Phishing scam with a link. Blocked at the border.
From: <*******@ksu.edu [mailto:*******@ksu.edu]>
Date: June 20, 2019 at 11:39:39 PM CDT
To: <firstname.lastname@example.org [mailto:email@example.com]>
Bitcoin scam. Notified server host, sent to Micorosft.
From: ******@ksu.edu [mailto:******@ksu.edu]
Sent: Tuesday, June 18, 2019 7:03 PM
To: ****** ****** <******@ksu.edu>
Subject: Be sure to read this message! Your personal data is threatened!
I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.
You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).
While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.
Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.
What I’ve done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people), and the second part shows the recording of your webcam.
What should you do?
Well, I think $550 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).
BTC Address: 1K75LGyfBewpanhYRzViP4cL4uK96zCQee
(This is CASE sensitive, please copy and paste it)
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).
If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.
If you want to get proof, answer “Yes!” and resend this letter to youself.
And I will definitely send your video to your any 19 contacts.
This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.
Varakļānu Novada pašvaldības IT Datorspcīalists
Notified Google, Microsoft, and web hosts. This is a Reply-To Phishing Scam.
Sent: Wednesday, June 12, 2019 11:48 AM
Subject: *****SPAM***** Letter Of Interest.
I am a senior Accountant with the Bayern LB Bank based in London UK, This private and confidential letter is an official legal notice, meant to intimate you of the untimely death of one Mr. Michael, a US national who was killed with his only 24 year old daughter in a terrible automobile accident in 2014. His total investment assets with the bank are in excess of Twenty Five Million, Seven Hundred thousand US Dollars’ ($25,700.000.00).
In my possession is the file with all the account details and placing your name as a possible next of kin or relative to the deceased makes any claim to this account most credible with your last name being exactly same with the deceased and failing to claim these funds by a Next of Kin means that the estate of the deceased will become unclaimed and abandoned and therefore will be turned over to the state after exactly Five years according to Law. And no one has come forward to lay claim to this deposit since the deceased died and all efforts to locate any of his relatives have proved unsuccessful that is why I took it upon myself to contact you based on your surname.
Upon your acceptance, I ask to present you before the bank as a Next of Kin to the deceased since you have same last name and I will establish your name in his file as the only available next of kin to the deceased and I will furnish you with every legal details you need to make a claim to this account. I will carefully guide you in every step to make sure you get the banks approval to release funds to you as Next of kin. To achieve this goal however, I compel you to treat this with the utmost confidentiality imaginable. With me and my colleague working inside the bank I am giving you a 100% assurance that this claim process will go smoothly without any hitch, and there will be no legal consequences after the claim. I propose you take 40% of the funds upon completion while I and my colleague who works inside the bank keeps 60%.
Furthermore, you are not compelled in any way to participate in this process if you do not feel comfortable, which means you are not under obligation to accept this proposition. if this proposition is acceptable to you please respond back to me urgently via email and I will send you more details regarding the process. I look forward to your urgent response by email.
Dr Aref Safiah
Financial Senior Auditor
Tel + 44 741 8427 628
Notified TrendMicro, Google, Microsoft, and the web hosts.This is both a Reply-To and a Link Phishing Scam.
From: Fred Jackson
Sent: Thursday, June 20, 2019 12:26 AM
Subject: PART-TIME JOB OFFER OPPORTUNITY
Work at your convenience time and earns weekly $300 if you are interested. Click here [http://jobopportunity.webnode.com/contact/] for further details to apply.
Este mensaje es solo para el destinatario(s) y puede contener información CONFIDENCIAL.
Si usted no es el destinatario, por favor destruya todas las copias del mensaje con sus adjuntos y
notifíquenos inmediatamente, ya que el mal uso de dicho correo es prohibido e ilegal.
Propiedad de este correo
©2006. Cía. Agrícola Industrial Santa Ana, S. A., Reservados todos los derechos.
Notified email provider, notified Microsoft, and notified Google. This is a Reply-To Phishing Scam.
Sent: Tuesday, June 18, 2019 12:40 PM
To: 24mcse <**********@ksu.edu>
Subject: This information concerns the security of your account:
I am a hacker who has access to your operating system.
I also have full access to your account: At the time of hacking your
account(**********@ksu.edu) had this password: 24mcse
You can say: this is my, but old password!
Or: I can change my password at any time!
Of course! You will be right,
but the fact is that when you change the password, my malicious code every
time saved a new one!
I’ve been watching you for a few months now.
But the fact is that you were infected with malware through an adult site
that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other
This means that I can see everything on your screen, turn on the camera and
microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence from
e-mail and messangers.
Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so
that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the
screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and
contacts on social networks. I can also post access to all your e-mail
correspondence and messengers that you use.
If you want to prevent this, transfer the amount of $739 to my bitcoin
address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is: 149zSza4sduAThkNwrCk7VjdUKgetkXsAF
After receiving the payment, I will delete the video and you will never hear
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see
Filing a complaint somewhere does not make sense because this email cannot
be tracked like my bitcoin address.
And please do not try to answer me (the sender’s address is automatically
I do not make any mistakes!
If I find that you have shared this message with someone else, the video
will be immediately distributed.
Notified Google, notified Microsoft, and this is a reply-to scam.
Sent: Wednesday, June 19, 2019 1:20 PM
To: ******* <******@ksu.edu>
Hello,are you available?
URL in Attachment blocked at the border and sent to Trend.
From: “Bygall, Natalie Megan” <firstname.lastname@example.org<mailto:email@example.com>>
Date: June 17, 2019 at 8:50:25 PM CDT
To: Undisclosed recipients:;
Subject: Re: Your request
Your request for email shutdown has been accepted by Microsoft Outlook Facility Services with a status of shutdown your office 365 (school/work) Email.
And this request will be processed shortly. If this request was made accidentally or without your knowledge, you are advised to cancel the request immediately. Kindly Open attachment to cancel Request
Blocked at border, sent to Trend.
From: k-state.edu – Action Requested
Sent: Friday, June 7, 2019 3:45 PM
To: ********** ******** <******@ksu.edu>
Subject: Reminder -Document 6/7/2019 1:44:53 p.m.
******@k-state.edu [mailto:******@k-state.edu], Yοu have new dοcument sent tο yοu via ΟneDriνe
Fax Received At : 6/7/2019 1:44:53 p.m.
Pages Receive: 2-Pages (s))
Click here to rꬴview Document [https://shiftbd.com/css/?AP___firstname.lastname@example.org]