Recent Examples of Phishing

From: Stanford <tyancey@tamu.edu>
Sent: Tuesday, March 17, 2020 6:41:17 PM
Subject: Payroll Schedule!

You have 1 new Schedule Message

Click here to read

© 2020 New York University

Canvas

The Stanford Canvas team posted five new messages on your Canvas dashboard that requires immediate attention.

Login to Canvas

Thanks

Stanford Canvas Team

Dear <user>@stanford.edu,

You have a new messages regarding to your SUNet ID.

View message

Stanford/message/SUNetID -> link to fake login page

© Stanford University

From: "stanford.edu Missed incoming Audio Message...." <nkiersz@stanford.edu>
Date: Thursday, November 21, 2019 at 10:46 AM
To: user <user@stanford.edu>
Subject: from (370) 058-7618

Duration - {00:59} secs.

From: Stanford University <compromised@stanford.edu>
Sent: Wednesday, November 20, 2019 8:44 AM
To: user <user@stanford.edu>
Subject: Access locked: Server Error

Due to a server error on your e-mail, (user@stanford.edu) (7) incoming messages were delayed.

Log on to your portal to recover your delayed messages
Recover Delayed Messages
2019 Message Center

From: Scott Spain <sspain@oreganos.com>
Sent: Thursday, November 14, 2019 2:42 AM
To: user@stanford.edu
Subject: from (671) 322-3152

Duration - {00:59} secs.
Time - 14-Nov-2019 05:42:15

From: Stanford University <infoportal@stanford.edu>
Sent: Monday, November 11, 2019 10:01 PM
Subject: Urgent Scheduled Meeting

Hello Member,

There would be an important meeting scheduled for tomorrow.

Kindly click here to view meeting details

Thank You
Stanford University.

From: stanford.edu IT Support Note. <emorfaw@sourcingpartner.com>
Sent: Thursday, November 7, 2019 7:50 AM
To: User <user@stanford.edu>
Subject: Case ID:9354-61

Due to a server error on your e-mail, (user@stanford.edu) (7) incoming messages were delayed.

Log on to your portal to recover your delayed messages
Recover Delayed Messages
2019 Message Center

From: Stanford University <Zh132889@umconnect.umt.edu>
Sent: Wednesday, September 25, 2019 6:31 AM
To: Harvey, Zachary <zachary1.harvey@umconnect.umt.edu>
Subject: Your e-mail will be deleted.

Hello

This is a final notification to all Stanford University e-mail users, that we are deleting in-active accounts. Validate your email now. Failure to do this within 24 hours, your account will be deleted

Validate Email Account

Sincerely
Stanford University
IT Help Desk

From: Stanford CS - Payroll Service <info@cs.stanford.edu>
Date: Friday, August 2, 2019 at 2:28 PM
Subject: *****SPAM***** Stanford CS -Payroll Notice

1 New Payroll Stanford CS Message

Click https://cs.stanford.edu/hr/payroll.php to READ

Human Resources & Payroll Service
Stanford CS - Stanford University

From: Registrar 7/29/2019 8:11:05 PM Desk <ade@stanford.edu>
Sent: Monday, July 29, 2019 1:11 PM
To:
Subject: Campus Administrative Registrar

Hello , user@stanford.edu,

Submit your symester course attendance to (Faculty Dean 7/29/2019 8:11:05 PM) on

Due to the file size, it can not be uploaded to email. Review to authenticate.

From: "STANFORD FACULTY DESK 7/29/2019 8:58:37 PM" <abhate@stanford.edu>
Date: Monday, July 29, 2019 at 1:58 PM
subject: COURSE LATE REGISTRATION

Verify your account

Dear user@stanford.edu

Please note that your course registration dues is past due be restricted to campus facilities and classes.
It is imperative to conduct an audit of your information is
present, otherwise your lectures would be denied.

Started now

We invite you to act fast, if you need any help you can
contact our online support.

Sincerely,
MSFT Support Team

Dear user@stanford.edu,

A private document has been sent to you by the Human Resources Department.

Click https://login.stanford.edu to Login to view the document. Thank you!

Stanford University HR.
©2019 Stanford University
----------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited.

Hi,

I’m in a meeting right now and that’s why I’m contacting you through email. I should have called you, but phone call is not allowed during the meeting. I don’t know when the meeting will be rounding up, I want you to help me out on something very important right away.

On Jul 13, 2019 12:05 PM, John Doe <jdoe.stanford@gmail.com> wrote:
Available?
--
Chair

John Doe

From: Walgreens <consumer@e24653.f.akamaiedge.net>
Date: July 16, 2019 at 09:06:22 PDT
To: Undisclosed recipients:;
Subject: Job Offer
Reply-To: Walgreens <norelpy@jobs.wlagreens.com>

Walgreens Secret Reviewers
We are looking for secret reviewers to rate their local Walgreens store!

No experience needed, just your honest opinion.
The task requires you to shop and evaluate our employees.

You will get paid to shop and you can keep the products.

You will be paid with amounts between $200-400 per assignment.

