Phish Checker & Mobile Security Checklist
DO NOT RESPOND TO THE EXAMPLES OF ACTUAL PHISHING ATTACKS LISTED BELOW (DO NOT CALL PHONE NUMBERS PROVIDED IN PHISHING EMAILS)
Professional cybercriminals want your money, data, identity, and access to your home
and ETSU networks. Be suspicious of emails with [EXTERNAL] or [SUSPECTED SPAM] tags. Report suspicious emails with the Phish Alert Report button in the Outlook toolbar. Scroll down for additional mobile device security tips. In many cases, sender emails
shown are compromised accounts.
DATE - APPROACH |
EMAIL SENDER | EMAIL SUBJECT LINE |
TYPE OF CRIME |
11/20/2024 - fraudulent job offer | Compromised ETSU accounts with email inside the fake job description - owenskevin959@gmail.com | PERSONAL ASSISTANT JOB OFFER | Job Fraud; Bank Fraud; Credential Theft; PII Theft |
11/19/2024 - credential theft attack - links to google pages built for credential
theft (ask for various ID and passwords) |
Multiple compromised ETSU accounts being used to spoof fac/staff/students into giving up their account credentials. | various - contains act email verification or "General Upgrade" |
credential theft - escalation attack |
11/18/2024 - spoof of HelpDesk - attempted credential theft using a google form |
xxxxxx@etsu.edu (compromised ETSU acount) | East Tennessee State University,Act Email Verification | Credential theft, impersonation, account compromise. |
11/16/2024 - spoof of HelpDesk - attempted credential theft using a form on wordpress |
ethanthomasonly@outlook.com or dr.markcooperonly@gmail.com | IT HELP DESK OR INFORMATION DESK |
Credential theft, impersonation, account compromise. |
10/31/2024 - fraudulent job offers | Olori Rainey - olorirainey@gmail.com | Excellent On Campus Recruitments OR New Role on Campus Opening! OR Join our Workforce Team OR Welcome to Our Team | Job Fraud; Bank Fraud; Credential Theft; PII Theft |
10/28/2024 - fraudulent financial award offer |
yasminelopez573@gmail.com or sandrapeter626@gmail.com (Do Not call or text the number provided in the email) | Congratulations on your grant funding aid! | Spoof of Department of Education grant agency - impersonation of a federal office |
10/25/2024 - fraudulent job offers |
faithnthompson6@gmail.com or lovenkate84@gmail.com | "New Role Opening!" or "Excellent Opportunity Awaits you!" or "Excellent Offer Awaits
You!" or "Join Our Workforce" or "Welcome on Board" or "Pleased to Welcome You" or
"Excellent On Campus Offer!" |
Job Fraud; Bank Fraud; Credential Theft; PII Theft; unlawful impersonation |
10/17/2024 - FAKE UNICEF JOB ADVERTISEMENT/APPLICATION | Amal Rasyidah binti Puteh- amal.puteh@muzium.gov.bn OR wrf-personnel@outlook.com | Hello, | Job Fraud; Bank Fraud; Credential Theft; PII Theft |
10/17/2024 - FAKE UNICEF JOB ADVERTISEMENT/APPLICATION | Almacen Linares - almacenlinares@gestamp.com OR hoffmandrnicholas120@gmail.com | UNICEF Part-Time job with a weekly pay of $500 USD currently available , kindly contact Mr Nicholas Hoffman for more details, hoffmandrnicholas120@gmail.com | Job Fraud; Bank Fraud; Credential Theft; PII Theft |
10/17/2024 - FAKE ERRAND ASSISTANCE JOB ADVERTISEMENT/APPLICATION | VIOLETA SERVER BROTONS - v.serverbrotons@um.es | Errand Assistant Job Offer | credential theft, ID theft, job fraud, bank fraud, escalation attack |
10/16/2024 - FAKE ERRAND ASSISTANCE JOB ADVERTISEMENT/APPLICATION | SIDDHARTH SIDDHARTH - siddharth.siddharth@um.es | Errand Assistant Job Offer_Alert | credential theft, ID theft, job fraud, bank fraud, escalation attack |
10/09/2024 - Credential theft - ETSU HR Spoof using compromised ETSU and Northeastern University accounts - job fraud and credential theft. | Shahed, Syed Mohammad Fakruddin - s.shahed@northeastern.edu |
Admin/Data Entry / Personal Asst | credential theft, ID theft, job fraud, bank fraud, HR spoofing, escalation attack |
