These are recent Phishing examples The Office of Information Security has seen attacking the campus.
Date: 7/11/2024
Subject: Critical Update: Health Exposure Incident Reported - Action Required
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=3cef26ab-815b-4b18-bd2e-7dcafd1cecf8-thumb.jpg&beidInt=152)
Comments:
- External Tag is on but it says its from the University
- Policy Tip that says you dont often receive email from the sender, which is another .edu
- Scare Tactics to get you to click
- External Link is to a law firm. Always check the UR!
Date: 5/27/2024
Multiple Subjects impersonating Bankmobile
Subject: Vibe Account; BMTX Services, BMTX Disbursements, BMTX Inc; Select Refund Option, Vibe Account; BankMobile Services, Refunds from BMTX
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=c5253699-62f5-427e-857c-4d08ec2d11ee-thumb.jpg&beidInt=152)
Comments:
- EXTERNAL TAG IS ON, UNUSUAL SENDER TAG IS ON
- Scam Impersonating Bankmobile, Attached document has a an external link to a fake bankmobile form that asks for login information
PLEASE LOOK AT SENDER ADDRESS they are all random GMAIL ADDRESSES
Date: 5/20/2024
Subject: Research Position Available
Comments:
- External Tag, Infrequent sender Policy tip
- Sender address is from another university or random gmail address but wants you to email some other domain
- Offer is to good to be true
- Malicious Actor sends you a fake check by email and wants you to print it out and mobile deposit it
Check out the "Fake Check Scam" on the FTC website
https://consumer.ftc.gov/articles/how-spot-avoid-report-fake-check-scams#Types
Date: 4/26/2024
Subject: HR and Employment Relations Information Session
Comments:
- External Tag, Infrequent sender Policy tip
- Sender address is from another university but wants you to email some other domain
- Offer is to good to be true
Check out the "Fake Check Scam" on the FTC website
https://consumer.ftc.gov/articles/how-spot-avoid-report-fake-check-scams#Types
Date: 4/25/2024
Multiple Subjects:
Subject: S.R.A Remote
Subject: REMOTE JOB PLACEMENT
Subject: Notice for Towson students
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=b59a8f89-94f2-4ee1-8f1a-09dfa8725a5b-thumb.jpg&beidInt=152)
Comments
- Please look at policy tips - this one said "You dont often get email from <senderaddress>
- External Tag is on
- Always be suspicious when emails pursuade you to move the conversation to text message
- The job offer tries to get you deposit money, then send money to the attacker using Zelle, Venmo, etc
Date: 3/24/2024
Subject: Dr. Mark R. Ginsberg shared a document with you
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=73305485-7f63-4f00-884c-c50b2cee6a02-thumb.jpg&beidInt=152)
Comments:
- Fake sharing document from the President
- Sender is external
- External Tag is on
Date: 3/22/2024
Multiple subjects like the ones below
Subject: Document form HP LaserJet ProScanner
Subject: Towson Signature Required"Cyrus Cronin" <Cyrus_Cronin4@hagenes-zulauf.com> - 3/25/2024
Subject: Scanned image from MX-M565N
Comments:
- External Tag
- Attachment is a document that tells you to click on a malicious link
- Sender is also external
Date: 2/12/2024
Multiple Subjects and varieties like below
Subject: Notice of Portal Termination
Subject: Notice of Termination
Subject: Opportunity for All
Subject: Job Opening for All
Subect: Work at your convenience
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=ed0a3ddb-5f2b-4a97-bf0d-5a2eea432768-thumb.jpg&beidInt=152)
Comments:
- Compromised TU student sending the messages
- Link goes to a google form that is asking for email addresses, phone numbers, Words of Identification? (Passwords)
- You will then receive a text message if phone number is submitted
Date: 2/13/2024
Multiple Subjects and varieties like below
Subject: FTP Billing and Financial Aid Update 2/13/2014
Subject: Financial Aid Update
Comments:
- Compromised student sending the email
- attachment tells you to email an address and wait for more instructions
Date: 2/12/2024
Subject: You have got an urgent message from Towson University
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=fd8b5b0e-3376-4dbb-83c2-ba715f7a2737-thumb.jpg&beidInt=152)
Comments:
- External Tag
- Generic greeting
- Attacker trying to move conversation off of TU resources
Date: 2/9/2024
Subject: TOWSON administrator has started the procedure.
