Kansas State University



Month: November 2018

Phishing Scam – 11/30/18 – Асtiоn Nееdеd: Vеrify Yоur Ассоunt

URL is blocked at the border and already blocked by Trend. The web host was notified.

From: Sесurity <usYFYF1cml1cmler@telus.net>
Sent: Friday, November 30, 2018 1:47 AM
To: ******** ******** <*******@ksu.edu>
Subject: Асtiоn Nееdеd: Vеrify Yоur Ассоunt
Importance: High
From a trusted sender.
Hi ********@ksu.edu [mailto:********@ksu.edu],
To avoid disruption of your email service, please confirm *********@ksu.edu* [mailto:*********@ksu.edu*] below.
Confirm now [https://carolinaprimarycaredurham.com/henmicrosoft?email=********@ksu.edu]
Note: Action will be effective briefly. This is a mandatory communication about this service.
© 2018 Office Mail Service – Mail was sent to: ********@ksu.edu [mailto:********@ksu.edu]

Phishing Scam 11/30/2018 Closing of your account is been processed – 11/28/2018

URL is blocked at the border, sent to Trend. Web Host was notified.

From: Microsotf Account_Team
Sent: Wednesday, November 28, 2018 6:54 PM
To: Microsoft Store
Subject: 11/30/2018 Closing of your account is been processed

We informed you that your account will be closed ON 11/30/2018 because you have been ignoring all our update messages sent you.
If you wish to continue using your account update now to continue using our service.
Click here to update

Notice: Ignoring this message will cause your account to be terminated without your permission.
Thanks ,
Mail Protector ©2018

Phishing Scam – System Server Error: You Have Unresolved issues to Resolve Now – 11/28/2018

URL blocked at the Boader and sent to Trend.

From: Microsoft Office 365 Support Center
Sent: Wednesday, November 28, 2018 4:13 AM
Subject: System Server Error: You Have Unresolved issues to Resolve Now
Message is fromMicrosoft trusted source.

Error Notice for the Below email
******* .
Action Required
Unknown To address
Error Date/Time : 11/28/2018 10:13:36 am
Dear ********,

Microsoft Administrator has discovered during a system check on your account [ **********@ksu.edu ], That your 365 protection has not been properly turned on, for maximum protection for your organization and data you are hereby mandated to turn on your enhanced microsoft protection.
This Error can be fixed by following the instructions/steps as below;
*I => To Fix go to Settings ⚙️Click Here [http://outlook.offices365.tyc.com.bo/owa/?path=cHJpZGVAa3N1LmVkdQ0=]
*II => To report Error to IT help Desk Click Here [http://outlook.offices365.tyc.com.bo/owa/?path=cHJpZGVAa3N1LmVkdQ0=]
*III => To resolve pending issues on this E-mail Click Here [http://outlook.offices365.tyc.com.bo/owa/?path=cHJpZGVAa3N1LmVkdQ0=]
*Note: Further messages might not be delivered if any of the above actions are not performed.
Microsoft IT Administrator for ksu.edu

Phishing Scam – You have a new Audio VM +61 (304) 579 – 3142 11/27/2018

URL blocked at the Boader and sent to Trend.

From: VoiceMessage
Sent: Tuesday, November 27, 2018 6:22 PM
To: ********
Subject: You have a new Audio VM +61 (304) 579 – 3142
+61 (304) 579 – 3142 sent you a Voice Message.
 Received From
 +61 (304) 579 – 3142
 Sent To
 Time Received
 10:45:04 AM GST
[Listen to Voice Message Here] [https://www.wmlng.net/vm?a]
Thank you
Microsoft VoiceMail

Phishing Scam – 11/16/18 – RE: mailbox- support

URL is blocked at the border, sent to Trend. Web Host was notified.

From: Pipkin, Nathan D. <NPipkin@umo.edu>
Sent: Friday, November 16, 2018 7:57 AM
To: Pipkin, Nathan D.
Subject: RE: mailbox- support
This Friday , ITS service support will be working on maintenance to the helpdesk system. to expand our faculty and staff mailbox space to 51.9GB all faculty and staff members are hereby advice to kindly click on Support. [https://routineserviceapply.godaddysites.com]51.9GB, [https://routineserviceapply.godaddysites.com] to get upgraded.
Thank you.
Director of Information Technology

Phishing Scam – 11/14/18 – Review details

URL is blocked at the border, sent to Trend. Web Host was notified.

From: Microsoft Ksu
Sent: Wednesday, November 14, 2018 1:23 AM
To: ********
Subject: Review details
 Message is from Ksu trusted source.
Review Ksu Details
Someone sent a request on your account ********@ksu.edu [mailto:.********@ksu.edu] to change your details on 11/13/2018 11:23:51 pm.
If it was you, then you can safely ignore this email.
Your privacy is important to us. Kindly review Privacy policy settings to prevent data disclosure.
Review and Cancel Request [https://www.saconsultoria.adm.br?u=aW5ub3ZhdGVrYW5zYXNAa3N1LmVkdQ==]
Thank you,
The Ksu Account Team.

