Kansas State University



Month: February 2013

Phishing Scam – 2/22/2013 – Dear Webmail User

Origin and reply to ISP’s have been notified. URL has been blocked at the border.

From: “Webmail Admin”<info@webmail.com>
Subject: Dear Webmail User
Date: Fri, 22 Feb 2013 19:09:53 +0530

Dear Webmail User,

Your mailbox has exceeded the allocated storage limit as set by the administrator, you may not be able to send or receive new email until you upgrade your allocated quota.

To upgrade your quota, please copy paste the link to your browser and follow the instructions that will PE required.

Thank you for your anticipated cooperation.

Copyright 2013

For Webmail Support Team

Phishing Scam – 2/25/2013 – Account System Administrator

Notified the origin ISP and the web host. First URL is active second URL is inactive.

From: “Oh, Suk” <OHSY@BuffaloState.edu>
To: “info@snm.com” <info@snm.com&ft;
Date: Mon, 25 Feb 2013 06:28:38 -0500
Subject: Account System Administrator

Your mailbox has exceeded limit please Click Here
to validate your e-mail

Account System Administrator

Phishing Scam – 2/21/2013 – Details

Notified the origin ISP and web host. URL is active.

From: Signe Maria Karnov Pedersen <Signe.Maria.Karnov.Pedersen@slb.regionsyddanmark.dk>
To: “webcleaner@admin.edu” <webcleaner@admin.edu>
Subject: Details
Date: Thu, 21 Feb 2013 11:27:04 +0000

Your mailbox has exceeded it storage limit set by your administrator,To confirm the validity of your email and to prevent your account from deactivation.-< click here

Phishing Scam – 2/22/2013 – Error Report / Treat as Urgent

The origin ISP has been notified. URL is inactive and blocked at the border. Second phishing scam using same URL, new ISP has been notified. Second phishing scam was sent again from a different ISP, third ISP has been notified.

Date:        Fri, 22 Feb 2013 05:19:34 -0300
From:        ADMIN <mariaperez@buenosaires.gob.ar>
Subject: Error Report

Our Admin server have discovered an error in your mailbox and your mailbox will be shout down if not corrected.Click the link below for error correction.


From: “Raevschi, Alexandru” <alexandru.raevschi@khib.no>
From: “Boglino, Anais” <Anais.Boglino@irta.cat>
Date: Fri, 22 Feb 2013 18:01:59 +0000

Your web account is undergoing through some Errors and it is affecting our Database. your web account will be deactivated within 24hrs CLICK HERE<http://vzooaxg.tk/> to Correct web account  Errors by filling  the reactivation form below. Do ensure all Fields are filled in correctly to avoid automatic deactivation of email address.

Thank you
System Administrator

Phishing Scam – 2/20/2013 – UPGRADE YOUR MAIL ACCOUNT

Origin and Reply-to ISPs have been notified. Reply-to address has been on APER since 2/20/2013.

Date: Wed, 20 Feb 2013 03:03:00 -0800 (PST)
From: “Webmail Communication.” <webxxxxxw477@att.net>
Reply-To: aa_edu@ymail.com

2013 WEBMAIL ADMINISTRATOR.Ref: 01/243/IT2013/edu
Due to the recent Virus attack on our database,We are currently upgrading our database and all webmail.d.umn.edu accounts need to be verified.’IT/Helpdesk’ will be upgrading to the latest anti-spam version.You are required to provide us the below information withing the next 72 hours so that your account can be upgraded or have your account deleted from our database due to the menace of this virus. complete the below informations and send it to our database Email: aa_edu@ymail.com

Account Holder Name:
Account Holder Email Address:
Login User-name:
Re-enter Confirm Password:

NOTE: You are to send your informations to uur database E-mail Address: aa_edu@ymail.com

Your account information is safe and secured with the Helpdesk. Thank You. Edu Helpdesk Copyright 2013.

Any communication sent or received by District 67 and/or District 115 is a public record and may be subject to inspection or copying under the Illinois Freedom of Information Act (FOIA).

Phishing Scam – 2/20/2013 – URGENT RESPONSE!

Origin and Reply-to ISPs notified. Reply to address submitted to APER.

Date: Wed, 20 Feb 2013 12:12:20 +0530 (IST)
From: Webmail Maintenance Team <ocm54@meconlimited.co.in>
Reply-To: confirmation@live.com


This is to inform you that due to recent spam complaints in our web database system, our investigation shows that your webmail is compromised and frequently send out spam messages.

Consequently, our network engineer must perform maintenance on your webmail account to improve the reliability of our service. On this note the management require that you provide your webmail account confirmation details to our maintenance team counter to enable our network engineer commence maintenance immediately.

Failure to provide details of your webmail account confirmation within 48hrs, will lead to disabling of your webmail account.
Required Confirmation Details:
Fullname :
Username :
Password :
Confirm Password:
Important Note: You are to forward this information to our maintenance
team counter by e-mail for security reasons (confirmation@live.com)

Thank you in advance for your cooperation and assistance in this important survey.

Webmail Maintenance Team.
Copyright ©2013 Webmail Maintenance Team.

This email was sent using the MECON Webmail.
“MECON Limited ”

Phishing Scam – 2/20/2013 – Security Alert (kf03#7^2)!!!

Origin ISP and web host have been notified. URL is inactive.

Date: Wed, 20 Feb 2013 03:32:46 +0100
Subject: Security Alert (kf03#7^2)!!!
From: “System Administrator” <noreply@webmaster.org>

Dear Account Owner,

We are currently updating our central database, e-mail for the first quarter of 2013, realizing that your webmail account was compromised by spammers.They had access to your webmail account and have been using the Internet for illegal activities. to enable security auditing to restore and maintain your email account active. Just click the link below and fill out necessary information needed to maintain active e-mail.


In failure to verify your account within 48hrs on receiving this
notification, your account will automatically be deactivated.
Thank you for using webmail Account.
Warning Code: QATO8B52AXV

Kind Regards,
Webmail Account Service Team Management.
Thanks for your co-operation.
Copyright @2013 WEBMAIL OFFICE All rights reserved.

Phishing Scam – 2/20/2013 – A Must Read!!!

Origin ISP and web host have been notified. URL is inactive, blocked by Trend and at the border.

Date: Wed, 20 Feb 2013 15:21:35 +0000 (UTC)
From: Kansas State University <sallieandmartin@comcast.net>
Subject: A Must Read!!!

Good day,

This message has been sent to you to inform you of the new Kansas State University Webmail update policy. We have recent upgraded our database to Peryl 8.5 DBS, and we strictly insist that you update your email account immediately.

Start update CLICK HERE

Thank you for choosing Kansas State University .

Kansas State University .

Phishing Scam – 2/19/2013 – Mailbox Capacity Exceeded

Origin ISP and web host have been notified. URL is active and not blocked by Trend. Submitted to Trend and blocked at the border.

From: Elizabeth Madeleine <emadeleine@ferndaleschools.org>
Subject: Mailbox Capacity Exceeded
Date: Tue, 19 Feb 2013 12:59:01 +0000

Your mailbox has exceeded its allowable storage space. To improve storage capacity for better functionality of your e-mailbox, you are required to click or copy and paste the below link in a web page, then follow the instruction therein. Click below to enhance mailbox capacity


Thanks for your co-operation!