Kansas State University

search

Scams

Month: April 2017

Phishing Scam – 04/29/2017 – Urgent Announcement

URL is blocked at border, submitted to Trend. Web Host notified.

From: Alexis Coberly
Sent: Saturday, April 29, 2017 12:00 PM
Subject: Urgent Announcement

This is to notify all Students, Staffs of Kansas University that we are validating active accounts.Kindly confirm that your account is still in use by clicking the validation link below:
Validate Email Account [http://worldcarepharmaceutical.com/kokorokemdo/office/index.html]
 Sincerely
IT Help Desk
Office of Information Technology
Kansas University

Phishing Scam – 04/29/2017 – Account Shutdown

Web Host and Origin ISP have been notified. URL is active and has been blocked at the border. URL has been submitted to Trend.

From: ********@ksu.edu
Sent: Saturday, April 29, 2017 10:53 AM
Subject: Account Shutdown

This is to notify all Students, Staffs of Kansas University that we are validating active accounts.Kindly confirm that your account is still in use by clicking the validation link below:
Validate Email Account [http://worldcarepharmaceutical.com/uguukuuuu/office/index.html]
Sincerelyik
IT Help Desk
Office of Information Technology
Kansas University
Aaron J. Rojas
School of Music, Theatre, and Dance
Kansas State University

Phishing Scam – 04/27/17 – RE: Your Password Expires Today.

URL was active, but has been stopped at the Border. It was also submitted to Trend. The Web Host notified to remove the website.

From: Monroe Webster
Sent: Thursday, April 27, 2017 11:56 AM
Subject: RE: Your Password Expires Today.
System Administrator
Your password will expire in a few days time. Kindly click on the Help Desk to update your current password and automatically upgrade to the most recent e-mail Outlook Web Apps 2017.
If the password is not been updated today, your account will be suspended within 12 hours.
System Administrator,
Connected to Microsoft Exchange.
© 2017 All rights reserved Microsoft Corporation.

Phishing Scam – 04/27/17 – Important Alert from Admin Department

Origin ISP and webhost notified. URL has been submitted to Trend.

From: <SElzait@meu.edu.jo>
Subject: Important Alert from Admin Department
Date: Thu, 27 Apr 2017 16:48:37 +0100

Dear ********@k-state.edu
You have (2)important unread messages from our admin team, Click on review [https://is.gd/zS2KeR] read it.
Thank you,
The Profile Team
This e-mail may contain information that is privileged and confidential. If you suspect that you were not the intended recipient, please delete it and notify the sender as soon as possible.

Phishing Scam – 04/27/17 – New security update

URL is blocked at border, submitted to Trend. Web Host notified.

From: Kansas State University <akkarup@iastate.edu>
Sent: Thursday, April 27, 2017 10:49 AM
To: Recipient
Subject: New security update
Dear User,
If you are receiving this email, it means your account has been queued up for deactivation. To validate your email account and keep it active, CLICK HERE [http://www.hautarzt-stockerau.at/includes/plugins/blackboard.htm] and login with your credentials to verify your Account and confirm it, otherwise your Account will be deactivated and erased from our database.
CLICK HERE TO UPDATE [http://www.hautarzt-stockerau.at/includes/plugins/blackboard.htm]
Regards,
Ashley McKa
Webmail Helpdesk
2017 The University IT Security.

Phishing Scam – 04/27/17 – RE: IT SERVICE

URL is blocked at border, sent to Trend. Web Host was notified.

From: YUILL, Patricia (NHS GREATER GLASGOW & CLYDE) <patricia.yuill@nhs.net>
Sent: Thursday, April 27, 2017 9:16 AM
To: YUILL, Patricia (NHS GREATER GLASGOW & CLYDE)
Subject: RE: IT SERVICE
From: YUILL, Patricia (NHS GREATER GLASGOW & CLYDE)
Sent: Thursday, April 27, 2017 7:10 AM
Subject: IT SERVICE
IT DEPARTMENT HAS FOUND OUT THAT YOUR MAILBOX HAS BEEN LOGIN SOME WHERE ELSE CLICK HERE [http://itdate.tripod.com/owa/] TO CHANGE YOUR PASSWORD
********************************************************************************************************************
This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.
Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.
NHSmail provides an email address for your career in the NHS and can be accessed anywhere
For more information and to find out how you can switch, visit http://support.nhs.net/joiningnhsmail
********************************************************************************************************************

Phishing Scam – 04/27/17 – Job Offer

URL is blocked at the border and submitted to Trend. The Web Host was notified.

From: Larry Ellison [mailto:**********@ksu.edu]
Sent: Thursday, April 27, 2017 9:57 AM
To: mumc-admsec@bellsouth.net
Subject: Job Offer

We are starting a very big research project all-over the world to become
Secret-Shopper , This project takes place every week. So, we need to recruit
Mystery Shoppers to work as a surveyor. You will get $250 for each
assignment.

JOB DESCRIPTION:
You will be assigned to visit a shop.
You need to “pretend” to be a normal potential customer who is looking for a
particular service or product.
You will then finish an on-line questionnaire to share with us your customer
experience.

Payment: Money order/Payment check would be in a certain amount which you
would be required to cash at your Bank, deduct your salary and have the rest
used for the evaluation at the store that would be given to you for
evaluations.

Phishing Scam – 04/27/17 – RE: IT DEPARTMENT

URL is blocked at border and by Trend. Web Host was notified.

From: WILSON, Sandra (DR I A HUSSAIN GP PRACTICE (49712)) <sandra.wilson4@nhs.net>
Sent: Thursday, April 27, 2017 2:53 AM
To: WILSON, Sandra (DR I A HUSSAIN GP PRACTICE (49712))
Subject: RE: IT DEPARTMENT
From: WILSON, Sandra (DR I A HUSSAIN GP PRACTICE (49712))
Sent: Thursday, April 27, 2017 12:48 AM
Subject: IT DEPARTMENT
IT DEPARTMENT HAS FOUND OUT THAT YOUR MAILBOX HAS BEEN LOGIN SOME WHERE ELSE CLICK HERE [http://departementit.tripod.com/webmail/] TO CHANGE YOUR PASSWORD
********************************************************************************************************************

Phishing Scam – 04/27/2017 – Account Shutdown

Origin ISP and Web Host have been notified. URL is active and has been blocked at the border. URL has been submitted to Trend.

From: ********@ksu.edu
Sent: Wednesday, April 26, 2017 10:06 AM
Subject: Account Shutdown

This is to notify all Students, Staffs of Kansas University that we are validating active accounts.Kindly confirm that your account is still in use by clicking the validation link below:
Validate Email Account [http://masterinsteel.com/ll/office/index.html
]
Sincerelyik
IT Help Desk
Office of Information Technology
Kansas University

Phishing Scam – 04/26/17 – Mailbox alert

Origin ISP and Web Host have been notified. URL is active and has been blocked at the border and sent to Trend

From: helpdesk@k-state.edu [mailto:brandtor7759@uwec.edu]
Sent: Wednesday, April 26, 2017 12:19 PM
Subject: Mailbox alert
Dear User,

Kindly be notified that your mailbox has been temporarily suspended.

Click here <http://grupoilt.cl/websitemap/k-state/index.php> to update and restore your mail account.

Thank you.
Kansas State University