Kansas State University

search

Scams

Month: October 2014

Phishing Scam – 10/31/14 – UPDATE

Origin ISP have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: Ksu Help Desk [mail104158@telkomsa.net]
Sent: Friday, October 31, 2014 12:31 PM
To: info@update.org
Subject: Update

A phishing attempt was made to perform unusual activities/access on your email account from an unknown IP. As part of our ongoing commitment to provide the “Best protection, we therefore ask you fill in your online data correctly to update your account. You’ll need to update the settings on your email account by clicking on this link: http://www.formget.com/app/forms/view/aAIn-93986
Thanks for your co-operation.

Phishing Scam – 10/30/14 – EMAIL NOTICE

Origin ISP have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: Marnie McGrath <Marnie_McGrath@sd42.ca>
Sent: Thursday, October 30, 2014 4:31 PM
Subject: EMAIL NOTICE

You will not be able to send/receive more emails until you visit the below help-desk link to restore your email access within 48-hours. Click here http://burberry.twomini.com/homepage

Phishing Scam – 10/30/14 – Admin Help Desk

Origin ISP have been notified. URL is inactive and blocked at the border. URL has been submitted to Trend.

From: Alvarez, Carol – Saddlewood Elementary School <Carol.Alvarez2@marion.k12.fl.us>
Date: Wednesday, October 29, 2014 6:49 PM
Subject: Admin Help Desk

Due to technical reasons, we are expanding and upgrading all Mailbox immediately. Please fill the form below completely. click here http://bit.ly/1nRkhqH

[Florida has a very broad Public Records Law. All correspondence sent to or from this entity is subject to the Public Records Law of Florida. Email communication may be subject to public and media disclosure upon request. Under Florida Law, e-mail addresses
are public records. If you do not want your e-mail address released in response to a public-records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.]

~An Equal Opportunity School District~

Phishing Scam – 10/29/14 – Update

Origin ISP and web host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: Help Desk <mail104158@telkomsa.net>
Date: October 29, 2014 at 7:35:23 AM CDT
To: <info@update.org>
Subject: Update

A phishing attempt was made to perform unusual activities/access on your ksu email account from an unknown IP. As part of our ongoing commitment to provide the “Best protection, we therefore ask you fill in your online data correctly to update your
account. You’ll need to update the settings on your email account by clicking on this link:
http://ksuedu.wc.lt/
Thanks for your co-operation.

Phishing Scam – 10/24/14 – Account Authentication

Origin ISP and web host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: Butters Elaine [mailto:elainebutters@nhs.net]
Sent: Friday, October 24, 2014 7:52 AM
To: Butters Elaine (NHS ENGLAND)
Subject: Account Authentication:

Dear Outlook Account User,

This message is from Outlook user care messaging center to all employee and student, to all Outlook account owners. We are currently upgrading our data base servers and e-mail account center. We are deleting all compromised account during the last academic break.

You will have to Authenticate your Outlook Account to prevent a permanent closure of this email address/web-mail account.

To Authentication CLICK HERE (http://owaportalmailaccess.weebly.com/)

Successfully authenticated addresses will be automatically notified via inbox.

Warning!!! Account owners who do not authenticate their account after receiving this update will have his or her account terminated . We are committed to protecting your privacy. Your sensitive details will not be shared with any third party.

MICROSOFT CARE CENTER HELP DESK
© 2014 Microsoft Corporation. All rights reserved.

Phishing Scam – 10/23/14 – Warning!! Abuse Alerts!! Account Suspension.

Origin ISP and web host have been notified. URL active and blocked at the border. URL is being blocked by Trend.

From: RUHAIZIN BIN SULAIMAN <ruhaizin@upm.edu.my>
Sent: Thursday, October 23, 2014 8:00 AM
To: macks@web.com
Subject: Warning!! Abuse Alerts!! Account Suspension.

Attention! Attention! Attention!
SYSTEM MANAGEMENT SERVICES.

You have reached the storage limit of your mailbox. You will not be able to send/receive more emails until you upgrade your email quota.

