Kansas State University



Month: October 2019

Phishing Scam – Security Notice. Someone has access to your system. – 10/31/2019

Sent to Microsoft and Google anti-phishing and notified email server host.

From: Amelia <editorial@theartistcommunity.net>
Sent: Thursday, October 31, 2019 12:46 PM
To: *******
Subject: Security Notice. Someone has access to your system.
I am a hacker who has access to your operating system.
I also have full access to your account.
I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this,
transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is: 3KaqkQhfUYrFWGX3dKBN4z2QnoXh15K9pW
After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!

Phishing Scam – 10/24/19 – Paid Research Opportunities with Pearson

Phishing attempt. Blocked at the border. Notified web-host, Trend, and Microsoft.

From: “Sandy Amaro, Pearson” <pearson@ocrm3.pearson.com [mailto:pearson@ocrm3.pearson.com]>
Subject: Paid Research Opportunities with Pearson
Date: October 24, 2019 at 2:31:19 PM CDT
To: <*******@k-state.edu [mailto:*******@k-state.edu]>
Reply-To: “Sandy Amaro, Pearson” <reply-fe95167271650c7970-667_HTML-517234046-7229612-110@ocrm3.pearson.com [mailto:reply-fe95167271650c7970-667_HTML-517234046-7229612-110@ocrm3.pearson.com]>
**These messages have been known to be malicious. Please, be very cautious with these messages.**
Dear Professor *******,
Pearson invites you to complete a ~15 minute research activity related to textbook selection in exchange for a $15 Amazon gift card. Fully completing the activity will also automatically enter you into a raffle to win an additional $250 Amazon gift card. All payouts and a winner will be announced on November 4th, 2019.
To participate, simply follow the link below to begin. Be sure to type your email in carefully so that we may process your payment.
Begin activity → [http://click.ocrm3.pearson.com/?qs=2755048319a06e362735e703131a32a78d77c3ad162934d4009dfafed2b5f11511aafa055fbdcbe312a455b0590b59aee4f238a04a8964d9]
Thank you very much for your participation.
Sandy Amaro
User Experience Administrator
[http://click.ocrm3.pearson.com/?qs=2755048319a06e3624f3bbb93759edc3dffba552c78eca3e54dcadb5ebd9e854aeb6d2d0679c6c9876bd406f05667ee42b6910d30cbdb90f]  [http://click.ocrm3.pearson.com/?qs=2755048319a06e363d7c2aab0be4168aafa1ed07e1706038c70b486f8199d7b78a03e10827f474a34910d82f6bf391d811e1cc9ab737cafe]  [http://click.ocrm3.pearson.com/?qs=2755048319a06e364779d92ec6cb1b3282d8ea94d5f71835d8ac7ac350a8e54d1ff0b05938431f3e22444fe2ac50dce51b7e6fe9ff7514b7]  [http://click.ocrm3.pearson.com/?qs=2755048319a06e36a9c5d911d3298089dcc13d35de6683c71e5a8fc94687838730b436c1e8640078bc1552484a631a20852bf4a017bd6c53]
View in browser [http://view.ocrm3.pearson.com/?qs=e2cb6df87077950678d23373e66c390e309b87e41b8349dc074ee4400f32afa5eba14887bfb63ce741236ea45732d8b4cefe8804df087bb4cb810d33300e253dc0cbc7126af36f0f07bd91e360e2b23b]
Terms of Use [http://click.ocrm3.pearson.com/?qs=2755048319a06e36b76cb3ac74b1ad6ecd1192edb8dcb360cc9e7df58e6c47cf084b5a1ceb1b586a83618623dc0412765aafa3c524650411] | Privacy Policy [http://click.ocrm3.pearson.com/?qs=2755048319a06e361ddb60ea5d7e8095ce09a2f48183e8d2427fd62255e18fcf74022b83ee58d2f34a91eae54c2ca22d6f9c6477c4ef0a1e]
Email Preference Center [http://click.ocrm3.pearson.com/?qs=2755048319a06e361aa7f90c985ca583902576a434b3e07bf67ce677fdd4a4b2eb60699a505f3e20c4ce364eee1e033f2d13495d5f688928e7d1bbfce3e7b98c] | Unsubscribe [http://click.ocrm3.pearson.com/?qs=2755048319a06e36c50f90754bb0ac097c05e037f5dc67b5b21dc1f2dbf6bc6e9e291907f7b0e24339baca644640ebb32465389f5ae19567aa3968d4ec527741]
Copyright © 2019 Pearson Education [http://click.ocrm3.pearson.com/?qs=2755048319a06e36abe5ac91715a4fb47a9bcb9edbee60e8fa9cd1ffed4e39e1d993682b2179b1736595c6b4a5e6ddb1148073bf9bea0a9b]
Pearson Shared Services Limited |
221 River Street, Hoboken, NJ 07030 | United States [http://click.ocrm3.pearson.com/?qs=2755048319a06e36bb8dd3f83304ae3b005c0873c250f959cf3507917e638e19aca467eb57c89390281d22a72ff4374417bc76577ac3b5a7]
NAM-19285 10/19

Phishing Scam – 10/17/19 – High-severity alert: Deferred Messages from K-state Mail Server Error:20pul

Phishing with a link. Notified web host, Trend, and Microsoft.

