SDSU Phish Bowl

• Date Circulated: March 5, 2024
• Category: Fake Job Scam
• Target: Students
• Attack Overview: A compromised SDSU account was used to send credential phishing emails.
• Content: Includes link to a fraudulent Google Forms page where personal information is harvested.

From: 

Date: Wed, Mar 5, 2025 at 10:08 AM

Subject: Flexible Remote Work Opportunity for SDSU Student

To:

Dear SDSU Students,

Are you looking for flexible remote work opportunities this spring semester?

San Diego State University (SDSU) is hiring students for Service Worker positions in the upcoming months.

This opportunity allows you to work remotely from anywhere of your choice, offering financial aid to help cover extra expenses incurred on campus.

Responsibilities include:

Organizing and scheduling daily activities.
Coordinating travel arrangements.
Demonstrating attention to detail and maintaining comprehensive notes.
Requirements:
Current SDSU student or alumni.
Additional Information:
Time Commitment: Flexible work schedules with a maximum of 1 hour 2-3 times a week.
Compensation: $411.20 (weekly wage)
Employment Start Date:  March 5, 2025

CLICK HERE to apply.

San Diego State University.

Fraudulent Form in the email:

• Date Circulated: October 16, 2024
• Category: Fraudulent PayPal invoice
• Target: Faculty and Staff
• Attack Overview: An external email account sent a fake Paypal invoice to an SDSU employee
• Content: States Bitcoin was supposedly purchased and directs recipient to call a phishing phone number

From:

Subject: Thank you for your Order!16831044768

Date: October 16, 2024 at 7:01:55 AM PDT

To:

Hey there,

Your joy in our services encourages us to innovate further. We promise
to go above and beyond to ensure your experience is extraordinary.

Regards

• Date Circulated: October 8, 2024
• Category: Fraudulent PayPal invoice
• Target: Faculty and Staff
• Attack Overview: An external email account sent a fake Paypal invoice to an SDSU employee
• Content: Lists network devices that were supposedly ordered and directs recipient to call a phishing phone number

---------- Forwarded message ---------
From:
Date: Tue, Oct 8, 2024 at 7:03 AM
Subject: Thank you!
To:

DATE: Oct 08, 2024
PayPal 
  
INFORMATION ABOUT BILLS
  
Kindly,
We appreciate your order, which has been successfully placed and is prepared for shipping. You will hear from our delivery crew shortly. Kindly save this email for your records.
 
 
ORDER INFORMATION
 
Email:
 
 
Invoice Id:
36778209519
  
 
DETAILS OF PRODUCT
 
Product
Amount
Unit
 
 
Netgear Orbi Tri-Band Mesh WiFi 6 System. High-performance mesh Wi-Fi system covering large homes, supports up to 100 devices.
$488.00
01
 
 
Sales Tax:
$0.00
 
 
Subtotal:
$488.00
 
 
Total:
$488.00
  
 
NEEDS HELP?

We've taken care of your purchase. In case you have any inquiries concerning your purchase. Kindly let us know. We would be pleased to speak with you.

• Date Circulated: August 26, 2024
• Category: Fake Job Scam
• Target: Students
• Attack Overview: A compromised SDSU account was used to send credential phishing emails.
• Content: Includes link to a fraudulent Google Forms page where personal information is harvested.

• Date Circulated: August 25, 2024
• Category: Employment Scam
• Target: Staff
• Attack Overview: A compromised SDSU account was used to send credential phishing emails.
• Content: Includes attachment with fraudulent link to harvest personal information.