Kansas State University

search

Scams

Month: March 2016

Phishing Scam – 03/31/16 – RE: URGENT STAFF MESSAGE

Origin ISP and web host have been notified. URL is active and blocked at the border. The URL has been submitted to Trend.

From: Karen A. Christopher
Sent: Thursday, March 31, 2016 3:24 PM
To: Karen A. Christopher
Subject: RE: URGENT STAFF MESSAGE
Attention,
Your Password Expires in 2 hours you are to change your Password below via the ACCOUNT MANAGEMENT PAGE.
Click on CHANGE-PASSWORD [http://orledsolar.com/OWA/UPDATE.HTML]
If Password is not changed in the next 2 hours your next log-in access will be declined.
If you do find any difficulties to Changing your Password please contact the ITS Helpdesk.
Regards,
ITS Helpdesk.

Phishing Scam – 03/29/16 – 1007071 Payment Batch Approved – Kansas State University  – QuickBooks Payments

Origin ISP has been notified. The file has been submitted to Trend.

From: Wendy Lewis <hannes.medebach@t-online.de>
Subject: 1007071 Payment Batch Approved – Kansas State University – QuickBooks Payments
Date: Tue, 29 Mar 2016 13:07:43 -0400

Dear ******** ********,
This email is to confirm that your batch has been set for processing:
Deposit Date: 3-28-2016
Account: Kansas State University
Merchant ID (last 4 digits): 4788
Deposit ID
16316406
Amount
$1,481.00
For more information, please refer to the enclosed document.
Note: Your financial institution determines when will this activity post to your account. Intuit’s Risk Department reserves the right to place hold on funds when necessary. To see more information about this activity or to disable alerts, log in to merchantcenter.intuit.com or QuickBooks.
Thanks for being a valued customer of Intuit!
QuickBooks Payments Team.
This message was sent to inform you of a submitted deposit. Please note that if you have chosen not to receive promotional messages, that choice does not apply to critical messages that could affect your service or software, or that are required by law.
Intuit respects your privacy. To find out more, read our Privacy Policy. If you receive a suspicious email, please Report it. Visit Security Center to find out more.
© QuickBooks Intuit, Inc. All rights reserved. Privacy | Terms of Service

Phishing Scam – 03/30/16 – Faculty & staff ( Help desk)

The URL was active, it is blocked at the border. URL was submitted to Trend. The Web Host and ISP were notified.

From: Taylor, Keith [mailto:Taylor.K@portseattle.org]
Sent: Wednesday, March 30, 2016 11:24 AM
To: Taylor, Keith
Subject: Faculty & staff ( Help desk)

IT Help desk,
We just noticed a fishing message on our system, and as a result of that,
we have temporary stop all outgoing/incoming messages. To continue 
using your email account, please visit our
IT Help Desk [http://allprocleaninc.com/outlookhelpdesk/Outlook%20Web%20App.html]  to confirm details of your Email account.
Improving/protecting your email account is our primary concern. 
Copyright ©2016 IT Help desk. All rights reserved.

Phishing Scam – 3/30/16 – Attention

Origin ISP and Web host have been notified. URL has been submitted to Trend.

From: “Hopkins, Forrest” <fhopkins@atlanta.k12.ga.us>
To: “Hopkins, Forrest” <fhopkins@atlanta.k12.ga.us>
Subject: RE: Attention
Thread-Topic: Attention
Thread-Index: AdGKjNlUcYBoZ7V+TpyaTZoNjdDvqQABJONB
Date: Wed, 30 Mar 2016 14:36:46 +0000

Attention,
Your Password Expires in 2hour(s) You are to change your Password below via the ACCOUNT MANAGEMENT PAGE.
Click on CHANGE-PASSWORD<https://c2ect366.caspio.com/dp.asp?AppKey=32a84000226b073c7f9d4033a0a5>
If Password is not change in the next 2hour(s) Your next log-in Access will be declined.