Comments:
- Compromised student account sending email so no external tag
- Link was to an external site
Date: 2/6/2024
Subject: W: TOWNSON UNIVERSITY NEWSLETTER!!!
Comments:
- External Tag
- Subject has Towson spelled wrong
- Attachment has a link that is broken
Date: 2/6/2024
Subject: Introducing the 2024 Assistance Program: Secure Financial Support for Families and Employees
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=a572276b-b047-4010-ad84-c38bfc214125-thumb.jpg&beidInt=152)
Comments:
- External Tag
- External Sender
- External Link brings up a fake login page and tells you to check for MFA prompts
-
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=5594f906-5c07-497b-b016-0cfb11b86f57-thumb.jpg&beidInt=152)
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=ae536cf9-4cc6-4d28-95fc-3c0923976afa-thumb.jpg&beidInt=152)
Date: 2/3/2024
Subject: Updated Pay Dates
Comments:
- Very Good Phish
- External Tag, Sender is from a different domain
- Link is to an external site that is a cloned Towson Page
- Asks for Duo Codes
Date: 1/29/2024
Subject: Payroll schedule 2024!
Comments:
- External Tag External Sender
- Link has non standard characters
- link goes to a Non TU URL which then impersonates our login page and then a fake Duo MFA page
- Eventually you end up with a fake payroll calendar from 2022
Date: 1/11/2024
Subject: SCHOOL UPDATE
Comments:
- External Tag, external sender
- Offer too good to be true
- Link is to a form that requests personal information, see example below
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=77236c0c-4aac-4487-a03e-8eef90279935-thumb.jpg&beidInt=152)
Date: 1/07/2024
Subject: Total compensation statements for towson Staffs/Non-Staffs
Comments:
- External Tag
- Sender Address is from another .edu
- Link is to a google form
- Grammar and Punctuation is incorrect
Date: 1/3/2024
Subject: MESSAGE FROM ADINM
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=a2484be1-8bfb-49d7-bf61-1a1c9c793a71-thumb.jpg&beidInt=152)
Comments:
- Sender address is a towson student, so why would official email to change something come from that
- No external tag because of student address
- Grammar and Spelling is bad
Date: 12/19/2024
Subject: Open Enrollment for 2024 for all Towson Employee
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=4aef0732-5853-4d90-91b4-f21e4d036734-thumb.jpg&beidInt=152)
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=c3d5bde7-0d05-4aec-99a6-5c51c6f5be88-thumb.jpg&beidInt=152)
Comments:
- External Tag is on
- Sender Address is not Towson
- PDF Attachment has a QR code with a link to a Russian URL that hosts a malicious Microsoft Credential Capturing form
- TU will never use a QR code for official communication
Date: 12/14/2023
Subject: Today@TU - 12/14/2023 | Release Messages
Comments:
- This was a good one
- External Tag is on
- Sender Address is Random characters @ another .edu
- link goes to a Non TU URL which then impersonates our login page
If credentials are entered a duo page will appear
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=f8546357-aea2-4ffa-93f4-2d8a37f47a13-thumb.jpg&beidInt=152)
Date: 12/11/2023 --Multiple Emails same tactics
Subject: YETI_30 OZ TRAVEL MUG Confirmation![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=0d1e852c-4eec-43bc-a132-c052c594d01c-thumb.jpg&beidInt=152)
Subject: Re: 2nd attempt for <Username>
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=a8b4bdec-7fe9-4762-91e6-c61ed0867dbb-thumb.jpg&beidInt=152)
Subject: Important for <Username>, congrats You Are Our <Month> Winner
Subject: Dicks Sporting Goods Surprise: You Are Our Today's Winner , You've been selected!
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=8184d714-4ef7-4118-9f77-4b463ce9853b-thumb.jpg&beidInt=152)
Comments:
- External Tag
- sending address is suspicious random characters @ randomcharacters.onmicrosoft.com YETI-Surprise <info_cIrOIHKUREp@xv917y1.onmicrosoft.com>
- Embedded link in the image to suspicious random characters.blob.core.windows.net/random characters https://sgqfdghqsfdtyzrt[.]blob[.]core[.]windows[.]net/sgqfdghqsfdtyzrt/url[.]html
- Random email giving away free items?
