Kansas State University

search

Scams

Month: January 2013

Phishing Scam – 1/31/2013 – Email Security

Origin ISP and web host notified. URL is active.

From: “Fanning, Brian” <Fanning.B@deptford.k12.nj.us>
Subject: Email Security
Date: January 31, 2013 3:05:27 PM CST

Dear Customer,

As part of our year 2013 Email Security Upgrade, Admin Helpdesk Support require you to immediately update your account information by following the reference link below to prevent your Email address not to be de-activated on our Email service database.

CLICK the secured link Below****

https://docs.google.com/a/blumail.org/spreadsheet/viewform?formkey=dG43aWtJaWpMdmE0alVrd1FyZDhTUlE6MQ

Failure to confirm and verify your email account on our database as instructed, Your e-mail account will be blocked in 24 hours.

Thank you for your cooperation.
©2013 Email System Admin.

Phishing Scam – 1/31/2013 – Please validate your Account to avoid deactivation

Origin ISP and web host have been notified. URL is active.

From: Ahmed Al-Ghanam <ghannam@sfd.gov.sa>
Date: Thu, 31 Jan 2013 19:07:39 +0300
Subject: Please validate your Account to avoid deactivation

Dear Staff/Student,

As part of our regular maintenance done on the exchange mail servers, Microsoft System Administration is currently working to improve on the security, functionality and performance of all our Microsoft Outlook Webmail Access Accounts as we periodically review certain Accounts which are vulnerable to Unauthorized Access or has not been used/accessed over a period of time will be deleted to conserve storage. However, your Account has been detected and queued up to be deleted from our DB. Please note that the mail in the deleted mailboxes will NOT be recoverable.

To remove this limitation and initiate your Account Update and activation process, please click here
<https://docs.google.com/forms/d/1xoyhkf-UtqCWAtvwzfm-CaD5q9Dtvy5536RZe7jOKA0/viewform>
to complete and validate your Account.

Thank you for your co-operation
Webmail Management Team

________________________________
The information in this email and in any files or attachments transmitted with it is intended only for the addressee and may contain confidential and/or privileged material. Access to this email by anyone else is unauthorized. If you receive this in error, please contact the sender immediately and delete the material from any computer. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is strictly prohibited. Statements and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of The Saudi Fund For Development.

Phishing Scam – 1/31/2013 – Email Security.

Same scam from 3 sources. The third one is a compromised K-State account. Origin ISP and web host have been notified. URL was active but has been taken down.

From: “White, Jamal” <White.j@deptford.k12.nj.us>
To: “norply@notice.com” <norply@notice.com>
Subject: Email Security
Date: Thu, 31 Jan 2013 15:08:45 +0000

From: “Bonura, Luke J.” <l.bonura@ecisd.us>
To: “norply@notice.com” <norply@notice.com>
Subject: Email Security.
Date: Thu, 31 Jan 2013 13:28:59 +0000

From: “******** ********” <********@k-state.edu>
Sent: Thursday, January 31, 2013 11:24:19 AM
Subject: Email Security

Dear Customer,
As part of our year 2013 Email Security Upgrade, Admin Helpdesk Support require you to immediately update your account information by following the reference link below to prevent your Email address not to be de-activated on our Email service database.
CLICK the secured link Below****
https://docs.google.com/a/blumail.org/spreadsheet/viewform?formkey=dEk4TVdFLUtzcmx3bnhKNk43cTVRaFE6MQ
Failure to confirm and verify your email account on our database as instructed, Your e-mail account will be blocked in 24 hours.
Thank you for your cooperation.
©2013 Email System Admin.

Phishing Scam – 1/30/2013 – Notification From System Administrator

Origin ISP and web host have been notified. URL is active and not blocked by Trend. Submitted to Trend and blocked at the border.

From: “Myers, Dave” <dmyers@montoursville.k12.pa.us>
To: “inf@mail.com” <inf@mail.com>
Date: Wed, 30 Jan 2013 12:02:03 -0500
Subject: Notification From System Administrator

Dear Webmail User,

Your mailbox has exceeded the allocated storage limit as set by the adminis=
trator, you may not be able to send or receive new mail until you upgrade y=
our allocated quota.

To upgrade your quota, Please clickhere<http://mailchecklink.tk/>

Thank you for your anticipated cooperation.

System Administrator
For Webmail Support Team.

Phishing Scam – 1/30/2013 – Email Security Upgrade

Same scam from the same source but 2 versions using different google.docs URLs. Origin ISP and web host have been notified. 1st URL is inactive, 2nd is active.

