Phishbowl

This page is your source for the latest phishing attempts (email scams) being experienced by the WVSOM community. If you receive an email you believe to be suspicious or fraudulent, check the "Recent Catches" below to see if the email is a confirmed phish.

To report a new phishing email forward the email including the headers to catchaphish@osteo.wvsom.edu. This account is actively monitored for new reports, once confirmed the email will be added to this page.

Common Signs of Phishing Attempts:

  • Do you recognize the sender? Does the email address match the name of the supposed sender? Sometimes attackers will use a name that's familiar to you but the email address is something completely different. When in doubt, call or text the sender about an email you are unsure of.
  • Are you named in the salutation or is it a generic "Dear User/Customer"? Attackers usually send messages out in mass with a one-size-fits-all greeting. If a trusted institution was trying to contact you they should know your name.
  • Are there spelling errors or instances of poor grammar? Many of these attacks originate abroad and are often perpetrated by cyber criminals that have poor use of the English language.
  • Does the subject and/or message body convey a sense of urgency or require immediate attention i.e. "Account Deletion Imminent"? Oftentimes, attackers will prey on your fears in order to make you rush to act quickly. Usually, if it's as dire as they say, the organization would probably reach out to you over multiple means of communication and should never ask for personal information (passwords, SSN, etc.) via email.
  • If it appears too good to be true, it probably is. You cannot win the Public Cleaninghouse Lottery if you've never played.
  • Be wary of links in suspicious emails. Attackers can make links appear different than where they actually lead. For example, this link looks like it would take you to Google: https://www.google.com but this link actually leads to our homepage. Hovering over the link should tell you the actual destination in either the lower left or right corner of your browser.
  • Be careful of attachments. You should only open attachments you are expecting. Sometimes attackers will hide malware inside files that are named to be deceivingly tempting such as "Employee W2s". Remember, curiosity killed the cat.

Continue on the page to view the most recent caught phishing attempts targeted at WVSOM.

 

Recent "Catches"

"Fake 5 Page Fax"

Fake 5 Page Fax [5-13-24]

The above fake email states you have received a new fax document. The email also comes with a malicious PDF attached. Please note the blue bar message displayed in the image.

"Email states that there is a new 3 page fax for you. The email also comes with a malicious PDF attached."

Fake Digital Fax [5-13-24]

The above fake email states that there is a new 3 page fax for you. The email also comes with a malicious PDF attached.

"Listed above is a fake email of a phish impersonating Adam Sydenstricker stating he needs to have his direct deposit information updated."

Fake Direct Deposit Info Updated [5-14-24]

Listed above is a fake email of a phish impersonating Adam Sydenstricker stating he needs to have his direct deposit information updated.

"Listed above is a fake e-mail stating you have received a new Docusign email to review and sign."

Fake Docusign Document Review [5-15-24]

Listed above is a fake e-mail stating you have received a new Docusign email to review and sign. Please note the blue bar message displayed in the image.

"Listed above is a fake e-mail stating you have pending email waiting and gives you a malicious link to manage your Quarantined Messages."

Fake Quarantined Message [6-15-24]

Listed above is a fake e-mail stating you have pending email waiting and gives you a malicious link to manage your Quarantined Messages.