Kansas State University



Month: June 2019

Phishing Scam – 06/20/19 – *******@ksu.edu

Phishing scam with a link. Blocked at the border.

From: <*******@ksu.edu [mailto:*******@ksu.edu]>
Date: June 20, 2019 at 11:39:39 PM CDT
To: <199993328@qq.com [mailto:199993328@qq.com]>
Subject:*******@ksu.edu [mailto:*******@ksu.edu]
*******@ksu.edu [mailto:*******@ksu.edu]
*******@ksu.edu [mailto:*******@ksu.edu]
smtp.office365.com [http://smtp.office365.com]

Phishing Scam – 06/18/2019 – Be sure to read this message! Your personal data is threatened!

Bitcoin scam. Notified server host, sent to Micorosft.

From: ******@ksu.edu [mailto:******@ksu.edu]
Sent: Tuesday, June 18, 2019 7:03 PM
To: ****** ****** <******@ksu.edu>
Subject: Be sure to read this message! Your personal data is threatened!
Hi, stranger!
I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.
You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).
While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.
Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.
What I’ve done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people), and the second part shows the recording of your webcam.
What should you do?
Well, I think $550 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).
BTC Address: 1K75LGyfBewpanhYRzViP4cL4uK96zCQee
(This is CASE sensitive, please copy and paste it)
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).
If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.
If you want to get proof, answer “Yes!” and resend this letter to youself.
And I will definitely send your video to your any 19 contacts.
This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.
Varakļānu Novada pašvaldības IT Datorspcīalists
Dmitrijs Vasnins
epasts: admin@varaklani.lv

Phishing Scam – 06/21/19 – RE: Delivery Failure

Blocked at the border.

From: RE: Ticket # 9DkE <info@email.windowsazure.com>
Sent: Friday, June 21, 2019 10:42 AM
To: ******* <*******>
Subject: RE: Delivery Failure
Dear User: *******
Did you miss your last email? No worries. There’s still time to review your undelivered email through your message portal.
You have 5 email messages from May 25, 2019 to May 28, 2019 due to failure on MX Validation. Kindly visit message Portal .
Visit Portal
Here’s why it matters: [https://www.icann.org/resources/pages/faqs-f0-2012-02-25-en]
Inaccurate contact details can result in email downtime or domain cancellation. If your domain email?contact info is up to date, you’re good to go. If not, then you need to correct it.

Phishing Scam – 06/20/2019 – *****SPAM***** Letter Of Interest.

Notified Google, Microsoft, and web hosts. This is a Reply-To Phishing Scam.

From: aref.safiah1@gmail.com
Sent: Wednesday, June 12, 2019 11:48 AM
To: Recipients
Subject: *****SPAM***** Letter Of Interest.
I am a senior Accountant with the Bayern LB Bank based in London UK, This private and confidential letter is an official legal notice, meant to intimate you of the untimely death of one Mr. Michael, a US national who was killed with his only 24 year old daughter in a terrible automobile accident in 2014. His total investment assets with the bank are in excess of Twenty Five Million, Seven Hundred thousand US Dollars’ ($25,700.000.00).
In my possession is the file with all the account details and placing your name as a possible next of kin or relative to the deceased makes any claim to this account most credible with your last name being exactly same with the deceased and failing to claim these funds by a Next of Kin means that the estate of the deceased will become unclaimed and abandoned and therefore will be turned over to the state after exactly Five years according to Law. And no one has come forward to lay claim to this deposit since the deceased died and all efforts to locate any of his relatives have proved unsuccessful that is why I took it upon myself to contact you based on your surname.
Upon your acceptance, I ask to present you before the bank as a Next of Kin to the deceased since you have same last name and I will establish your name in his file as the only available next of kin to the deceased and I will furnish you with every legal details you need to make a claim to this account. I will carefully guide you in every step to make sure you get the banks approval to release funds to you as Next of kin. To achieve this goal however, I compel you to treat this with the utmost confidentiality imaginable. With me and my colleague working inside the bank I am giving you a 100% assurance that this claim process will go smoothly without any hitch, and there will be no legal consequences after the claim. I propose you take 40% of the funds upon completion while I and my colleague who works inside the bank keeps 60%.
Furthermore, you are not compelled in any way to participate in this process if you do not feel comfortable, which means you are not under obligation to accept this proposition. if this proposition is acceptable to you please respond back to me urgently via email and I will send you more details regarding the process. I look forward to your urgent response by email.
Dr Aref Safiah
Financial Senior Auditor
Tel + 44 741 8427 628

