Phish Bowl
The Phish Bowl is a new tool designed to promote phishing awareness. Phishing is the top social attack on organizations, responsible for more than 90% of security breaches. There is no concrete way to prevent phishing attacks, therefore, awareness is our strongest line of defense. As phishing messages are reported to the Office of Cybersecurity, they will be posted here along with a verdict and a date. Phishing messages come in a variety of formats.
Did you receive an email with questionable legitimacy? Report it to abuse@uthsc.edu and a security analyst will investigate the message. We will provide a confirmation about the email's legitimacy and post it here depending on the impact and how elaborate the message is.
| Verdict | Subject | Date | Abstract |
|
Confirmed Phish |
School News |
06/21/2022 |
"All Email recipients are encouraged to be a part of this amazing offer. This is a part time job that will not affect your present employment or study at the campus & you'll be working from home. It’s fun, rewarding, and flexible. " They want you to click a link to apply for a too good to be true opportunity. |
|
Confirmed Phish |
Email Verification |
06/21/2022 |
"This is a special notice that your Office 365 Edu email and password will expire in 24 hours . To keep it working, kindly login with your current school email and password right now to keep it active." The link is there to steal your login credentials if you click on it. |
|
Confirmed Phish |
Strictly Adhere!!! |
3/28/2022 |
From a compromised email account from another UT campus, this was a phishing attempt to get the recipients to copy a link to verify logins to the system. This is a credential-stealing scam. |
|
Confirmed Phish |
[Ext] (no subject) |
2/22/22 |
An impersonator asking for cell phone numbers. Email address used in this phish:
|
|
Confirmed Phish |
School News |
12/21/2021 |
A too good to be true scam offering a part-time job opportunity. They are only trying to get personal and banking (routing) information from recipients. |
|
Confirmed Phish |
Email Verification |
12/20/2021 |
A "special notice" that your UTK account will expire. A compromised UTK account started sending these out, even to UTHSC email addresses. Remember that even if there isn't a [Ext] in the subject line, don't assume the email is safe. |
|
Confirmed Phish |
[Ext] Employee Assistance Program |
12/8/2021 |
A phish offering up to $4,500 in assistance to employees "in need of financial assistance". If employees click the link in the email, they would be prompted to give away personal information. |
|
Confirmed Phish |
BE A STAR FOR NFL |
12/1/2021 |
A too good to be true scam, offering $350 for you to put a decal on your car. All they want is your banking information along with other personal info. |
|
Confirmed Phish |
[Ext] "Recipient's Name" |
11/26/2021 |
About 50 people on campus recieved emails from Gmail accounts that spoofed the name of someone in their organization chart. The email stated "I have a request I need you to do discreetly". This is the classic start to a gift card scam. |
|
Confirmed Phish |
Robo calls from a 448 number |
11/3/2021 |
People are receiving phone calls from a spoofed 901-448-XXXX number so that it looks like it is coming from on campus, however it is not. The phone number is just spoofed, or copied, to make it look like an internal number so there would be a better chance of someone answering. |
|
Confirmed Phish |
[Ext] Fwd: Dog/Pet sitter |
10/1/2021 |
Like others we’ve seen for “part-time employment” this one is a “too good to be true” scam |
|
Confirmed Phish |
[Ext] Send me your available cell number OR [Ext] (without a subject line) |
8/7 - 8/12/20201 |
These are similar phishing attempts to the ones reported back in April, 2021, where Deans' and Department Heads' names are spoofed from a @gmail.com account asking for cell phone information. |
|
Confirmed Phish |
Payroll Forms I would like to make a change |
8/4/2021 |
These are external email addresses trying to spoof people in our community trying to get their payroll direct deposit changed to a banking account the bad guys control. Payroll has specific procedures in place to change your direct deposit. See https://uthsc.edu/finance/payroll/ for information. |
|
Confirmed Phish |
Numerous subject lines | throughout June and beyond |
A notification of an "auto-renewal" for a service you didn't subscribe to. Most seen is Norton Anti-virus, but also PayPal and Geek Squad. They give a phone number to call if you want to dispute the charge. DON'T CALL THE NUMBER. If you do, they will want your credit card or banking account number "to verify the purchase". You just gave away your information to the bad guys. |
|
Confirmed Phish |
[Ext] Fwd: IMPORTANT: A message From University of Tennessee Health Science Center | 6/9/2021 |
"Dear Employee - You have a New Message from UTHSC Employee Portal" - This phish is not from UTHSC. |
|
Confirmed Phish |
[Ext] Quick request | 6/9/2021 |
"Kindly send me your available cell number -" The name of Department Chairs are being spoofed to make these phishing email look like they are coming from them asking for a favor. Do not reply to these askiing for a cell number. |
|
Confirmed Phish |
[Ext] PO 345345# University of Tennessee | 6/8/2021 |
"Please VIEW Attached" - the "attached" is a word document that has malicious link imbedded in it. It also wants you to click a link to "login" and give away your credentials. |
|
Confirmed Phish |
[Ext] (no subject) | 6/4/2021 |
"Give me your cell number, I need you to take care of something." Numerous members of our campus had their name spoofed by a GMail address looking to get people's cell numbers. |
|
Confirmed Phish |
[Ext] eScanner-564-08 | Scan Notification | 4 May, 2021 | 5/4/2021 |
"You have received a fax document" - wanting you to click a link in an email. |
|
Legitimate Email |
[Ext] HealthStream Alerts | 5/3/2021 |
This is a legitimate email about required HIPAA training. |
|
Confirmed Phish |
[Ext] #In_Voice #Number: | 4/30/2021 |
Renewal of Norton anti-virus that you didn't sign up for. Wanting the recipient to call a phone number so they can be socially engineered |
|
Confirmed Phish |
[Ext] Urgent Action Required | 2/17/2021 |
"Your mailbox is almost full" but comes from an external email address. |
|
Legitimate Email |
[Ext] McLean Employee Experience Survey | 1/14/2021 |
UTHSC has contracted with McLean & Company for a survey |
|
Legitimate Email |
UT Test Results !!! | 12/28/2020 |
An encrypted email, with test results. |
|
Confirmed Phish |
PART TIME JOB | 12/29/2020 |
Offering a great salary for part-time work, they want your personal information. Note this one wasn't external, but from a compromised email account. |
|
Confirmed Phish |
[Ext] For faculty/staff: Dean hides author's identity | 11/30/2020 |
Wants you to search for a YouTube clip. |
|
Confirmed Phish |
[Ext] Payroll Error | 11/17/2020 |
Greetings, I will like to know if you received my previous message concerning the error from the payroll department. (Email coming from an address in France) |
| Confirmed Phish | [Ext] Win $11k to fund your dream activity for your college club! | 11/4/2020 | We are giving $11,000 in funding to the best campus idea! Being a college student is challenging right now.... |
| Legitimate Email | [[Ext] unlock access to your LinkedIn Learning account | 11/2/2020 | Email from UTK inviting you to use LinkedIn Learning |
| Confirmed Phish | [Ext] Subscription Auto-Renewal Alert | 10/29/2020 | This email is to inform you that your Subscription for your NETWORK Firewall is going to be auto-renewed............ |
| Confirmed Phish | [Ext] Required-Notification | 10/29/2020 | Password Expiry - Office-365 |