- We have seen this done with other giveaways but tactics are the same, random onmicrosoft.com sending address and random blob.core.windows.net URL and some sort of congratulations on winning something
Date: 11/6/2023
Subject: The Care Employment Opportunity
If you open the attachment
Comments:
- Not from official TU Job boards
- Offer is too good to be true
- Body of the email tells you to move the communications to a personal email platform
Date: 10/19/2023
Subject: Banks, Sean shared "Faculty Application for Employment " with you
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=f449b5a9-489b-4b33-839c-5c6deb607842-thumb.jpg&beidInt=152)
Comments:
- Sender shared the file, but the description has a different name.
- Link is not to TU SharePoint
Date: 10/19/2023
Subject: Document for Dr. Melanie Perreault
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=7ee4a671-dcd4-4066-a0eb-3ac2ff3c911a-thumb.jpg&beidInt=152)
Comments:
- External Tag
- Google Sharing
- Sender and description have a different name
- Sender is not from Towson
Date: 10/13/2023
Subject: PASSWORD RESET REMINDER
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=ea08fe5f-f235-4c52-96b2-7017cca3785e-thumb.jpg&beidInt=152)
Comments:
Date: 9/20/2023
Subject: Attention: Re-authenticate 2 Factor Authentication (2Fa) for <USERNAME> on Friday-September-2023 11:28 AM
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=5abd271b-b309-4827-a029-0dbc9f637bad-thumb.jpg&beidInt=152)
Comments:
- OTS will not ask you to scan QR codes in emails
- External Tag is at the bottom
- Sender address is not Towson
Date: 9/19/2023
Subject: About Piano
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=4a0d52e3-5000-4661-9fd5-36afe97008c8-thumb.jpg&beidInt=152)
Comments:
- Offer is to good to be true
- There are various different versions of this email
Date: 9/6/2023
Subject: I Recorded You
![](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=bb0301b1-0a63-4a25-9b01-c425735a7af4.JPG&beidInt=152)
Comments:
- Very common scam email, attackers send this to thousands and try to get one or two to send money
- The request is absurd
- Bitcoin is used all the time during scams
- If you think your account is compromised please reach out to phishing@Towson.edu
Date: 9/2/2023
Subject: Administrative Assistant/Project Coordinator
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=0070262a-0eaa-4a51-8de1-2809009eb335-thumb.jpg&beidInt=152)
Comments:
- Offer is too good to be true
- Reply email is not associated with the University
- If you reply the attackers will try to move to another means of communication, like SMS or personal email
Date: 8/17/2023
Subject: Kindly provide your cell number that i can reach you at
OR
Subject: Available, Cell Phone Number?
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=c102474a-dbf3-415d-a82e-1932a58707ea-thumb.jpg&beidInt=152)
Comments:
- Email address does not match name of sender
- External Tag
- The main hook is to get this conversation to another means of communication where security controls do not exist
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=91378bf8-9898-42dc-9d83-dfae4549ac43-thumb.jpg&beidInt=152)
- End game is for the user to go and buy gift cards and send the numbers to the malicious actor
- Grammar in the text message is poor
Date: 8/17/2023
Subject: Required | Towson Multi-Factor Auth
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=fb8e8884-4bee-42f0-a8d2-0c7736500049-thumb.jpg&beidInt=152)
Comments:
- This is a pretty good one, there is no external tag
- If you actually did scan the QR code there were multiple redirects that ultimately ended on a malicious credential capture page
- TU does not use Microsoft MFA
Date: 7/24/2023
Subject: Gary Spencer shared "ATHLETICS INFORMATION REPORT SUMMARY" with you.
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=97713bb6-c56e-4346-8551-37e52accb747-thumb.jpg&beidInt=152)
Comments
- Subject sharing name is different from the body of the email. Urgency in the body of the email
- Punctuation in body of email
- URL when you mouse over the link.
Date: 7/24/2023
Subject: Retirement Planning Sessions for the University System of Maryland Employees
![Click to View Full Image Uploaded Image (Thumbnail)](https://techhelp.towson.edu/TDPortal/Images/Viewer?fileName=2477b177-ac03-47f6-8b14-f44eaded9acf-thumb.jpg&beidInt=152)
Comments
- External Tag
- From Address