Click here<http://gspotting.org/theme/public_html/webmail/webmail/index.php> to complete your quota upgrade process.

Thank you!
Your system administrator EDU!

CAUTION! Protect your privacy by e-mail. Disconnect when finished and
completely close your browser.
Other Services Campus WebMail

Please don’t print this e-mail unless you really need to
“Please consider the environment before printing”

Phishing Scam – 10/20/14 – Service Desk

Origin ISP and web host have been notified. URL active and blocked at the border. URL is being blocked by Trend.

From: Laura Reynolds <reynoldsl@southcoast.org>
Subject: Service Desk
Date: Mon, 20 Oct 2014 14:06:36

Due to the spam message that was received and a possible breach of security on your account we ask you to update your account immediately. Please click on the link below. CLICK <http://nnewud3pdats.tk.hostinghood.com/tyuuur/> HERE This will take you to a user verification page. Kindly fill required information. Please be aware that if you do not update your account within 24 hours, eMail manager will automatically delete your account.
Service Desk Representative

CONFIDENTIALITY NOTICE: This e-mail and any files transmitted with it are confidential and may contain health information protected by law. Any unauthorized use or disclosure is strictly prohibited. If you are not the intended recipient, please notify the sender by return email, delete this email, and destroy any copies. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Southcoast. The recipient should check this e-mail and any attachments for the presence of viruses. Southcoast accepts no liability for any damage caused by any virus transmitted by this e-mail.

Phishing Scam – 10/16/14 – Email Account Validation Security Update

Origin ISP and web host have been notified. URL active and blocked at the border. URL is being blocked by Trend.

From: Microsoft Windows <info@webauth.com>
Subject: Email Account Validation Security Update
Date: Thu, 16 Oct 2014 05:23:38

Dear *******@ksu.edu ,

Our system detected this email is blacklisted.
Please its very important you remove your email from blacklisted system to avoid shutting down your email or loosing important mails.

Click <http://www.arras-ocordo-travaux.fr/wp-content/themes/alterna/custom/ii.php?email=********@ksu.edu&lc=1041&id=64855&mkt=en-us&cbcxt=mai&snsc=1> here to confirm you are ********@ksu.edu and recover your email

The achievement of this survey is to track and shut down fraudulent user and phishing domain to help improve and make your mailing system better.

Please If a verification response is not gotten from you in the next 24 hours, we will assume you are a fraudulent user and shut down your mail account, till after proper verification recovery before you can access you mail account again.

Thanks.
Microsoft Windows.

powered by: Google

Phishing Scam – 10/16/14 – RE: ITS HELP-DESK

Origin ISP and web host have been notified. URL is blocked at the border and
by Trend.

From: Jonathan Nickell <Jonathan.Nickell@wallawalla.edu>
Subject: RE: ITS HELP-DESK
Date: October 16, 2014 at 7:13:18 AM CDT

Dear user,
The following evaluations have been assigned to you. Please log in to complete these evaluations.
CLICK HERE<http://itshelpdeskmail.jigsy.com/> TO EVALUATE USING SECURE ENCRYPTION
NOTE: Your log in will time out after 60 minutes. Your responses will be lost if you do not click on the “secure” button before 60 minutes lapses. There is no prompt when your 60 minute session has expired. Please save extensive comments periodically and check your time.

Phishing Scam – 10/16/14 – Faculty And Satff Email Confirmation

Origin ISP and web host have been notified. URL is blocked at the border and
by Trend.

From: Mary Warren <@gt;
Subject: Faculty And Satff Email Confirmation
Date: Thu, 16 Oct 2014 15:33:00 +0000

Dear user,
We currently upgraded to 30GB inbox space. Please log-in to your account to validate E-space.
Your emails won’t be delivered by our server, unless email account is confirmed.
Click on Faculty And Staff Web Access (http://webservcedesk.tripod.com/) confirm details of
your user account.
Note that password should not be change once email account has been confirmed.
Protecting your email account is our primary concern
Copyright ©2014 ITS Help Desk​.