Phish-Bowl

This page is your source for the latest phishing attempts (email scams) being experienced by the WVSOM community. If you receive an email you believe to be suspicious or fraudulent, check the "Recent Catches" below to see if the email is a confirmed phish.

To report a new phishing email forward the email including the headers to catchaphish@osteo.wvsom.edu. This account is actively monitored for new reports, once confirmed the email will be added to this page.

Recent "Catches"

Fake Attachments Email [1-24-24]

The above email is a email full of fake PDF's and images.

Fake DocuSign (known contact)[10-10-23]

The above email is a fake DocuSign email stating you are to scan the QR code and review and sign the document. Please note the blue bar message displayed in the image.

Fake Compensation Policy [7-18-23]

Listed above is a fake e-mail asking you to review the compensation policy document attached.

Common Signs of Phishing Attempts:

Do you recognize the sender? Does the email address match the name of the supposed sender? Sometimes attackers will use a name that's familiar to you but the email address is something completely different. When in doubt, call or text the sender about an email you are unsure of.
Are you named in the salutation or is it a generic "Dear User/Customer"? Attackers usually send messages out in mass with a one-size-fits-all greeting. If a trusted institution was trying to contact you they should know your name.
Are there spelling errors or instances of poor grammar? Many of these attacks originate abroad and are often perpetrated by cyber criminals that have poor use of the English language.
Does the subject and/or message body convey a sense of urgency or require immediate attention i.e. "Account Deletion Imminent"? Oftentimes, attackers will prey on your fears in order to make you rush to act quickly. Usually, if it's as dire as they say, the organization would probably reach out to you over multiple means of communication and should never ask for personal information (passwords, SSN, etc.) via email.
If it appears too good to be true, it probably is. You cannot win the Public Cleaninghouse Lottery if you've never played.
Be wary of links in suspicious emails. Attackers can make links appear different than where they actually lead. For example, this link looks like it would take you to Google: https://www.google.com but this link actually leads to our homepage. Hovering over the link should tell you the actual destination in either the lower left or right corner of your browser.
Be careful of attachments. You should only open attachments you are expecting. Sometimes attackers will hide malware inside files that are named to be deceivingly tempting such as "Employee W2s". Remember, curiosity killed the cat.