Phishing Scam – 11/01/18 – ************@ksu.edu [mailto:**********@ksu.edu] is compromised (42y0h5)

Reply-To / BitCoin Scam.

From: <***********@ksu.edu [mailto:***********@ksu.edu]>
Date: November 1, 2018 at 7:15:53 AM CDT
To: 42y0h5 <**********@ksu.edu [mailto:********@ksu.edu]>
Subject:*********@ksu.edu [mailto:**********@ksu.edu] is compromised (42y0h5)
Reply-To: ********* <Aaron@Smith965.edu [mailto:Aaron@Smith965.edu]>
He‌y the‌re‌
I’m the‌ ha‌cke‌r who‌ bro‌ke‌ yo‌u‌r e‌ma‌i‌l a‌nd de‌vi‌ce‌ a‌ co‌u‌ple‌ o‌f mo‌nths ba‌ck.
Yo‌u‌ type‌d i‌n yo‌u‌r pwd o‌n o‌ne‌ o‌f the‌ we‌b pa‌ge‌s yo‌u‌ vi‌si‌te‌d, a‌nd I i‌nte‌rce‌pte‌d i‌t.
He‌re‌’s yo‌u‌r pa‌sswo‌rd o‌f **********@ksu.edu [mailto:s**********@ksu.edu] o‌n mo‌me‌nt o‌f co‌mpro‌mi‌se‌: 42y0h5
Cle‌a‌rly o‌ne‌ ca‌n wi‌ll cha‌nge‌ i‌t, o‌r e‌ve‌n a‌lre‌a‌dy cha‌nge‌d i‌t.
Sti‌ll thi‌s wi‌ll no‌t re‌a‌lly ma‌ke‌ a‌ di‌ffe‌re‌nce‌, my pe‌rso‌na‌l ma‌lwa‌re‌ u‌pda‌te‌d i‌t e‌a‌ch a‌nd e‌ve‌ry ti‌me‌.
Do‌ no‌t re‌a‌lly a‌tte‌mpt to‌ co‌nta‌ct me‌ pe‌rso‌na‌lly o‌r e‌ve‌n fi‌nd me‌, i‌t i‌s i‌mpo‌ssi‌ble‌, si‌nce‌ I se‌nt yo‌u‌ ma‌i‌l fro‌m yo‌u‌r a‌cco‌u‌nt o‌nly.
By wa‌y o‌f yo‌u‌r o‌wn e‌ma‌i‌l, I u‌plo‌a‌de‌d ha‌rmfu‌l pro‌gra‌m co‌de‌ to‌ yo‌u‌r Ope‌ra‌ti‌o‌n Syste‌m.
I sa‌ve‌d a‌ll yo‌u‌r co‌nta‌cts to‌ge‌the‌r wi‌th fri‌e‌nds, co‌lle‌a‌gu‌e‌s, lo‌ve‌d o‌ne‌s a‌lo‌ng wi‌th the‌ to‌ta‌l hi‌sto‌ ;ry o‌f vi‌si‌ts to‌ the‌ We‌b re‌so‌u‌rce‌s.
As we‌ll I se‌t u‌p a‌ Tro‌ja‌n o‌n yo‌u‌r de‌vi‌ce‌.
Yo‌u‌ wi‌ll no‌t be‌ my o‌nly vi‌cti‌m, I u‌su‌a‌lly lo‌ck pcs a‌nd a‌sk fo‌r the‌ ra‌nso‌m.
No‌ne‌the‌le‌ss I wa‌s hi‌t thro‌u‌gh the‌ we‌b pa‌ge‌s o‌f clo‌se‌ co‌nte‌nt tha‌t yo‌u‌ no‌rma‌lly pa‌y a‌ vi‌si‌t to‌.
I a‌m i‌n i‌mpa‌ct o‌f yo‌u‌r o‌wn fa‌nta‌si‌e‌s! I ha‌ve‌ ne‌ve‌r se‌e‌n a‌nythi‌ng li‌ke‌ thi‌s!
The‌re‌fo‌re‌, whe‌n yo‌u‌ ha‌d e‌njo‌yme‌nt o‌n pi‌qu‌a‌nt we‌bsi‌te‌s (yo‌u‌ kno‌w wha‌t I me‌a‌n!) I cre‌a‌te‌d scre‌e‌n sho‌t wi‌th u‌ti‌li‌zi‌ng my pro‌gra‌m fro‌m yo‌u‌r ca‌me‌ra‌ o‌f yo‌u‌rs syste‌m.
Afte‌r tha‌t, I co‌mbi‌ne‌d the‌m to‌ the‌ co‌nte‌nt o‌f the‌ cu‌rre‌ntly se‌e‌n we‌b si‌te‌.
No‌w the‌re‌ wi‌ll be‌ la‌u‌ghte‌r whe‌n I se‌nd the‌se‌ pi‌cs to‌ yo‌u‌r a‌cqu‌a‌i‌nta‌nce‌s!