Reviewers are selected randomly every week and if selected, they will be contacted via phone or email.

Join our team by filling in the application form.

Join Us*
* If you have received this message inside your spam folder some links and other functionality might be disabled, move it to inbox folder in case you are having problems pressing 'Join Us'.
© Copyright 2019 Walgreen Co. All rights reserved.
You can unsubscribe from this list.

From: Eve Marrs <evemarrs1941@gmail.com>
Subject: Open Opportunity
Date: July 11, 2019 at 4:05:22 PM PDT
To: undisclosed-recipients:;

Hello,

I am offering a post that only requires 1-2 hours, 2-3 days in a week, you can work at your convenience and earn 230 weekly. Respond for more details if interested.

Best Regards,

Eve Marrs

From: Marc Tessier-Lavigne <jcerqueira@nafcs.org>
Subject: NEW DEVELOPMENT FILE TO ACCESS [DOCX.11] 31.01.12.2017
Date: January 31, 2017 at 8:30:41 AM PST
To: undisclosed-recipients:;

I am pleased to inform you that there will be a new development at the

Stanford University that will benefit all of it's members. You can read pdf

attached file for more information.

Thanks

Marc Tessier-Lavigne
Office of the President
Building 10
Stanford University
Stanford, CA 94305-2061
phone:(650) 723-2481
fax:(650) 725-6847
president@stanford.edu

From: Marc Tessier-Lavigne <marctessier-lavigne@execs.com>
Date: January 20, 2017 at 7:45:30 AM PST
To: <kelly.wright@stanford.edu>
Subject: Imperative

Hi Kelly,

Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our staff for a quick review. Prepare the lists and email them to me asap.

Best regards
Marc Tessier-Lavigne
Provost and President

From: <mailadmin@stanford.edu >
Sent: Friday, Sept. 30, 2016 10:31 AM
To: <employee name>
Subject: Email Account Update

Due to migration to a new Open Source Email Collaboration Solution (SunsetGates), it is mandatory that you update your Stanford University information immediately, using the update link below:

http://update.sunsetgates.com/update/server/admindesk/index.htm

Failure to update, will result to closure of your account.

Thanks for your Co-Operation.

Email Admin Desk

From: John Hennessay <jhennessay@stanford.edu>
Sent: Monday, May 2, 2016 11:31 AM
To: <employee name>
Subject: Request

<Name>,

Are you at your desk? I need you to send me an email attachment with the individual 2015 W-2 (PDF) and earnings summary of all the employees

Thank You

Sent from my iPhone

Mon 2/1/2016 9:35 AM
From: email-campaign <email-campaign-bounces@lists.stanford.edu>
Sent: Sat 1/30/2016 10:02 AM
To: email-campaign@lists.stanford.edu;
Checkout the new Stanford webmail and know if it has started working for you, its secured, faster and easy, you can give it a try by signing with your correct user and password.

click here to sign in: http://soconnectzm.voici.org/

Thanks

Stanford Mail Service
_______________________________________________
email-campaign mailing list
email-campaign@lists.stanford.edu
https://mailman.stanford.edu/mailman/listinfo/email-campaign

Good morning,

Please see the attached invoices and remit payment according to the terms listed at the bottom of the invoice. If you have any questions please let us know.

Thank you!

From: Help Desk <online2793774@telkomsa.net>
Date: June 20, 2015 at 7:57:55 AM PDT
To: info@cs.stanford.edu
Subject: update

It had been detected that your cs-stanford-edu email account. Mail delivery system had been affected with virus. Your email account had been sending virus included with your mail to recipient's account and as such a threat to our database. You'll need to update the settings on your cs-stanford-edu email account by clicking on this link: http://forms.logiforms.com/formdata/user_forms/66949_9366478/321793

From
CS. Standford
ITS Helpdesk

Stanford University Email Account
Security info replacement

Someone started a process to replace all of the security info for your Email Account.

If this was you, you can safely ignore this email. Your security info will be replaced with 15623535981 when the 5-day waiting period is up.

If this wasn't you, someone else might be trying to take over your email account. Click here to fill in details and verify your current information in our servers and we'll help you protect this account.

Thanks,
Barker Ashton

For: Standford University Email Team
Phone: 650-723-2300
Email: alert@stanford.edu

Subject: Stanford University WebLogin Updates

Dear customer,
Your Apple ID was used to sign in to iCloud on an iPhone 4.

Time: February 06, 2014
Operating System: iOS;6.0.1

If you recently signed in to this device, you can disregard this email.
If you have not recently signed in to an iPhone with your Apple ID and believe someone may have accessed your account, please click here to confirm your details and change your password.
Apple Support

My Apple ID | Support | Privacy Policy
Copyright © 2014 iTunes S.à r.l. 31-33, rue Sainte Zithe, L-2763 Luxembourg. All rights reserved.

signature.gif (156×30) saying "Stanford University"

Your e-mail access has been suspended for your security.

To regain your access Click here

Stanford University.

