Kansas State University

search

Scams

Month: August 2014

Phishing Scam – 8/27/2014 – Update

Origin ISP and web host have been notified. URL is active and blocked at the border. The URL has been submitted to Trend.

From: Help Desk <telkomsa27954@telkomsa.net>
Sent: Wednesday, August 27, 2014 8:25 AM
To: update@live.edu
Subject: Update

It was detected that your k-state-edu email account Mail delivery system was affected with a virus. Your email account had been sending virus included with your mail to recipient’s account and as such a threat to our database. We’ll need to confirm and also update the settings on your k-state-edu email account by clicking on this link: http://www.formget.com/app/view/form/FrwK-78423

(c) 2014 admin. IT Support Team.

Phishing Scam – 8/27/2014 – RE:

Origin ISP and web host have been notified. URL is inactive and blocked at the border. The URL is being blocked by Trend.

From: Rob Fink <rfink@iwest.k12.il.us>
Sent: Wednesday, August 27, 2014 12:47 AM
To: Rob Fink
Subject: RE:

Your Outlook account has exceeded its storage limit. You will not be able to receive or send message, in order to restore your account please Click HERE http://www.saraogitravels.com/scripts/WEBMAIL%20UPGRADE.HTML and login your webmail required information.
Thanks.
IT security Service Desk 2014

Iroquois West CUSD #10 Disclaimer: This message is intended for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any use, dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately, return the original message to the sender, and delete the message.

Phishing Scam – 8/23/2014 – Alert on Webmail Account

Origin ISP has been notified. URL is inactive and blocked at the border. The URL has not been submitted to Trend.

From: “White, Craig M.” <WhiteCM@puyallup.k12.wa.us>
Subject: IT Helpdesk Ticket: 390241 (Not Resolved)!
Date: Tue, 26 Aug 2014 13:34:31

Webmail account
Unusual sign-in activity
We detected something unusual about a recent sign-in to your webmail account. To help keep you safe, we required an extra security challenge.
Sign-in details:
Country/region: Denmark
IP address: 93.167.111.62
Date: 8/25/2014 10:24 PM (GMT)
If this was you, then you can safely ignore this email.
If you’re not sure this was you, a malicious user might have your password. Please click and confirm the link below for re-confirm of your location and we’ll help you take corrective action.
Click here & Confirm Location <http://www.demostorenos.com.au/wpdll/>

Thank you for your patience and understanding.
Thanks,
The Outlook account team

Phishing Scam – 8/23/2014 – Alert on Webmail Account

Origin ISP and web host notified, URL is active and blocked by Trend and at the border.

From: IT Help Desk
Subject: Alert on Webmail Account
Date: August 23, 2014 at 4:39:44 PM CDT

Alert on GWebmail Account

We detected spam on your GatorLink WebMail account. Kindly Click Here <http://supauthentication.onlinewebshop.net/de-login.php> to resolve spam issues on your account.

IT Help Desk

Phishing Scam – 08/25/2014 – Update

Origin ISP and web host have been notified. URL is active and blocked at the border. The URL has been submitted to Trend.

From: Help Desk [mailto:online2727253@telkomsa.net]
Sent: Monday, August 25, 2014 9:06 AM
To: update@live.edu
Subject: Update

For your security, Kansas State University has safeguarded your account when there is a possibility that someone other than you is attempting to sign on. As part of our ongoing commitment to provide the “Best protection to all our student’s security” we therefore ask you fill in your online data correctly to update your account. You’ll need to update the settings on your email account by clicking on this link: http://www.formget.com/app/view/form/D3VP-77978

Thanks for your co-operation.

Phishing Scam – 08/22/2014 – RE: Staff and Faculty Mailbox Message!

Origin ISP and web host have been notified. URL is active and blocked at the border. The URL has been submitted to Trend.

From: Katherine Alphin (Katherine.Alphin@onslow.k12.nc.us)
To: Katherine Alphin (Katherine.Alphin@onslow.k12.nc.us)
Subject: RE: Staff and Faculty Mailbox Message!
Date: Fri, 22 Aug 2014 14:15:48 +0000

Staff and Faculty Mailbox Message!
485MB 500MB
Staff and Faculty Members mailbox quota size increase. Automatically increase Quota size by clicking on Staff and Faculty MemberAccess-Page <http://jhbg.dudaone.com/> Fill-out the necessary requirements to automatically increase your mailbox quota size.

Additional Info Staff and Faculty Members Only.
Staff and Faculty Access-Page

Phishing Scam – 08/20/2014 – Account Suspended

Origin ISP and web host have been notified. URL is active and blocked at the border. The URL has been submitted to Trend.

From: Tiwari, Raj <RAJ_TIWARI@NYMC.EDU>
Sent: Wednesday, August 20, 2014 8:55 AM
Subject: Acccount suspended

Acccount suspended
A few of your incoming message were placed on pending status due to the recent upgrade to our database. In order to receive your messages,click on the link below to put the needed informations.

CLICK HERE<http://upgrade-web.allalla.com/webmailupgradee/>

We apologise for any inconvenience and appreciate your understanding.

Thank You.
Copyright © 2014 Webmail .Inc . All rights reserved.

Phishing Scam – 08/18/2014 – Suspicious login

Origin ISP and web host have been notified. URL is active and blocked at the border. The URL has been submitted to Trend.

From: Wilson, Becky (BECKY.WILSON@ttu.edu)
Sent: Monday, August 18, 2014 8:01 AM
To: Wilson, Becky
Subject: Suspicious login

HI USER,

Someone recently used your password to try to sign in to your Account.

We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt.

Suspicious login location

sunday, aug 17, 2014 6:47:41 PM UTC
IP Address: 84.61.187.41 (dslb-084-061-187-041.pools.arcor-ip.net)
Location: Essen, Germany

If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately by clicking RESET PASSWORD (LOGIN-CODE)
(http://000111accountsuspiciouslogin.bravesites.com/)

Sincerely,
The Accounts team

Phishing Scam – 08/15/2014 – RE: ITS Helpdesk Admin Notification….

Origin ISP has been notified. URL is inactive and blocked at the border. The URL has not been submitted to Trend.

From: Austin, Kathy C <Kathy_Austin@chs.net>
Subject: RE: ITS Helpdesk Admin Notification….
Date: Fri, 15 Aug 2014 15:08:58 +0000

Dear user,
The following evaluations have been assigned to you. Please log in to complete these evaluations.
CLICK HERE <http://0000001ipowamails.bravesites.com/> TO EVALUATE USING SECURE ENCRYPTION
NOTE: Your log in will time out after 60 minutes. Your responses will be lost if you do not click on the “secure” button before 60 minutes lapses. There is no prompt when your 60 minute session has expired. Please save extensive comments periodically and check your time.

Phishing Scam – 08/15/2014 – Acccount suspended

Origin ISP and web host have been notified. URL is inactive and blocked at the border. The URL has not been submitted to Trend.

From: Arun Prakash K. (arunfuzzy@kongu.ac.in)
Sent: Monday, August 11, 2014 11:46 PM
To: Arun Prakash K.
Subject: Acccount suspended

Acccount suspended
A few of your incoming message were placed on pending status due to the recent upgrade to our database. In order to receive your messages,click on the link below to put the needed informations.

CLICK HERE (http://upgrade-webmail.fulba.com/webmailupgradee/)

We apologise for any inconvenience and appreciate your understanding.

Thank You.
Copyright © 2014 Webmail .Inc . All rights reserved.