From: K-state Admin Alerts &ltadmin@redfrog.studio&gt
Date: October 17, 2019 at 3:14:46 PM MDT
To: ******* ******* &lt*******@ksu.edu&gt
Subject:High-severity alert: Deferred Messages from K-state Mail Server Error:20pul

Mail Server Error ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 
Hello K-state,
Your K-state mail server is experiencing some deliverability problems and is scheduled for deactivation, on Monday, May 13, 2019. Here is the description of the error:
Resolve Error [https://k-state-edu.miltfumc.org/hndmw.wat?vz=f9a2Vuc0BrLXN0YXRlLmVkdQ%3D%3D]

K-state Mail server hostname does not match with EHLO/HELO greeting. The SMTP greeting include 3-digit code, followed by a space or a dash, and the mail server host name. If your email header hostname does not match with EHLO or HELO, your email may be blocked by anti-spam software. This is a technical violation of RFC 821 Section 4.3 and RFC 2821 Section 4.3.1. The hostname given in the SMTP greeting must have an A record pointing back to the mail server.
Account Summary
Account Name: *******@k-state.edu
Mail Server: K-state
This email was sent from an unmonitored mailbox.

Phishing Scam – 10/16/19 – Student pass – found

Url sent to Trend.

From: Jane Pillar <shahili@hscworldwide.com>
Sent: Wednesday, October 16, 2019 5:24 PM
To: *****@ius.edu
Subject: Student pass – found
Importance: High
Good morning,

I found the ID pass of one of your students on the train line yesterday scanned – https://dl1.onedrive-sn.com/?xsaeuunozerijmeboxgtuuhxngu
I?ll post it to the college today.


Jane Pillar
Head of Secretarial Services

Phishing Scam – 10/10/19 – Fwd: Quota Limit Reached – New message(s) will now be returned

URL blocked at the border, sent to Trend.

From: **** ********* <*************@ksu.edu>
Sent: Thursday, October 10, 2019 11:22:23 PM
Subject: Quota Limit Reached – New message(s) will now be returned
  Dear User,
    You have received this message because you have reached your Quota limit. Incoming messages will therefore bounce or return to sender.
Reset your quota using this link http://www.ksu.edu/helpdesk/Kupdate [https://cutt.ly/DeouX14] , and avoid losing incoming messages.
 IT Help Desk,
214 Hale Library
Manhattan, KS 66506
Copyright © 2019

Phishing Scam – 10/09/19 – HELPDESK

URL Blocked at the border, sent to Trend.

From: ***** <****@ksu.edu [mailto:****@ksu.edu]>
Date: October 9, 2019 at 6:21:09 PM CDT
All Staff and Student are expected to migrate to the New Microsoft Outlook  2019 Web portal to access the following, 
·    Access the new staff directory
·    Access your pay slips and P60s
·    Update your ID photo
·     Avoid delay in Email delivery (Incoming and Outgoing Email messages)
·    Synchronize Cellphone contact with Email 
Important notice:  Staffs and students are expected to migrate within 24 hours to avoid uninterrupted email service.  CLICK HERE  [http://vovo-c15.cf/suv/office]  to migrate
On behalf of IT Support, this is a group email account and it is being monitored 24/7. Therefore, do not ignore this notification as it is very important.
Admin Team.

Phishing Scam – 10/1/19 – Recruitment at AMP Life

Reply-To Phishing Scam.

From: Mark Gibbs <markgibbs017@gmail.com>
Sent: Tuesday, October 1, 2019 8:21:38 AM
To: *******
Subject: Recruitment at AMP Life
I am Mark Gibbs, from AMP Life Limited, extremely in need of assistants in your geographical location so Our Company have been on internet for networking to seek people who are responsible and ambitious to gain part of the part time position i’m offering.
We are in need of assistant of someone who will only Initiate Suppliers payment, Tracking Raw Materials and supplies (online) to ensure on time delivery of Products to Bookstores,Libraries/customers when needed,This employment takes 2 hours a day and 3 times a week for $300.00 weekly ( You will be paid in advance for all tasks and purchases to be done as a company Representative).
This position doesn’t cost you any money to start with and all expenses needed will be provided by me, if interested kindly get back with the details requested below and i will get back to you with more details and we shall proceed on working together.
Full Name:
Phone Number:
Alternative Email:
Please ignore if not interested. Thanks for your understanding.
Warm Regards.
AMP Life Limited.

Phishing Scam – 10/8/2019 – FW: Due Invoice.

Phishing with a link.

From: Kayla Lichty
Sent: Tuesday, October 08, 2019 3:41 PM
Subject: Due Invoice.
Please find attached your latest statement of account as of today for your review and advise as to when we would receive our payment as forwarded to us from our finance department.
We urge you settle at your earliest to avoid use of legal actions for retrieval by our legal department.
https://biqkristof-my.sharepoint.com/:o:/g/personal/webclient_biqkristof_onmicrosoft_com/EttpyCdvsxtGmS0NT9AdELEBn_pNdJ3vJVdEn_OubYaZ7w?e=Rgd76u [https://biqkristof-my.sharepoint.com/:o:/g/personal/webclient_biqkristof_onmicrosoft_com/EttpyCdvsxtGmS0NT9AdELEBn_pNdJ3vJVdEn_OubYaZ7w?e=Rgd76u]
Kayla Lichty
Events Manager
klichty@farmjournal.com [mailto:klichty@farmjournal.com]
402 ½ Main Street, Cedar Falls, Iowa 50613
www.farmjournal.com [http://bit.ly/2S4qjZC]
This e-mail, together with any attachments, is for the exclusive and confidential use of the intended addressee. Unless you are the intended addressee (or authorized to receive for the intended addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this message is error, please notify the sender via e-mail immediately and delete the message from your computer without making any copies.