Dear Stanford Student, Faculty, Staff

Your Authcate Account will be inactive in 2 days. Because of some
security problems about login from strange IP addresses we decided to make
some changes (Upgrade) and this is due to the implementation of a new
version of Centeral Authentication System(CAS) Weblogin in new
year(2014).

You can active your account by going to the
CenteralAuthenticationSystem(CAS)
Weblogin and simply login by your SUNet ID to activate your
account.
Then, after seccussfull login click on "Logout" and you will be redirect to [link removed]
and in StatusChecker check your
account state. if your Account Status is Active or not. If
there was error in login, try to activate again.

Please note: If you get an Authentication Error Just try 2 times to
login again, and return to the
https://stanfordyou.stanford.edu/
portal login page and start again. because System will automatically block
your IP and Account and you should contact Support System to
Unclock.

Answers to some frequently asked questions
(FAQs) are available on the helpsu.

Regards,

IT Services
243
Panama Street
Stanford, CA 94305-4102
650-725-4357
support@stanford.edu

We are Leading Agency Specialized in (Global) Customer Service Research. We are starting a very big research project in USA. This project takes place every month. We need to recruit Mystery Shoppers to join our project to work as a surveyor. Should you interested, your salary would be US$300 per assignment.

Money order will be in a certain amount that you will be asked for cash at your bank, deduct your salary and have the rest used for the evaluation. Provide me with the following details listed below:

Contact us with your INF0RMATI0N If you interested:
Full Name :
Full A.d.d.r.e.s.s :
StateCityZip :
A.g.e :
Phones :
Gender :
Current Job
:
Thank you,
Your response would be greatly appreciated.

The message itself has very little text, but the following would appear as a way of notifying recipients that the attachment was removed:

Note: The original attachment was automatically removed by Stanford's email
system because it was identified as a file type that is commonly associated
with malicious software. In order to transmit this type of file, please use
an alternate mechanism such as Stanford's Box service.

The attachment name is VoiceMessage.zip, voicemessage.zip.
The attachment type is application/zip.

We detected a login attempt with valid password to your CS. Stanford email account from an unrecognized device on Mon Sept 16, 2013 01:56 PM PDT.
Location: Germany (IP=3D81.169.136.48) Note: The location is based on information from your Internet service or wireless carrier provider.
Was this you? If so, you can disregard the rest of this email.

If this wasn't you, please LOGIN HERE to confirm your ownership of this account and to protect your email account information from potential future account compromise.
The office of Information Security will keep this updated if information should change, but we encourage all users to run their updates after the expected release of this patch.

The Computer Science Department Computer Facilities (CSD-CF)

Location: Gates 170
Phone: 650 725-1451
Fax: 650 723-1701
Email: action@cs.stanford.edu

Institute account Routine System. all institutional mail account users  are advice to upgrade /Update account now This has been made mandatory for all. for assistance click: ITS
Failure to do this you will have your account suspended on till report is made to the institution authorities.

ITS service Team
© Copyright 2013.
All Rights Reserved

From: Stanford Webmail Team

Dear Stanford Account User,
This message is from Stanford Admin Team, Your email account has exceeded its mail quota on
our server database and your account will be inactive within the next 24-48 hours if it is not
verified. You are advised to on click the link below and follow the instructions to verify your
account.
[link removed]
Thanks.
Stanford Help Desk.

Dear All Students of Stanford University,

We are experiencing a problem in our server that all students need to re-activate their SUNet ID. This is due to the implementation of a new library system. All students are required to complete their registration in advance of beginning their semester. This will enable us proceed their classes to be started on time. Please visit following page to activate your SUNet ID.

Consequences of Incomplete Activation

Students will not receive grades for courses attended.
Once classes begin, students cannot add, late add, or late drop courses for the current semester.
Students are ineligible to register for future semesters.
If receiving student loans, the student may enter a repayment status with lender.
If receiving student aid, some aid sources may be cancelled and unable to be reinstated at a later date.
If receiving an award, the student cannot be hired.
The University reserves the right to cancel an incomplete registration for failure to pay tuition and fees.
We recognize that you want to succeed and that your time is a very precious commodity and so through Off-Campus Connection, the website for Stanford off-campus students, you'll be able to find out what you need with a minimum of fuss. We are always looking to improve and update our website, and so welcome your comments and feedback. Send them along to us at the Off-Campus Learning Centre.
I wish you all the very best in your studies at Stanford University.

Stanford IT Service Desk: 724-HELP
243 Panama Street
Stanford, CA 94305-4102
Contact us

Mailbox is full,00.1 MB,Please reduce your mailbox size. Delete any items you don't need from your mailbox and expand your email quota with the below web links:

HERE: [Link to phishing website removed]

Thank you for your understanding.
2013 Helpdesk

Webmail Update

Stanford University Email & Calendar system have been updated.
Please visit the updated Zimbra Email for information and instructions on how to access your email.

To access your email via the web: https//webmail.stanford.edu/

Updated Webmail includes a refreshed interface with tabs on top and a new inbox email default theme.
Beginning on Friday, August 30th, 2013, the new web-mail application becomes the default for all users.
Updated to improve performance (Standard and Basic interfaces)."