SDSU Phish Bowl

From:
Date: Mon, Jul 14, 2025 at 10:42 AM
Subject: Y­ou­r P­as­sw­o­rd i­s A­b­out t­o E­x­p­ir­e
To:

Y­ou­r P­as­sw­o­rd i­s A­b­out t­o E­x­p­ir­e
Y­ou­r p­as­s­wo­r­d i­s se­t t­o ex­p­ir­e. T­o e­ns­ur­e u­ni­nte­r­ru­pt­e­d a­cc­es­s t­o yo­u­r a­cc­ou­nt, p­le­as­e up­da­t­e yo­ur pa­ss­w­or­d be­f­or­e t­h­e e­xp­ir­at­i­o­n d­a­t­e.

A­cc­ou­n­t I­nf­or­ma­t­i­o­n:

E­ma­i­l A­d­d­re­s­s:

Pa­ss­w­o­rd S­­t­at­us: About to Expire

K­e­e­p M­y Pa­s­sw­or­d       M­od­i­f­y P­as­s­wo­r­d
© 20­25. Al­l Ri­g­h­ts R­es­er­v­ed.

From:
Date: July 7, 2025 at 2:35:16 AM EDT
To: undisclosed-recipients:;
Subject: CAMPUS NEWS UPDATE

Dear Qualified Student,

To help with some of your tuition costs, the Division of Human Resources is here to assist you in finding part-time job opportunities!   

  Working while in school has many benefits — and research shows that working just 5 to 15 hours/week can actually boost your academic success!   

  This is a flexible role where you choose your own hours, making it easy to balance   studies and   work. Whether you prefer to work remotely   or on campus  , this position fits your lifestyle.

  Gain real-world skills that employers love!
  Click below to apply for roles with licensed employers looking for Personal Assistants.

  Position Details:
•   Job Title: Personal Assistant
•   Duration: Part-time / Full-time
•   Location: Remote

⸻

  Apply Now!
Start a meaningful work experience while you continue your education!   
Best regards,
[Division of Human Resources]
[San Diego State University]

From:
Date: Fri, Jul 4, 2025, 11:23 AM
Subject: UNIVERSITY UPDATES
To:

Hello Student,

 To help with some of your tuition costs, the Division of Human Resources is here to assist you in finding part-time job opportunities! 🧑‍🎓💼

📚 Working while in college has many benefits — and research shows that working just 5 to 15 hours/week 🕒 can actually boost your academic success! 📈🎓

💡 This is a flexible role where you choose your own hours, making it easy to balance 🧠 studies and 💼 work. Whether you prefer to work remotely 🏡 or on campus 🏫, this position fits your lifestyle.

✨ Gain real-world skills that employers love!
👇 Click below to apply for roles with licensed employers looking for Personal Assistants.

⸻

📌 Position Details:
• 🧾 Job Title: Personal Assistant
• ⏳ Duration: Part-time / Full-time
• 📍 Location: Remote

⸻

🎯 Apply Now!
Start a meaningful work experience while you continue your education! 🚀📘

From: 
Date: Thu, Jul 3, 2025 at 6:24 AM
Subject: Career Boost Flexible Internship Program
To:

Dear Students,

The decisions you make today shape the opportunities you’ll have tomorrow. That’s why we’re offering you a chance to take a step forward.College is temporary. But the habits, skills, and experiences you gain now will carry you into your future. Success isn’t something that waits until graduation — it starts with little smart moves you make now.
Department of Human Resources connecting students with employers hiring for Personal Assistant roles designed to help you grow. This is about more than income — it’s about discipline, communication, time management, and personal development.
⸻
Position Overview:

Title: Personal Assistant

Hours: You choose (part-time or full-time

Location: Remote or On-Campus

Tasks: Organize schedules, handle emails, assist with small projects.
No prior experience required

Access the Application Portal and Take the First Step.Kindly Click Here 👉 to [Unlock Access] to Verified Employers and Apply Instantly the Positions Filling Fast.
This is not your average student job. It’s a stepping stone.

Sincerely,
HR Department

From:
Sent: Monday, May 19, 2025 5:50 AM
Subject: CAMPUS NEWS 
Dear Qualified Student :
 
The Division of Human Resources is here to assist you in finding flexible part-time employment opportunities. Working while studying offers many benefits — research shows that 5 to 15 hours per week can positively impact your academic success.
This is a flexible position where you set your own schedule, with tasks that can be completed remotely or on campus. Plus, you'll develop valuable skills that employers seek.
Interested? Click **Apply Now** to connect with licensed employers seeking **Personal Assistants**!
*Position Details:**
*Job Title:* Personal Assistant
*Type:* Part-time / Full-time
*Location:** [Remote]
Take advantage of this opportunity to gain work experience while managing your studies!

• Date Circulated: June 3, 2025
• Category: Phishing - Compromised Accounts
• Target: SDSU Students, Faculty, and Staff
• Attack Overview: A phishing campaign is currently targeting SDSU users. The fraudulent emails are being distributed from compromised SDSU accounts and attempt to trick recipients into entering their credentials on a fake login page.
• Content: The phishing messages typically include vague language such as “Items that require your attention,” grammar and capitalization errors, and suspicious links like sdsu[.]edu/g29d0kq. They may reference shared documents or urgent actions to lure users into clicking a malicious link that mimics a Microsoft login page. Once credentials are entered, attackers steal SDSUid usernames and passwords.