10/09/2024 - Credential theft - ETSU HR Spoof using compromised ETSU accounts - job fraud and credential theft. | currently, several compromised ETSU accounts are being used in job fraud and account closure spoofing attacks - all emails will have xxxxxx@mail.etsu.edu as senders. | Ongoing Employment Opportunity OR Department of Human Resource OR COURTEOUS PRE-ALERT OR ADVANCE WARNING OR VIRTUAL PA POSITION OR CENTRAL UNI POSITION |
credential theft, ID theft, job fraud, bank fraud, HR spoofing, escalation attack |
10/09/2024 - Credential theft and job fraud attack | sent from a compromised ETSU account | Work Opportunity OR Please authenticate your Identity now to prevent any disruption. |
credential theft, ID theft, job fraud, bank fraud, escalation attack |
10/09/2024 - Credential theft - ETSU HR Spoof using compromised account from another university - DO NOT enter your credentials | Sun, Yiyuan yiy.sun@northeastern.edu | Compensation summary for East Tennessee State | credential theft, ID theft, escalation attack |
10/05/2024 - Credential theft - fake Microsoft request asking you to confirm ETSU credentials | sent from a compromised ETSU alumni account | ETSU ITS Help Desk Account Verification | credential theft, ID theft, escalation attack |
09/18/2024 - FAKE UNICEF JOB ADVERTISEMENT/APPLICATION | Julija Božić - julija.bozic@student.uniri.hr OR hoffmandrnicholas120@gmail.com | Job Offer !! | Business Impersonation, Job Fraud; Bank Fraud; Credential Theft; PII Theft |
09/16/2024 - Free Piano Give-Away Shipping Fraud Scheme - you pay for shipping but never receive a piano. | (Spoofed ETSU Administrator) - glyngoody@optonline.net | OPPORTUNITY TO OWN A BABY GRAND PAINO | Billing fraud, credit card fraud, bank fraud, credential theft. |
09/13/2024 - Fake assistant job $850 part time per week - overpayment/prepayment fraud scheme - credential theft scheme | Joana Casal <joana.casal13@ua.pt> |
*****CAMPUS ANNOUNCEMENT NEWS***** | Job Fraud; Bank Fraud; Credential Theft; PII Theft |
09/13/2024 - UNICEF Spoof - Fake Job Offer | Lucija Brletić - lbrletic@student.uniri.hr OR Agata Kocur (agatkoc400) agatkoc400@student.polsl.pl | UNICEF Part-Time job OR Job Offer !! |
Job Fraud; Bank Fraud; Credential Theft; PII Theft; business impersonation. |
09/11/2024 - Free Piano Give-Away Shipping Fraud Scheme - you pay for shipping but never receive a piano. | Mary Grieshop - maxwellmasingwini@gmail.com OR mary_grieshop22@hotmail.com | Perfect Working Piano Gift. | Billing fraud, credit card fraud, bank fraud, credential theft. |
09/11/2024 - FAKE JOB ADVERTISEMENT/APPLICATION | Roger Green - rogergreen1912@gmail.com OR David - davidseyor@gmail.com OR jerrypharr3@gmail.com |
Enrollment OR Part Time Job Available OR The Best place to work OR Apply now |
Job Fraud; Bank Fraud; Credential Theft; PII Theft |
09/10/2024 - PayPal Spoof and Billing Fraud (victim receives fake bill for services they did not request) | Samual J. Tonks - geraldermatthes@gmail.com | INVOICE #35671736159842 | Billing fraud, credit card fraud, bank fraud, credential theft, business Impersonation. |
09/05/2024 - Norton Antivirus Spoof and Billing Fraud (victim receives fake bill for services they did not request) | notification - pmeink@abe.midco.net | Billing Notification. | Billing fraud, credit card fraud, bank fraud, credential theft, business Impersonation. |
09/05/2024 - Senior Admin Spoof - Fake Free Tool Giveaway! | Senior ETSU Admin Spoof - bdatt@optonline.net | Rehoming Welding Tools!!! | Typically, fake delivery charge fraud - credit card fraud, bank info theft, impersonation. |
09/04/2024 - Geek Squad Spoof and Billing Fraud | Destiny Spade - 25spaded@student.nvknights.org | invoice approved receipt secure your is a valid payment method - ���� - 5mHokaKQD mggaoqlom | Billing fraud, credit card fraud, bank fraud, credential theft, business Impersonation. |
