Kansas State University

Origin ISP has been notified.

From: Kye Zayas <kyezayas@yahoo.com>
Sent: Monday, September 28, 2015 5:06 PM
Subject: FW: DHL Number Tracking 0087654345

DHL EXPRESS
Dear Consignee ,
For security Reasons We Send this password Document
Your Documents Has been Shipped,
please find attached Shipping and Tracking document Secured PDF file. For Your AWB
Best regards,
DHL EXPRESS TEAM.

Origin and Reply-To ISPs have been notived. Reply-To address has been submitted to APER list.

From: “University Account maintenance,” <clee@nafeo.org>
Date: Wed, 23 Sep 2015 14:39:12 +0100
Subject: Account scheduled maintenance

Dear Account Owner,
This message is from the University Webmail Messaging Center to all email account owners.
We are currently carrying out scheduled maintenance,upgrade of our web mail service and we are changing our mail host server,as a result your original password will be reset.
We are sorry for any inconvenience caused.
To complete your webmail email account upgrade, you must reply to this email immediately and provide the information requested below.
*********************************************************************************
CONFIRM YOUR EMAIL IDENTITY NOW
E-mail Address:
User Name/ID:
Password:
Re-type Password:
************************************************************************************
Failure to do this will immediately render your email address deactivated from the University Webmail.
************************************************************************************
This E-mail is confidential and privileged. If you are not the intended Recipient please accept our apologies; Please do not Disclose, Copy or Distribute Information in this E-mail or take any action in Reliance on its contents: to do so is strictly prohibited and may be Unlawful.
Please inform us that this Message has gone astray before deleting it.
Thank you for your Co-operation.
Copyright ©2015 University Webmaster. All Rights Reserved

URL is active and blocked at the border. Web Host has been notified. The URL has been submitted to Trend.

From: Reynolds, Kayla, E <kayla.reynolds115@topper.wku.edu>
Date: Fri, Sep 25, 2015 at 9:58 AM
Subject: UPGRADE

Due to database maintenance equipment that is happening in our mail message center. Our message center must be reset. The maintenance of quarantine will help us avoid this dilemma every day and with the new improved software will provides our users with a mail system and new security system from hackers to protect our users from getting their accounts being hacked. To validate your mailbox, kindly CLICK HERE <http://webuseradmin.jimdo.com/>

The URL is blocked at the border and submitted to Trend. The web host and ISP were notified.

From: “Echeverria, Danielle Florinda Marie” <decheverria@liberty.edu [mailto:decheverria@liberty.edu]>
Subject: Admin…
Date: September 25, 2015 at 12:54:53 PM CDT
To: Undisclosed recipients:;

Your ksu.edu account has been temporally suspended, and this means that you will not be able to send and receive new email messages. This is because of the on-going yearly web maintenance and deleting of inactive ksu.edu accounts. You are then requested to verify your ksu.edu account below for upgrading.

Click Or Open this link to VERIFY your Account: CLICK HERE [http://emailvilid.weebly.com/]

The URL is blocked at the border and submitted to Trend. The Web Host and ISP have been notified.

Date: Fri, 25 Sep 2015 08:13:35 +0530
From: Email Host Security <security@webmail.com>
Sent: Thursday, September 24, 2015 9:43 PM
To: ******** ********
Subject: New sign-in from unusual location
 
Hello ********@k-state.edu,
Someone attempted to sign into your email account (********@k-state.edu) with random incorrect passwords from (*IP: 163.121.255.255 in Cairo, Egypt*) and we have temporarily blocked access from that location to your email account. To help protect your email account, when we notice unusual sign-in activity, like an attempt to sign-in from a different location or device, we usually block such attempt.
To continue protecting your email account in case someone else is able to guess or hack your password, it is strongly recommended that you secure your email account to your device and location.
Click here to secure your email to your device and location [http://couponcow.in/wp-admin/security/webmail/WebMail.php?] 
 
Best regards,
Email Security Team.
———————————————————————-
This email was sent to ********@k-state.edu. To help protect your account, we send you an email when we notice unusual sign-in activity, like an attempt to sign-in from a different location or device than normal. 

URL is active and blocked at the border. Origin ISP and Web Host have been notified. The URL has been submitted to Trend.

From: Admin mail <sonamdinh@mic.gov.vn>
Sent: Tuesday, September 22, 2015 5:40 PM
Subject: Zimbra Mail Account Verification

Dear User

Did you request to close your Zimbra! mail account? If not, please follow the link bellow to cancel this request. Otherwise, your Zimbra! account will be deleted within 48hours

http://cance&delete.request-cv.com/ [http://zimb68acess.voici.org/]

Copyright © 2015 Zimbra! mail Inc. All rights reserved.Copyright/IP Policy | Terms Service!

URL is active and blocked at the border. Origin ISP and Web Host have been notified. The URL has been submitted to Trend.

From: Edu Help Desk <info@pa.com>
Sent: Tuesday, September 22, 2015 4:42 PM
Subject: Email Quota Account Upgrade

Attn: Email User,

Due to the high risk of spam emails going on, we have decide to upgrade all educational email set by our admin panel, and access to your mailbox via our mail portal will be unavailable expect you upgrade your email account against fraudulent spam.

To upgrade and re-validate your mailbox, do click on the link to upgrade: emailupgrade [http://novoks.com/partner/closure/upgrade/account/webmail.php]

Thanks,

System Administrator.

URL is active and blocked at the border. Origin ISP and Web Host have been notified. The URL has been submitted to Trend.

From: “Rawlins, Tracey” <Tracey.Rawlins@bartshealth.nhs.uk> Subject: ICT Help Desk Portal
Date: Tue, 15 Sep 2015 19:49:57 +0000

IMAP) SERVER NOTIFICATION

Your Email account have been suspended due to unusual activities recently noticed from your account kindly click LOGON<http://emailoulookd.ezweb123.com/> to re-activate. Failure to comply to this notification,your email account will be deleted from our server within 1hour after receiving this Message Alert.

The Outlook
Help Desk Team

URL is inactive and blocked at the border. Origin ISP and Web Host have been notified. The URL has not been submitted to Trend.

From: Nor Amin Ahmad <nor_amin@usm.my>
Date: Tue, 15 Sep 2015 16:40:00 +0000
Subject: IT helpdesk

Your password will expire in the next TWO {2} days current Staff should please log on to IT WEBSITE [http://checkoutt.16mb.com/] to validate your e-mail Address

URL is active and blocked at the border. Origin ISP and Web Host have been notified. The URL has been submitted to Trend.

From: ******** ******** <********@ksu.edu>
Date: Tue, 15 Sep 2015 18:00:51 +0000
Subject: Update Account

Second Scam:
From: ******** ******** <********@ksu.edu>
Date: Mon, 21 Sep 2015 19:00:27 +0000
Subject: Update Account

Your password will expire 3 days Click Here (http://12swcenterlock.esy.es/) to update your account.