From:
Date: Tue, Jun 3, 2025 at 12:44 PM
Subject: Y0ur SDSU on hold
To:

You are being contacted by San Diego State to notify you about the status of your account. 

There are items that require your attention. Please log in to your sdsu[.]edu/g29d0kq portal to complete the requested information that is listed on your account. 

If you have any questions or concerns, Do not hesitate to contact us.

Sincerely, 
San Diego State University 

• Date Circulated: April 1, 2025
• Category: Phishing - MFA Scam
• Target: Students
• Attack Overview: A phishing email impersonating SDSU’s IT Security Office was sent to students, prompting them to complete a fraudulent authentication process.
• Content: Claims to announce Duo MFA updates and instructs users to validate their email to keep accounts active, linking to a fake authentication page used to steal credentials.

Date: Tue, 1 Apr 2025 08:52:59 -0700
Bcc:
Subject: Important Duo MFA Updates
From:
To:

Dear SDSU Students,

We are excited to announce two important updates to the Duo Multi-Factor Authentication (MFA) system. As part of these updates, we are conducting an email validation exercise to ensure that all accounts are up to date. To keep your account active, please confirm that your email is still in use by completing the authentication process.

CLICK HERE to complete authentication.

We are confident that these changes will make your MFA experience smoother and more secure, helping to safeguard your SDSU accounts. Additional enhancements are already underway to further improve the login experience and ensure the security of our systems.

Thank you for your cooperation and understanding as we implement these important improvements.

Best regards,

Ricardo Fitipaldi
Chief Information Security Officer
IT Security Office/IT Division

• Date Circulated: March 5, 2024
• Category: Fake Job Scam
• Target: Students
• Attack Overview: A compromised SDSU account was used to send credential phishing emails.
• Content: Includes link to a fraudulent Google Forms page where personal information is harvested.

From: 

Date: Wed, Mar 5, 2025 at 10:08 AM

Subject: Flexible Remote Work Opportunity for SDSU Student

To:

Dear SDSU Students,

Are you looking for flexible remote work opportunities this spring semester?

San Diego State University (SDSU) is hiring students for Service Worker positions in the upcoming months.

This opportunity allows you to work remotely from anywhere of your choice, offering financial aid to help cover extra expenses incurred on campus.

Responsibilities include:

Organizing and scheduling daily activities.
Coordinating travel arrangements.
Demonstrating attention to detail and maintaining comprehensive notes.
Requirements:
Current SDSU student or alumni.
Additional Information:
Time Commitment: Flexible work schedules with a maximum of 1 hour 2-3 times a week.
Compensation: $411.20 (weekly wage)
Employment Start Date:  March 5, 2025

CLICK HERE to apply.

San Diego State University.

Fraudulent Form in the email:

• Date Circulated: October 16, 2024
• Category: Fraudulent PayPal invoice
• Target: Faculty and Staff
• Attack Overview: An external email account sent a fake Paypal invoice to an SDSU employee
• Content: States Bitcoin was supposedly purchased and directs recipient to call a phishing phone number

From:

Subject: Thank you for your Order!16831044768

Date: October 16, 2024 at 7:01:55 AM PDT

To:

Hey there,

Your joy in our services encourages us to innovate further. We promise
to go above and beyond to ensure your experience is extraordinary.

Regards

• Date Circulated: October 8, 2024
• Category: Fraudulent PayPal invoice
• Target: Faculty and Staff
• Attack Overview: An external email account sent a fake Paypal invoice to an SDSU employee
• Content: Lists network devices that were supposedly ordered and directs recipient to call a phishing phone number

From:
Date: Tue, Oct 8, 2024 at 7:03 AM
Subject: Thank you!
To:

DATE: Oct 08, 2024
PayPal 
  
INFORMATION ABOUT BILLS
  
Kindly,
We appreciate your order, which has been successfully placed and is prepared for shipping. You will hear from our delivery crew shortly. Kindly save this email for your records.
 
 
ORDER INFORMATION
 
Email:
 
 
Invoice Id:
36778209519
  
 
DETAILS OF PRODUCT
 
Product
Amount
Unit
 
 
Netgear Orbi Tri-Band Mesh WiFi 6 System. High-performance mesh Wi-Fi system covering large homes, supports up to 100 devices.
$488.00
01
 
 
Sales Tax:
$0.00
 
 
Subtotal:
$488.00
 
 
Total:
$488.00
  
 
NEEDS HELP?

We've taken care of your purchase. In case you have any inquiries concerning your purchase. Kindly let us know. We would be pleased to speak with you.

• Date Circulated: August 26, 2024
• Category: Fake Job Scam
• Target: Students
• Attack Overview: A compromised SDSU account was used to send credential phishing emails.
• Content: Includes link to a fraudulent Google Forms page where personal information is harvested.

• Date Circulated: August 25, 2024
• Category: Employment Scam
• Target: Staff
• Attack Overview: A compromised SDSU account was used to send credential phishing emails.
• Content: Includes attachment with fraudulent link to harvest personal information.