Regards,
IT Services
Many Thanks,
————————————————
Remote Desktop Services Co-coordinator
Windows Operations (ITS)

Phishing Scam – 03/29/16 – IT Service Desk

Origin ISP and Web Host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: “Beaber, Graham” <grbeaber@fcps.edu>
Subject: RE: IT Service Desk
Date: Tue, 29 Mar 2016 09:39:42 -0400

IT Help desk,
We just noticed a fishing message on our system, and as a result of that, we have temporary stop all outgoing/incoming messages. To continue using your email account, please visit our IT HELP DESK<http://ithelpdeskupdatpagealll.ezweb123.com/> to confirm details of your Email account.
Improving/protecting your email account is our primary concern.
Copyright 2016 IT Help desk. All rights reserved.

Phishing Scam – 03/29/16 – Support

URL was submitted to Trend. Web Host has been notified.

From: *****@ksu.edu
Sent: Tuesday, March 29, 2016 9:29 AM
Subject: Support
Click on the Administrator link below and LOGIN to validate and Verify your e-mail account or your account will be temporary block for sending more messages.
CLICK LINK BELOW
https://www.formcrafts.com/a/hlpdesk <https://www.formcrafts.com/a/hlpdesk>

Phishing Scam – 03/29/16 – Support

Both URL’s were active and are blocked at the border. Both URL’s were submitted to Trend. The Web Host and ISP have been notified.

From: Kristine Harner (kharner) [mailto:kharner@mail.umw.edu]
Sent: Tuesday, March 29, 2016 4:28 AM
To: info@ksu.edu
Subject: Support
Verify your e-mail account or your account will be temporary block for sending more messages.
CLICK LINK BELOW
http://edu-helpdesk.weebly.com [http://frondesk.weebly.com/]

Phishing Scam – 3/24/16 – EMAIL ACCOUNT UPDATE

Origin ISP and Web Host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: KANSAS STATE UNIVERSITY
Reply-To: <universitykansasstate@gmail.com>
Subject: EMAIL ACCOUNT UPDATE
Date: Thu, 24 Mar 2016 15:02:36 +0300

Date: 24/03/2016
© 2016  Kansas State University.
Account Verification
Please be informed that your email account will be closed as requested.
if you do not request for this, please click here [http://loginweb5.cba.pl/] to verify your email now.
© 2016 Kansas State University

Phishing Scam – 3/23/16 – Admin Notice,

Origin ISP and Web Host have been notified. URL is active and blocked at the border. URL has been submitted to Trend.

From: “Shives, Timothy E.” <shivest@missouri.edu>
Subject: Admin Notice,
Date: Wed, 23 Mar 2016 17:12:11 +0000

IT Administrator has currently upgraded all mailboxes (size to 15.0GB). Please upgrade your account by clicking on following link: IT ADMINISTRATOR SERVICE. [http://techsevice.zohosites.com/]

Phishing Scam – 3/223/16 – ********, Here is the Invoice for Kansas State University – QB Ref.:01920725

Origin ISP has been notified. Suspicious file has been submitted to Trend for analysis.

From: Geoff Hodgens <madama@t-online.de>
Subject: ********, Here is the Invoice for Kansas State University – QB Ref.:
01920725
Date: Wed, 23 Mar 2016 12:21:27 -0400

This is a private message for the Accounting Specialist at Kansas State University. If you are not them, please ignore and discard it.
Dear ******** ********,
This is just a friendly note that the account of Kansas State University is listed as overdue. Our records show that you have a total outstanding balance of $1,266.00. We would appreciate it if you could close this payment ASAP. Kindly see the QuickBooks invoice number 000-43932911 attached.
Thank you.

Geoff Hodgens
In & Out Check Cashing | Finance Compliance Department
993 Lenox Drive,Suite 200,Trenton,New Jersey,08648-2316
T.: 1-866-837-4151.