimate request. The breach included gaining the credentials of the targeted employees and even registering the attacker’s phone with Duo. The result of the breach was 3 people had their payroll checks redirected to […]

Informational-severity alert:Creation of forwarding/redirect rule Case ID:IPx2rFL

May 15, 2024

This phishing email employs a fake security alert from Microsoft 365 to exploit the recipient’s trust and urgency, warning of a newly created forwarding rule to prompt immediate action. It uses a seemingly official Microsoft domain and format to appear legitimate, while embedding a malicious link designed to harvest credentials or install malware. The email’s […]

Venmo Charge

May 8, 2024

This email falsely claims that $899 has been charged for an iPad to trick the recipient into authorizing this charge. It exploits PayPal’s trusted branding to create urgency and deceive the recipient into confirming a transaction that hasn’t actually occurred. Below are the red flags: Misleading Charge Information: The email falsely claims that $899 has […]

16 18 (my VIDS.pdf)

May 1, 2024

The following email contains a malicious PDF attachment labeled “my VIDS.pdf”. Below are the red flags: External Sender: The email is sent from an external address with a suspicious domain, indicating potential phishing. Suspicious Body Text: The message lacks meaningful content, making it look suspicious and inconsistent with legitimate communication. Malicious Attachment: The attached PDF […]


March 28, 2024

This email attempts to impersonate a legitimate employee by using a real employee name, but originates from a suspicious external domain. There are many variation of this email utilizing different employee names. It is likely that the attacker is using publicly available directory information to target employees within a department by using a familiar name. […]

Document from HP LaserJet Pro Scanner

March 26, 2024

This email attempts to impersonate a notification from HP alerting the recipient that they have received a scanned document. The word document contained in the email contains a link to a website which attempts to impersonate hp.com. The URL was found to contain malware. Below are the red flags: Suspicious Attachment: Attachments are the most […]

Asset Works: User Password Expiration – Reminder

March 7, 2024

This email originates from awsupport@assetworks.com, which is a legitimate Asset Works account. Asset Works is software development company whose products are used by UT Health San Antonio for fleet vehicles and the gas needed for them. However, due to the suspicious nature and recent proliferation of these emails to various faculty outside the fleet vehicle […]