Kansas State University

search

Scams

Month: April 2015

Phishing Scam – 04/27/15 – RE: MICROSOFT EMAIL FOR STAFF MIGRATION‏‏‏

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL has been submitted to Trend.

From: “Walters, Robert” <WALTERSR2@wpunj.edu>
Subject: RE: MICROSOFT EMAIL FOR STAFF MIGRATION‏‏‏
Date: Mon, 27 Apr 2015 14:22:35 +0000

Dear Staff ,
We are migrating all staff email accounts into Staff Outlook 2015 office web mail and as such all active staff are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.
Please all Staff Click HERE Switch to Outlook Webmail 2015 for Staff [http://box1box122.wix.com/outlookwebapp]
Note that, after circulating this switching to Outlook is for all email service in this service and if not done, we will start deactivating and deleting unverified and inactive email accounts without any further notice that did not migrate in the next 24 hours.
PLEASE DO AS ADVISE ABOVE.
Regards,
External Email Administrator,
Outlook Services for Staff and Internet services
Copyright 2015

Phishing Scam – 04/26/15 – Password will expire in 4 days

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL is being blocked by Trend.

Second Scam:
IT-Service Help Desk Click Here (http://www.aml-consulting.com.ve/wp-admin/owa/) To Validate E-mail

Thank you,
IT Help Desk

First Scam:

From: Lisa-Kaye Rossi <lrossi@POTTSTOWNSD.ORG>
Subject: Password will expire in 4 days
Date: Sun, 26 Apr 2015 20:47:20 -0400

IT-Service Help Desk Click Here [http://efmw.jimdo.com/] To Validate E-mail
Thank you,
IT Help Desk

Phishing Scam – 04/26/15 – ⚠ Upgrade your email account now!!!

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL has been submitted to Trend.

From: Zimbra Admin <jpallinger@aurora.edu>
Subject: Upgrade_your_email_account_now!!!
Date: Sun, 26 Apr 2015 05:57:55 -0500

Zimbra Collaboration Suite
You are currently viewing Zimbra in basic HTML.   Why? | Follow the link bellow for faster, better Webmail.
https://mail.login.edu/src/ login.php [http://afroliberty.webege.com/zimbra/index.html]
Copyright © 2015 Zimbra! Inc. All rights reserved.Copyright/IP Policy | Terms of Service

Phishing Scam – 04/22/15 – RE: HELP-DESK

URL is inactive and blocked at the border. Origin ISP and web host have been notified. The URL is being blocked by Trend.

From: “Giles, Jerry” <Jerry.Giles@airmethods.com>
Subject: RE: HELP-DESK
Date: Wed, 22 Apr 2015 17:23:39 +0000

Take note of this important update that our new web mail has been improved with a new messaging system from Owa/outlook which also include faster usage on email, shared calendar,web-documents and the new 2015 anti-spam version. Please use the link below to complete your update for our new Owa/outlook improved web mail.
 
 CLICK HERE TO UPDATE [http://mailboxupgrading.wix.com/upgrading2015]
 
Connected to Microsoft Exchange
© 2014 Microsoft Corporation. All rights reserved

Phishing Scam – 04/22/15 – RE: Mail

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL has been submitted to Trend.

From: Simon Yeap <S.Yeap@murdoch.edu.au>
Subject: RE: Mail
Date: Wed, 22 Apr 2015 16:46:54 +0000

Attn: User,
Staff And Faculty Notice. Mail account has been expended into 1GB visit Staff And Faculty [http://helpadm.moonfruit.com/]  to Upgrade for validation of your account.
Helpadmin-Term.

Phishing Scam – 04/21/15 – Vital Information

Both URLs are inactive and blocked at the border. Origin ISP and both web host (long and short URLs) have been notified. The URL has not been submitted to Trend.