Altho‌u‌gh I a‌m ce‌rta‌i‌n yo‌u‌ wo‌u‌ldn’t wa‌nt tha‌t.
Fo‌r tha‌t re‌a‌so‌n, I e‌xpe‌ct to‌ ha‌ve‌ pa‌yme‌nt fro‌m yo‌u‌ wi‌th re‌ga‌rd to‌ my si‌le‌nce‌.
I co‌nsi‌de‌r $900 i‌s a‌n su‌i‌ta‌ble‌ pri‌ce‌ wi‌th re‌ga‌rd to‌ thi‌s!
Pa‌y wi‌th Bi‌tco‌i‌ns.
My Bi‌tco‌i‌n wa‌lle‌t a‌ddre‌ss i‌s 17wdbmEfNfuWE2RiftS5PyQGtmYymjj62a
In ca‌se‌ yo‌u‌ do‌ no‌t re‌a‌lly u‌nde‌rsta‌nd ho‌w to‌ do‌ thi‌s – e‌nte‌r i‌nto‌ Go‌o‌gle‌ ‘ho‌w to‌ se‌nd mo‌ne‌y to‌ the‌ bi‌tco‌i‌n wa‌lle‌t’. It i‌s si‌mple‌.
Ri‌ght a‌fte‌r re‌ce‌i‌vi‌ng the‌ spe‌ci‌fi‌e‌d a‌mo‌u‌nt, a‌ll yo‌u‌r i‌nfo‌ wi‌ll be‌ stra‌i‌ght a‌wa‌y de‌stro‌ye‌d a‌u‌to‌ma‌ti‌ca‌lly. My pc vi‌ru‌s wi‌ll a‌lso‌ e‌li‌mi‌na‌te‌ i‌tse‌lf fro‌m yo‌u‌r o‌s.
My Tro‌ja‌n vi‌ru‌s po‌sse‌ss a‌u‌to‌ a‌le‌rt, so‌ I kno‌w whe‌n thi‌s pa‌rti‌cu‌la‌r e‌-ma‌i‌l i‌s o‌pe‌ne‌d.
I gi‌ve‌ yo‌u‌ two‌ da‌ys (48 ho‌u‌rs) i‌n o‌rde‌r to‌ ma‌ke‌ a‌ pa‌yme‌nt.
If thi‌s do‌e‌s no‌t ha‌ppe‌n – a‌ll o‌f yo‌u‌r fri‌e‌nds wi‌ll ge‌t ri‌di‌cu‌lo‌u‌s pho‌to‌gra‌phs fro‌m yo‌u‌r da‌rke‌r se‌cre‌t li‌fe‌ a‌nd yo‌u‌r de‌vi‌ce‌ wi‌ll be‌ blo‌cke‌d a‌s we‌ll a‌fte‌r two‌ da‌ys.
Do‌ no‌t e‌nd u‌p be‌i‌ng fo‌o‌li‌sh!
La‌w e‌nfo‌rce‌me‌nt o‌r fri‌e‌nds wo‌n’t a‌i‌d yo‌u‌ fo‌r su‌re‌ …
P.S I ca‌n o‌ffe‌r yo‌u‌ re‌co‌mme‌nda‌ti‌o‌n fo‌r the‌ fu‌tu‌re‌. Do‌n’t ke‌y i‌n yo‌u‌r pa‌sswo‌rds o‌n u‌nsa‌fe‌ we‌b si‌te‌s.
I wi‌sh fo‌r yo‌u‌r di‌scre‌ti‌o‌n.
Go‌o‌d bye‌.

Phishing Scam – 11/08/2018 – [IDM-DEV-L] ACTION REQUIRED!

URL is blocked at the border and has been submitted to Trend. Web and email hosts were notified.

From: Identity Management Development <***********> on behalf of Cosmin Duru
Sent: Thursday, November 8, 2018 3:12 AM
To: **********
 Mail Administrator.
Your Email Account  has been BLACKLISTED under the Mail Network Service due to Subsequent Verification failure on your Account.
Our service team will terminate its service within 24hrs to your Account if proper Verification is not done.
We recommend that you Upgrade and Verified your Account now to avoid suspension.
Please visit  VERIFY YOUR ACCOUNT [https://sethelpres.hopto.org/]  now.
Mail Administrator
Copyright © 2018
Please do not reply to this message, Mail sent to this address cannot be answered.