09/03/2024 - FAKE JOB ADVERTISEMENT/APPLICATION | Isabel Maria Morais Basto or Hugo Miguel Miranda da Silva - ibasto@umaia.pt or a036120@umaia.pt | Fur-Ever Friends Wanted | Job Fraud; Bank Fraud; Credential Theft; PII Theft |
08/29/2024 - Tradify spoofed invoice for $799. | Alisha - vwpmichaellee659@gmail.com | Fwd: Order Update - Review needed. | Billing fraud, credit card fraud, bank fraud, credential theft, business Impersonation. |
08/26/2024 - Norton Antivirus Spoof and Billing Fraud (victim receives fake bill for services they did not request) | Brian Williams - fuggy3869@gmail.com OR Richard O. Jones - poiuyhgfcvbnm60@gmail.com | Thank you for your order | Billing fraud, credit card fraud, bank fraud, credential theft, business Impersonation. |
08/23/2024 - Geek Squad Spoof and Billing Fraud | Fitzgerald Group - bxhdjskakgdjgdkddlb@gmail.com | Order Extension Secure Done Isolation The - �� - tT98lRlYG invoice resolution_^7kbDVp_kqtmhrecqt JsZzZzkeh | Billing fraud, credit card fraud, bank fraud, credential theft. |
08/20/2024 - Geek Squad Spoof and Billing Fraud | Wood Group - adws7940@gmail.com | 373767 Plan Extended Successfully ������ – Thanks So Much! We UXBYTD ���������� | Billing fraud, credit card fraud, bank fraud, credential theft. |
08/20/2024 - Dept. of Justice Geek Squad Billing Spoof (the DoJ does not send bills for the Geek Squad!) | Tara Norris - l03943082@gmail.com | verified processed �� order payment approved completed. The transaction confirmationffmajvs_@extension acknowledgment 34427086404503 | Impersonation of a government office, billing fraud, credit card fraud, banking fraud, credential theft. |
08/20/2024 - Yahoo Lottery Spoof | PAYMENT APPROVED - web098p@hotmail.com | Payment Approved | Fake $950,000 prize from Yahoo of UK/Ireland - Bank Fraud, Credit Fraud, Credential Theft, Identity Theft |
08/19/2024 - Geek Squad Spoof - Billing Spoof | Evans PLC - heidinichols350@gmail.com | 9592213026_acknowledgment of order+ZZSPWSCOTO - Plan extension complete, you’re all set. � s 1 | Fake Billing Scam - Credit Card Fraud, Bank Fraud, Business Imposter |
08/18/2024 - NORTON LIFELOCK BILLING SPOOF | PAYMENTS ID4517344552 - adrianesofunoyuxiyi@gmail.com | +Yet politics response home.�� R1A6KJBZ | Fake Billing Scam - Credit Card Fraud, Bank Fraud, Business Imposter |
08/16/2024 - FAKE JOB ADVERTISEMENT/APPLICATION | Ahmet Ziyaettin Karaçam - ahmet.karacam@acibadem.com | Job Opportunity | Job Fraud; Bank Fraud; Credential Theft; PII Theft; Impersonation |
08/14/2024 - Geek Squad Spoof - Billing Spoof | Villa Ltd - julietaherrera251@gmail.com | xLc__xauijmosrconfirmation of extension paid secure completed verified attached payment. The - ���� - DPe fWQ | Fake Billing Scam - Credit Card Fraud, Bank Fraud, Business Imposter |
08/12/2024 - Human Resources Spoof - Fake benefits document with malicious QR code link in attachment. | DSE - info@beyondproperties.ae | Employee Benefits Report : (followed by gibberish) |
Malware infection - computer virus attack. |
08/12/2024 - Human Resources Spoof - Faked policy compliance credential theft - attacker makes it sound urgent | Human Resources - humanresources@quantumquake.co |
HIGHLY IMPORTANT: Corporate Data and Confidentiality Policy- All Employees Compliance Required | credential theft, ID theft |
08/11/2024 - credential phishing attack from criminals using weebly.com as their attack platform | a number of compromised ETSU accounts are being used in the attack | do not provide any pw or account information on forms on weebly.com websites - these
are not legitimate!!! |
this is a credential phishing attack |
08/11/2024 - multiple fake job and internship offers - bank over payment fraud | michelle.garcia02@zohomail.com or multiple compromised etsu accounts | student recruitment news or student job opportunities that fit your schedule or internships |
job fraud - credential theft - bank fraud, credit card fraud |
