Kansas State University

Origin ISP and web host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

Second Scam:
Origin ISP has been notified. URL is active and blocked at the border. URL is being blocked by Trend.

From: “Vijayakumar [MU-KMC]” <vijay.kumar@manipal.edu>
Date: Sat, 30 Nov 2013 23:00:59
Subject: Attention

Second Scam:
From: Nancy I Marks <nancy.marks@robeson.k12.nc.us>
Subject: Attention
Date: Mon, 2 Dec 2013 06:26:28

Attention;
There’ve been an automatic security update on your Email Account.Click here <http://oupdate.byethost5.com/k/home.html> to login and complete update.Please note that you have withing 24 hours to complete this update. because you might lose access to your Email account..

Origin ISP and web host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: Larry Willis <mailto:lwillis@msd.gaggle.net>
Sent: Wednesday, November 27, 2013 7:37 AM
Subject: Message From Administrator

Your Email Address requires verification.
Click here to proceed. http://www.terradatum.com/administrator/logs/
N.B You have less than 48hours to do this or have your Email Account Suspended.

Origin ISP and web host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: Webmaster Administrator <uicro@uic.edu.hk>
Sent: Wednesday, November 27, 2013 4:51 AM
Subject: Re-Activate Your Email Box To Avoid Sub-spent ion.

Your mailbox size has reached 11753.48MB, which is over 90% of your 12000.00MB quota. Please note You will not be able to send or receive new mail until you upgrade your email account to avoid exceeding your quota.

click the below link to fill your email upgrade form.

http://www.pkchile.cl/EmailSignin.htm

Thanks for your cooperation.

Webmaster Administrator Activation Center.

Origin ISP and web host have been notified. URL is inactive and blocked at the border. URL has not been submitted to Trend.

From: “Gronewold, Tanja” <t.gronewold@olympuscollege.nl>
Subject: You have pending messages
Date: Wed, 27 Nov 2013 12:02:14 +0000

Dear E-mail User,

your two incoming mails were placed on pending status due to the recent upgrade of our database. In order to receive this messages CLICKHERE to login and submit the form and wait for responds from us via e-MAIL.

http://www.formlogix.com/Manager/UserConditionalSurvey242107.asp

We apologies for any inconvenience and appreciate your understanding.

Regards,
Webmaster.

Origin ISP and web hosts have been notified. URLs are active and blocked at the border. URLs have been submitted to Trend.

From: “Davis, Sara P. (WDC)” <Sara.Davis@nelnet.net>
Date: November 27, 2013 at 3:50:11 AM CST
Subject: Account

A phish attempt, banned phrase or sensitive information was detected in a message sent to you and the original message has been quarantined. This message is a copy of the original with the content replaced with this text. The subject line and sender information has been unaltered from the original. Please you are to re-validate your email address immediately. Please copy and paste the link on you web Browser or click on the link then fill and submit.
http://upgradewebmaildomain.webs.com/
http://nelnetsecured.form2go.com/126258.html
Thanks.
Help Desk

————————————————————
The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail.
————————————————————

Origin ISP and web host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: E-MAIL ADMINISTRATOR <fmsalberg@teletu.it>
Date: Tue, 26 Nov 2013 06:14:16 +0100
Subject: Virus Security Update

A trojan SXV2876//3D2013 virus have been detected in your mailbox, your email account is running at risk you are ask to verify your Email account within 24 hours for immediate access, please click on the link below:

CLICK HERE: http://xxgomeqqza.phpforms.net/f/firstform

Failure to do this will immediately render your email address deactivated from our database.

Thank You.
VIRUS SECURITY UPDATE CENTER.

Origin and Reply-To ISPs have been notified. Reply-To address has been submitter to APER list.

Reply-To:<upgradewebmail@kimo.com>
From: “@K-State IT Help Desk” <K-state.helpdesk@swohio.twcbc.com>
Subject: Mailbox Maintenance !
Date: Sun, 24 Nov 2013 11:00:04 +0800

KANSAS STATE UNIVERSITY
Information Technology Services
(IT Help Desk)

Attn: E-mail/Webmail Subscriber,

Your K-state Email Account has been affected by some DGTX Virus that might be very harmful to all our System… Your Account has been selected for this maintenance and you will now be taken through a series of identity verification Process to enable Us confirm re-validate your Mailbox.

Please kindly Confirm Your K-State eID Account by Filling Out the details below:

Department: …………….
eID Email Address: …………. (e.g John@k-state.edu)
eID: …………………….
Password: ……………….. (Your eID Password to your Mailbox)
Confirm Password: ………..
Reply To this Email for re-validation:
Thank You!

(K-State IT Help Desk)

� Kansas State University

Access to Kansas State University’s electronic resources is restricted to employees, students, or individuals authorized by the University or its affiliates. Use of this system constitutes agreement to abide by all relevant K-State policies. Unauthorized or inappropriate use may result in limitation or revocation of use privileges and/or administrative, civil, or criminal penalties.

Faculty & Staff: By using this system, you agree that you will comply with federal law (FERPA 1974) regarding the privacy of student information. Your responsibilities are defined in K-State’s Student Records Policy. Failure to comply with FERPA will result in your removal from access and could result in further administrative and legal actions as allowed by law.

Origin ISP and web host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: Webmail Technical Support <webmail-upgrade@jamesonseating.co.uk>
Subject: You have exceeded the storage limit on your mailbox
Date: Sat, 23 Nov 2013 11:48:51 +0200

You have exceeded the storage limit on your mailbox

You will not be able to send or receive new mail until you upgrade your email quota.

Click on the upgrade link below and fill the form to upgrade your account.

UPGRADE<http://blessings.co.ls/microsoft/webmail-upgrade.html>

Webmail Technical Support
Administrator

Origin ISP has been notified. URL is inactive and blocked at the border. URL has not been submitted to Trend.

From: “ZOUARI, Sonia” <S.ZOUARI@UNIDO.ORG>
Subject: [AN] WARNING
Date: Fri, 22 Nov 2013 00:16:27 +0000

This mail is from your webmail IT Service,we are currently undergoing upgrade and removing of invalid webmail account to create space for new users,your response to this mail will show your validity and as well will upgrade you webmail account,for more info click here<http://form.jotform.co/form/33246951575865>

Origin ISP and web host have been notified. URL is inactive and blocked at the border. The URL has been submitted to Trend.

From: “Gomez Ramirez, Ana Maria”
<AnaMaria.GomezRamirez@nationwidechildrens.org>
To: “u.demirag@ifad.org” <u.demirag@ifad.org>
Subject: Your password will expire in 3 Days

Dear e-mail owner,

Your password will expire in 3 Days CLICK HERE <https://mymail.indy.gov/exchweb/bin/redir.asp?> URL <http://www.userservicess.byethost7.com/> to validate your e-mail.

Thanks
System Administrator