Phishing Scam – 06/20/2019 – PART-TIME JOB OFFER OPPORTUNITY

Notified TrendMicro, Google, Microsoft, and the web hosts.This is both a Reply-To and a Link Phishing Scam.

From: Fred Jackson
Sent: Thursday, June 20, 2019 12:26 AM
To: Recipients
Work at your convenience time and earns weekly $300 if you are interested. Click here [http://jobopportunity.webnode.com/contact/] for further details to apply.
Este mensaje es solo para el destinatario(s) y puede contener información CONFIDENCIAL.
Si usted no es el destinatario, por favor destruya todas las copias del mensaje con sus adjuntos y
notifíquenos inmediatamente, ya que el mal uso de dicho correo es prohibido e ilegal.
Propiedad de este correo
©2006. Cía. Agrícola Industrial Santa Ana, S. A., Reservados todos los derechos.

Phishing Scam – 06/20/2019 – This information concerns the security of your account:

Notified email provider, notified Microsoft, and notified Google. This is a Reply-To Phishing Scam.

From: emilson@fcmail.com
Sent: Tuesday, June 18, 2019 12:40 PM
To: 24mcse <**********@ksu.edu>
Subject: This information concerns the security of your account:
I am a hacker who has access to your operating system.
I also have full access to your account: At the time of hacking your
account(**********@ksu.edu) had this password: 24mcse
You can say: this is my, but old password!
Or: I can change my password at any time!
Of course! You will be right,
but the fact is that when you change the password, my malicious code every
time saved a new one!
I’ve been watching you for a few months now.
But the fact is that you were infected with malware through an adult site
that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other
This means that I can see everything on your screen, turn on the camera and
microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence from
e-mail and messangers.
Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so
that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the
screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and
contacts on social networks. I can also post access to all your e-mail
correspondence and messengers that you use.
If you want to prevent this, transfer the amount of $739 to my bitcoin
address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is: 149zSza4sduAThkNwrCk7VjdUKgetkXsAF
After receiving the payment, I will delete the video and you will never hear
me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see
this letter.
Filing a complaint somewhere does not make sense because this email cannot
be tracked like my bitcoin address.
And please do not try to answer me (the sender’s address is automatically
I do not make any mistakes!
If I find that you have shared this message with someone else, the video
will be immediately distributed.

Phishing Scam – 06/17/19 – Re: Your request

URL in Attachment blocked at the border and sent to Trend.

From: “Bygall, Natalie Megan” <nmb5650@psu.edu<mailto:nmb5650@psu.edu>>
Date: June 17, 2019 at 8:50:25 PM CDT
To: Undisclosed recipients:;
Subject: Re: Your request
Your request for email shutdown has been accepted by Microsoft Outlook Facility Services with a status of shutdown your office 365 (school/work) Email.
And this request will be processed shortly. If this request was made accidentally or without your knowledge, you are advised to cancel the request immediately. Kindly Open attachment to cancel Request

Phishing Scam – 6/7/2019 – FW: Reminder -Document

Blocked at border, sent to Trend.

From: k-state.edu – Action Requested
Sent: Friday, June 7, 2019 3:45 PM
To: ********** ******** <******@ksu.edu>
Subject: Reminder -Document 6/7/2019 1:44:53 p.m.
******@k-state.edu [mailto:******@k-state.edu], Yοu have [1]new dοcument sent tο yοu via ΟneDriνe
Fax Received At : 6/7/2019 1:44:53 p.m.
Pages Receive: 2-Pages (s))
Click here to rꬴview Document [https://shiftbd.com/css/?AP___=******@k-state.edu]