Kansas State University

search

Scams

Phishing Scam – 09/17/2020 – [*********@ksu.edu] Message-ID:2613375696061

This is a phishing scam with a link that is used to harvest account credentials. The original sender has spoofed the ksu.edu account. Outlook has been notified of the original sender along with the content of the email.

From: ********* <*********@ksu.edu>
Sent: Thursday, September 17, 2020 7:52 AM
To: ********* <*********@ksu.edu>
Subject: [*********@ksu.edu] Message-ID:2613375696061
This message was sent with High importance.
E-Mail Summary Report: ksu.edu
Total Quarantined Emails: 3
Email: *********@ksu.edu [mailto:*********@ksu.edu]
Ksu email system failed to process new mails to your inbox folder.
Two (2) valid mails have been held in the quarantine mailbox as junk mails.
Review these messages now and choose what to do with the undelivered mails.
Review Messages Now » [http://’.$domin.’@allprint.sg/portal/?gerontology@ksu.edu&email=gerontology@ksu.edu&Z2Vyb250b2xvZ3lAa3N1LmVkdQ==]
*Sign-in is validated by ksu.edu internal user database.
Please note: Quarantined mails will be deleted automatically after 3 days.
This is an automated message. Please do not reply to this email.
© 2020 Ksu Mail Administrator · All rights reserved · Privacy Policy
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com [http://www.symanteccloud.com]
______________________________________________________________________

Phishing Scam – 09/16/2020 – The Vilgil Group- Received from ‘Account Payable’ Tuesday 15 September 2020.

This is a phishing scam with a malicious link that is used to harvest account credentials. Microsoft, Google, and other web hosts have been notified. Google has blocked the link.

From: Ksu || DocScan || Payment Remittance Advice <doug@stevensconstruction.net>
Sent: Tuesday, September 15, 2020 9:11 AM
To: ******* ******* <*******@ksu.edu>
Subject: The Vilgil Group- Received from ‘Account Payable’ Tuesday 15 September 2020.
Importance: High
AP Finance 2020_ FaxMail .

Phishing Scam – 09/15/20 – NWMessage From: 908-873-0022 10:35 AM EDT. As of 9/15/2020.

This is a phishing scam with a link. The link redirects to several other links that ultimately redirect the user to a fake Microsoft sign-in page. The URL is already blocked at the border, and the web host has been notified.

From: Timothy Shelley [mailto:tshelley@kerleywalsh.com]
Sent: Tuesday, September 15, 2020 3:40 PM
To: mailsupport@microsoft.com
Subject: NWMessage From: 908-873-0022 10:35 AM EDT. As of 9/15/2020.
 Share Point Message
You’ve received a doc from  share point message 10:35 PM EDT. As of 9/15/2020.
View them within 5 days of the received date
From : 908-873-0022
Date : 2020-09-15 11:35:15
Fax ID : 2529916
Pages : 2
Duration : 36
Date:
9/15/2020 
Trust Sender
Review [https://pub.lucidpress.com/c131d1d0-4bc8-4b73-9637-36b370e5f654/]
© 2020 Microsoft Corporation. All rights reserved.
Privacy Statement
Acceptable Use Policy
Your transaction ID for this payment is: PH0034940655
© Intuit, Inc. All rights reserved. Privacy | Terms of Service

Phishing Scam – 09/14/2020 – 1547643_Audio (509) 321-2237

This is a phishing scam with a link. The first page it leads to is harmless, but the second is reported as a common phishing scam site.
The pages and the email address have been reported to the appropriate channels.

From: 15093212237~wirelesmmms@ipovms.com <gerryoleary@nalag.org.au>
Sent: Monday, September 14, 2020 2:54 PM
To: 15093212237~wirelesmmms@ipovms.com <gerryoleary@nalag.org.au>
Subject: 1547643_Audio (509) 321-2237
You Have (1) Unread Audio Message
You’ve received a VM from Call message 12:35 PM
Time Of Communication   :    32 seconds
Speed    : 33000 bps
Received: Monday, September, 2020
DOWNLOAD [https://audiomemoo.studio.design/]
LISTEN [https://audiomemoo.studio.design/]
© 2020 Microsoft Corporation. All rights reserved.
Privacy Statement
Acceptable Use Policy
Your transaction ID for this payment is: PH0034940655
© Intuit, Inc. All rights reserved. Privacy | Terms of Service
NOTICE: This email and its contents/attachments may be confidential and are intended solely for the individual to whom it is addressed. If you are not the named addressee or if this email is otherwise received in error, please immediately notify the sender without reading it and do not take any action based on its contents or otherwise copy or disclose it to anyone. Any opinions or views expressed in this transmission are solely of the author and do not necessarily represent those of NSF International or its affiliates.

Phishing Scam – 09/14/2020 – Immediately response needed

This is a reply-to phishing scam. The sender impersonates a specific professor at K-State to receive a response. The responsible e-mail addresses were reported to the appropriate channels.