From: Jeri Deloss <Jeri_Deloss@centennial.k12.or.us>
To: “noreply@upgrade.org” <noreply@upgrade.org>
Subject: Email Security Upgrade
Date: Wed, 30 Jan 2013 15:03:07 +0000

Dear Customer,

As part of our year 2013 Email Security Upgrade, Admin Helpdesk Support require you to immediately update your account information by following the reference link below to prevent your Email address not to be de-activated on our Email service database.

CLICK the secured link Below****

https://docs.google.com/spreadsheet/viewform?formkey=dC1ZcDh1QWttVW1ndWk3ZDF6eVhnOFE6MQ

https://docs.google.com/spreadsheet/viewform?formkey=dGN1SHpDd1Rnb3ZnS0Y1bWVjWjRabXc6MQ

Failure to confirm and verify your email account on our database as instructed, Your e-mail account will be blocked in 24 hours.

Thank you for your cooperation.
2013 Email System Admin.

Phishing Scam – 1/29/2013 – Your mailbox has exceeded its allowable storage space

Origin ISP and web host have been notified. URL is active and not blocked by Trend. Submitted to Trend and blocked at the border.

From: “Hester, William M” <whester1@tulane.edu>
Subject: Your mailbox has exceeded its allowable storage space
Date: Tue, 29 Jan 2013 17:03:36 +0000

Your mailbox has exceeded its allowable storage space.

To improve storage capacity for better functionality of your e-mailbox, you are required to click or copy and paste the below link in a web page, then follow the instruction therein. Click below to enhance mailbox capacity.

http://casauthhelpconfirmationatwebspages.atwebpages.com/login.php

Thanks for your co-operation!

Administrator Help Desk

Phishing Scam – 1/28/2013 – Upgrade this email account now!!!

Origin ISP and web host have been notified. URL is active and not blocked by Trend. Blocked at the border and submitted to Trend.

Date: Mon, 28 Jan 2013 15:58:36 -0800 (PST)
From: Webmaster <zm128sxoyz@demo2.zimbra.com>
Subject: Upgrade this email account now!!!

Zimbra Collaboration Suite

You are currently viewing Zimbra in basic HTML. Why? | Follow the link bellow for faster, better Webmail.

https://mail.login.edu/src/login.php
href=”http://webmail-new.coffeecup.com/index.html”

Copyright ? 2013 Zimbra! Inc. All rights reserved.Copyright/IP Policy | Terms of Service

Phishing Scam – 1/27/2013 – 23GB

Origin ISP and web host have been notified. URL is active.

Subject: 23GB
Date: Sun, 27 Jan 2013 08:55:25 -0500
From: l gaglios <lgaglios@Weehawken.k12.nj.us>

Your mailbox is almost full.

Your Web mail Quota Has Exceeded the Set Quota/Limit Which Is 20GB. Your Are Currently Running On 23GB due to hidden files and folder on your Mailbox. Validate Your Mailbox and Increase Your Quota.CLICK HERE
<https://docs.google.com/spreadsheet/viewform?formkey=dE1wSU92U3RXWTZiaVdJZDd5MnJaV2c6MQ>

Thank you for your cooperation.
Web mail Help Desk. System Administrator

Phishing Scam – 1/26/2013 – Important: ITS – Service Information

Origin ISP has been notified. URL is inactive and blocked at the border.

Subject: Important: ITS – Service Information
To: Recipients <info@helpdesk.org>
From: info@helpdesk.org
Date: Sat, 26 Jan 2013 08:03:23 -0800

IMPORTANT: We discovered series of illegal attempts on your mail account from different IP locations. This is for your own safety and to avoid youraccount from been closed. If you did not initiate this change, please sign in and verify your account information by clicking the link below. If you are unable to click the link copy and paste it on your browser.

http://helpdeskwebmasters.atwebpages.com/login.php

To ensure that your account information remains accurate and secure we notify you whenever this information changes. Information Technology Services

Phishing Scam – 1/26/2013 – Re-Validate your Account

Origin ISP and web host have been notified. URL is active.

Date: Sat, 26 Jan 2013 19:04:11 +0530 (GMT+05:30)
From: Webmaster System Administrator <dbkopec@mindspring.com>
Reply-To: Webmaster System Administrator <webmailer@blumail.org>
Subject: Re-Validate your Account

Your mailbox has exceeded the storage limit of 1 GB, which is defined by the administrator, you are currently running 9.8 GB, you may not be able to send or receive new messages within the next 48hrs until you re-validate your mailbox.
To renew the mailbox,

view link and fill renewal form:

https://docs.google.com/a/blumail.org/spreadsheet/viewform?formkey=dGNuZEd5OEk3ODVFWTZ3Sk9uc1BiZmc6MQ

Thank you!