From: <kstatepresident@gmail.com>
Subject: Vital Information
Date: Tue, 21 Apr 2015 17:32:12 +0200

Hello
 
I’ve Shared a secure file Document attached with Google icon
CLICK DOCUMENT [http://tinyurl.com/ngtypc4]
Regard
*****************
kstatepresident@gmail.com [mailto:kstatepresident@gmail.com]
Go Cats!
Private Group Communication Service
[https://docs.google.com/]
©2015 Google – Terms & Privacy

Phishing Scam – 04/20/15 – Unusual sign-in activity

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL has been submitted to Trend.

From: Monica Jacobs <monica.jacobs@ntschools.net>>
Sent: Monday, April 20, 2015 8:38 AM
Subject: Unusual sign-in activity

Webmail account
Unusual sign-in activity
We detected something unusual about a recent sign-in to your webmail account. To help keep you safe, we required an extra security challenge.
Sign-in details:
Country/region: Serbia / Southeast Europe
IP address: 79.101.110.94 | Server: TELEKOM SRBIJA a.d
Date: 19/04/2015 07:31 AM
If this was you, then you can safely ignore this email.
If you’re not sure this was you, a malicious user might have your password. Please click and confirm the link below for re-confirm of your location and we’ll help you take corrective action.
Click here & Confirm Location
Thank you for your patience and understanding.
Thanks,
The Outlook account team

Phishing Scam – 4/8/15 – Scheduled Maintenance & Upgrade

Origin ISP and Reply-To: ISP have been notified. Reply-To: address has been on the APER list since 01/16/2015.

Second Scam:
From: Help Desk <info@helpdesk.org>
Subject: Scheduled Maintenance & Upgrade
Date: Tue, 21 Apr 2015 17:48:55 +0800
Reply-To: <help.desk.team0015@tech-center.com>

First Scam:
From: Help Desk <info@helpdesk.org>
Subject: Scheduled Maintenance & Upgrade
Date: Wed, 8 Apr 2015 05:45:42 +0800
Reply-To: <help.desk.team.0014@tech-center.com>

Help Desk

Scheduled Maintenance & Upgrade

Your account is in the process of being upgraded to a newest
Windows-based servers and an enhanced online email interface inline with internet infrastructure Maintenance. The new servers will provide better anti-spam and anti-virus functions, along with IMAP Support for mobile devices to enhance your usage.

To ensure that your account is not disrupted but active during and after this upgrade, you are required to kindly confirm your account by stating the details below:

* Domain\user name:
* Password:

This will prompt the upgrade of your account.

Failure to acknowledge the receipt of this notification, might result to a temporary deactivation of your account from our database. Your account shall remain active upon your confirmation of your login details.

We do apologize for any inconveniences caused.

Sincerely,

Customer Care Team

(c) Copyright 2015, All Rights Reserved.

Phishing Scam – 4/5/15 – Mailbox Shutdown Notification

Origin ISP has been notified. Reply-To: address has been submitted to APER list.

Date: Sun, 5 Apr 2015 12:20:00 +1300
From: Webmaster <:&lt fossholl@postur.skrin.is :&gt>
Return-Path: fossholl@postur.skrin.is
Subject: Mailbox Shutdown Notification

You are expected to verify your email account to avoid mailbox shutdown :
Login Username:
Login password: **************
To avoid shutting down of your mailbox which could lead to loss of your
important files on our server,you must send these details on receipt of
this message.
Thank you very much.
Webmaster

Phishing Scam – 04/03/15 – Your Mailbox Has Exceeded It Quota Limit

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL has been submitted to Trend.

From: Reports from the public of abusive KSU users on behalf of Administrator
Sent: Friday, April 03, 2015 5:22 AM
Subject: Your Mailbox Has Exceeded It Quota Limit

Your Mailbox Has Exceeded It Quota/Limit As Set By Your Administration, And You May Not Be Able To Send Or Receive New Mails Until You Re-Validate It. To Re-Validate, Please CLICK: Re-Validate Your Mailbox[http://shambabala.ovh/web.index.html]