From: “*********” <*********@gmail.com>
Date: September 13, 2020 at 11:50:50 AM CDT
To: ********* <*********@ksu.edu>
Subject:Immediately response needed
Send me your available text number that I can reach you at, I will look forward hearing from you soon.–
Kevin P. Gwinner
Edgerley Family Dean of the College of Business Administration
Professor Department of Marketing
2036 Business Building

Phishing Scam – 09/12/2020 – Follow up

This is a reply-to phishing scam. The sender impersonates the director of a department to receive a response. The responsible e-mail addresses were reported to the appropriate channels.

From: ********* <*********@gmail.com>
Sent: Saturday, September 12, 2020 3:36 PM
To: ********* <*********@ksu.edu>
Subject: Follow up
Hello Megan,
How are you doing, Are you available for a quick task?
Best Regards

Judy O’Mara Director Diagnostic Lab

Phishing Scam – 09/10/2020 – Password-Notification Friday, September 11, 2020

This is a phishing scam that is telling users that their password has expired, while impersonating K-State’s IT department. The link in the email will be used to harvest account credentials. Microsoft, Google, and other web hosts have been notified, and the link has been blocked.

From: ­Ksu.edu­-­IT­ <c1650827m@i-bazaar.net>
Sent: Thursday, September 10, 2020 7:50 PM
To: ******* ******* <*******@ksu.edu>
Subject: Password-Notification Friday, September 11, 2020
­*******@ksu.edu [mailto:*******@ksu.edu]­ P­assword E­xpiry.­O­f­f­i­c­e ­3­6­5­
Hello *******@ksu.edu [mailto:*******@ksu.edu],
1650789P­assword16507891650789for16507891650789*******@ksu.edu1650789 [mailto:1650789*******@ksu.edu1650789]1650789expires16507891650789today16507891650789
1650789You16507891650789can16507891650789change165078916507891650789your16507891650789p­assword16507891650789or16507891650789continue16507891650789using16507891650789current16507891650789p­assword1650789.
1650789Keep16507891650789Same16507891650789P­assword1650789 [http://www.1650789.ajto-ablakok.hu/ZXN0aGVyc0Brc3UuZWR1#aHR0cHM6Ly9tb3Vsc2FxLmNvbS8ub2IvTy9lc3RoZXJzQGtzdS5lZHU=]
1650789Ksu.edu16507891650789Support1650789

Phishing Scam – 09/10/2020 – Important task

This is a reply-to phishing scam. The sender impersonates a Dean of a department to receive a response. The responsible e-mail addresses were reported to the appropriate channels.

From: ********* <*********@gmail.com>
Sent: Thursday, September 10, 2020 1:31 PM
To: ********* <*********@ksu.edu>
Subject: Important task
Busy?

Dean
College of arts and sciences

Phishing Scam – 09/08/2020 – Duplicate Account(s) Match.

This is a phishing scam with a malicious link. The goal of this scam is to harvest credentials using the link in the email. Microsoft, Google, and other relevant web hosts have been notified.

From: ajpheart@msubmit.net
Sent: Tuesday, September 8, 2020 7:16 PM
To: ******* ******* <*******@ksu.edu>
Subject: Duplicate Account(s) Match.
 Dear Prof. *******,
In an effort to remove duplicate accounts from our submission system, we are contacting those who may
have duplicate accounts based on certain matching criteria. We currently have two accounts in our
system with the following matching information:
First Name: Thomas
Last Name: *******
Organization: Kansas State University
List of duplicate accounts:
*******@*****.edu
If you believe the accounts are yours, please click the link below and specify which email address
should be marked as duplicate or not duplicate, please indicate an answer for all matching accounts.
Please then log into the account of the above email address and click on the link in the corresponding
account to verify ownership and specify which email address should be usd as the primary email address.
Once both links are clicked, we will automatically combine your two accounts.
https://ajpheart.msubmit.net/cgi-bin/main.plex?el=A6DA4BdC4A1BLQu1Bj3A1DhfF9ftdtGo5o0C1YGq66fAqnZYr6wZ [https://ajpheart.msubmit.net/cgi-bin/main.plex?el=A6DA4BdC4A1BLQu1Bj3A1DhfF9ftdtGo5o0C1YGq66fAqnZYr6wZ]
Sincerely,
American Journal of Physiology-Heart and Circulatory Physiology
Duplicate Account(s) Match.
ajpheart@msubmit.net
Tue 9/8/2020 7:16 PM

Phishing Scam – 09/07/2020 – Service Report Notifications **1 file attached ** : 9/7/2020

This scam has an attachment named [eID]@ksu.edu-Incoming-files-[DateTime].hTM. The file is encoded using Unescape. Decoded it reveals a script that navigates the user to what Google has identified as a deceptive site: https://wthink.it/opp/?alphine1=eID@ksu.edu We have blocked it at the border, notified the webhost, and reported to Microsoft anti-phishing.

From: ksu.edu Document Services <linda@tefrainc.com>
Sent: Monday, September 7, 2020 8:01 AM
To: *******;
Subject: Service Report Notifications **1 file attached ** : 9/7/2020
Hello *******,
Preview attachment for This months Statement.ksu.edu
From ksu.edu Documents 2020.