08/06/2024 - Scammer sends recipients confirmation of a fake payment, then seeks your bank or credit card info to give you a fake refund while spending your money. | Smith Group - aucantruxon@gmail.com | wKT3tBtv - �� - Purchase Confirmed = Order Ready = +1791772947318_Voucher WRBDWKDRIT_billing of charges+iKpLKU | Fake Billing Scam - Bank Fraud, Credential Theft, Credit Card Fraud. |
08/06/2024 - Scammer gets recipient to purchase and activate giftcards, which the scammer then spends. | (Senior Administrator) companyboxmail589@gmail.com | TIME SENSITIVE | Gift Card Scam |
07/02/2024 - FAKE JOB ADVERTISEMENT/APPLICATION | Four difference compromised accounts from xxxxxx@beaconcollege.edu (Beacon College) | (WIOA) is hiring Virtual Assistant at all majors ! | Job Fraud; Bank Fraud; Credential Theft; PII Theft; Impersonation |
07/01/2024 - FAKE EMAIL ACCOUNT VERIFCATION REQUEST | Compromised ETSU Account - xxxxxxx@mail.etsu.edu | ETSU UPDATE REQUIRED | Credential Theft; Escalation Attack; Trademark Violation |
CYBER-TIPS TO HELP PROTECT YOU, YOUR ACCOUNTS, AND YOUR MOBILE DEVICES
- if you need help with any items below, reach out to the ITS HelpDesk - https://www.etsu.edu/helpdesk/
- ask Campus Police questions in person or at https://www.etsu.edu/dps/askacop.php (info only! use 911 for emergencies!)
- install and familiarize yourself with the ETSU mobile app - Mobile Apps (etsu.edu)
- review the ETSU Safe features in the ETSU mobile app
- text ETSU to 237233 to be sure to receive ETSU emergency text alerts
- store or frequently back up your data to your 1 TB ETSU OneDrive for Business account
- computers which contain protected health information (PHI) or provide access to PHI should never be left unattended
- if you share class project files with OneDrive, share only the files you intend to share and only share to ETSU email addresses
- avoid spam and avoid some phishing attacks by using your ETSU email account for ETSU business only
- do not put your E number in emails unless for a specific ETSU business-related reason
- do not lend anyone your Student ID card
- when working in ETSU computer labs, save your work and log off before leaving
- when leaving class, lab, cafeteria, or library, check that you have all your gadgets (phone, laptop, drives?)
- do not reply to suspicious emails; use the Phishing Alert Report button
- do not re-use your ETSU account password to access other accounts
- avoid accessing sensitive information on public wifi (wifi with no password)
- never approve an MFA request unless you triggered the request yourself
- never share your passwords
- keep your laptop and mobile device applications updated
- never re-use your old passwords
- use screen locks (passcodes) on your laptop and mobile phone
- never leave your laptop and mobile phone unattended
- if you are traveling, lock your laptop in your car trunk
- be aware of your surroundings
- do not trust links from strangers in chat or social media messages
- install cloud-based device locator applications on your laptop and mobile phone
- test "Find My Apple" or Google "Find My Device" to make sure your device locator works
- lock your car doors and dorm room doors and windows
- when spam gets through to your inbox, use the Junk option in Outlook
- do not install extra antivirus software on PC's with Windows Defender
- if you find a drive, do not plug it into your computer to identify it; give it to ETSU Public Safety or the HelpDesk
- determine what coverage is provided for your devices by your home or renter insurance policy
- record serial, model number, mac address, and keep photos of your electronic devices
- recovery rates for stolen laptops are less than 2% nationally (per FBI); work to prevent theft
- if your laptop or mobile device is stolen
- report the theft to ETSU Public Safety and ask for the report number
- get online ASAP and change your passwords
- report the theft to your insurance company