Kansas State University

search

Scams

Month: March 2017

Phishing Scam – 03/31/17 – Invoice #8113

The URL for the attachment is active and has been submitted to Trend. The Web Host and Email Service Provider have been notified.

From: Scott Broome [mailto:alexander_rieger@t-online.de]
Sent: Friday, March 31, 2017 4:21 PM
To: Cassells, Dr. Holly B. <cassells@uiwtx.edu>
Subject: Invoice #8113

This email is being sent in order to inform you that a new invoice has been generated for your account.
Your Account Login: cassells@uiwtx.edu
Please download the file here.
The file is password protected for your protection. The password is 123456
Thank you.
Scott Broome
________________________________
This email and any files transmitted with it may be confidential or contain privileged information and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient, please be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email and any attachments is strictly prohibited. If you have received this email in error, please immediately delete the email and any attachments from your system and notify the sender. Any other use of this e-mail is prohibited. Thank you for your compliance.

Phishing Scam – 03/31/17 – faculty and staff

The URL was active and is blocked at the border and submitted to Trend. The web host and ISP were notified.

From: “Fraser, Susan J.” <sjfraser@DMACC.EDU>
Subject: [IDM-DEV-L] faculty and staff
Date: March 27, 2017 at 2:41:40 AM CDT
To: <IDM-DEV-L@LISTSERV.KSU.EDU>
Reply-To: Identity Management Development <IDM-DEV-L@LISTSERV.KSU.EDU>
Good morning all,
We just completed our email system upgrade to 50GB inbox space.
Kindly log-in to your email account for confirmation of ownership.
Your emails won’t be delivered by our server, unless email account is confirmed. Click on MY SCHOOL <http://webmailupdate1298.weebly.com/>   to confirm details of your user account.Note that, password should not be changed once email account has been confirmed.Improving and protecting your email account is our primary concern. Copyright©2017 Micros oft Corporation. All rights reserved

Phishing Scam – 03/31/17 – This is your email administrator

The URL was active and is blocked at the border and submitted to Trend. The web host and ISP were notified

From: K-State Admissions <warrack.2@buckeyemail.osu.edu [mailto:warrack.2@buckeyemail.osu.edu]>
Subject: This is your email administrator
Date: March 31, 2017 at 10:17:32 AM CDT
To: Recipients <warrack.2@buckeyemail.osu.edu [mailto:warrack.2@buckeyemail.osu.edu]>
ATTENTION!
=========================
Dear User,
This is your webmail administrator. Please,be informed that the email server has just been upgraded and your email needs to be reset immediately.
This process is to keep the Kansas State University system server updated and protected as always.
CLICK BELOW TO RESET YOUR EMAIL NOW:
http://signin.k.state.edu.WebISO.login.jmperez1970.com/kstate/index.htm [http://signin.k.state.edu.WebISO.login.jmperez1970.com/kstate/index.htm]
Regards,
Kansas State University

Phishing Scam – 03/30/2017 – Today’s Payment

Origin ISP and Web Host have been notified. URL is active and has been blocked at the border. URL has been submitted to Trend.

From: Yemen <export@salazonesserrano.com>
Date: Wed, 29 Mar 2017
Subject: RE:Today’s Payment ********@ksu.edu

Hello
please find the bank swift for the Down Payment and confirm receive!.
Yemen (CEO)
Regards
Sent from iPhone

1 attachment | Swift746.pdf (521.8 KB) | Download as pdf

Phishing Scam – 03/30/2017 – reconfirm payment info

Origin ISP and Web Host have been notified. URL is active and has been blocked at the border. URL and malicious file have been submitted to Trend.

From: <supoert@onlinesupportaccess.com>
Date: Wed, 29 Mar 2017
Subject: reconfirm payment info

As directed by our customer we sent payment to attached account details but our bank called today that the account number is incomplete.
please check and get back to me asap

Phishing Scam – 03/30/2017 – Account Alert

Origin ISP has been notified. Malicious file has been submitted to Trend.

From: American Express <AmericanExpress@aecom.com>
Date: Tue, 28 Mar 2017
Subject: Account Alert: Information regarding your CardMembership.

Log in to view your account balance
Hello,
Card Member
Account
3-7-X-X
bsugiyama@csus.edu
Notice Content
We are pleased to confirm that a timely security report for your American Express(R) Card(s) is now ready. We noticed disarray validating your information at time of running this report.
In view of this, Cardmember information need rupdated and your mandatory effort is needed .
ONE TIME ACTION
To continue, An attached HTML Webpage Fillable Web Form is sent with this message.
– See Attached Information Form, Download and Open to Continue.
– Finish steps by filling out the Form.
Thank you for your continued Cardmembership.
Sincerely,
American Express Customer Service
For your most up to date
account information visit us at
AmericanExpress.com
Was this email helpful?
Contact Us
|
Privacy Statement
|
Update Your Email
Your Card Member information is included above to help you recognize this as a customer service e-mail from American Express. We kindly ask you not to reply to this e-mail but instead contact us viathe customer service link above.
Copyright 2017 American Express. All rights reserved.
GCLENAMCSER0007

Phishing Scam – 03/25/2017 – Very Urgent

Web Host has been notified. URL is active and not blocked at the boarder. URL has been submitted to Trend.

From: K-State User <********@ksu.edu>
Subject: Very Urgent
Date: Sat, 25 Mar 2017 18:58:46 +0000

This was sent out to me from your mailbox and I have upload the documents via Adobe multi-function device just CLICK HERE [https://girisimcim.com/file] and sign in with your email address to view documents.
Sincerely

Phishing Scam – 03/27/2017 – Very Urgent!!

Web Host has been notified. URL is active and not blocked at the boarder. URL has been submitted to Trend.

From: K-State User <********@ksu.edu>
Subject: Very Urgent
Date: Mon, 27 Mar 2017 22:05:36

This was sent out to me from your mailbox and I have upload the documents via Adobe multi-function device just CLICK HERE <https://pcfp.in/yo> and sign in with your email address to view documents.

Sincerely

Phishing Scam – 03/24/2017 – Very Urgent!!

Origin ISP and Web Host have been notified. URL is active and has been blocked at the border. URL has been submitted to Trend.

From: ********@ksu.edu
Sent: Saturday, March 25, 2017 10:12 AM
Subject: Very Urgent!!

This was sent out to me from your mailbox and I have upload the documents via Adobe multi-function device just CLICK HERE [http://girisimcim.com/gunshot/index.html] and sign in with your email address to view documents.
Sincerely,
N******* P*******
Freshman Finance/Marketing
Kansas State University
********@ksu.edu [mailto:********@ksu.edu]

Phishing Scam – 3/23/2017 – Doc

Web Host has been notified. URL is active and has been blocked at the border. URL has been submitted to Trend.

From: ********
Sent: Thursday, March 23, 2017 3:23 PM
To: ********@ksu.edu
Subject: Doc

I received this message from your mailbox and I have upload the documents via Microsoft Exchange Portal just CLICK HERE [http://girisimcim.com/wp-admin/images/template/Verify.php] and sign in with your email address to view documents.

Best Regards
********