The scammer will use an existing random legit message in a compromised account’s inbox (to build credibility) and reply to it urging the receiver to click on the link leading to a one drive containing malware or a phishing scam. The body of the message contains reference to a password to the archive being 7777. We are adding compromised one drive links to this posting.
Here is a form you asked
Password for archive: 7777
Below is an example message the scammer replied to. The scammer can reply to any legit message in a compromised account’s inbox. They do this to build credibility to convince the victim the above scam is real.
>Your eID password will expire on 09/29/2016. You are receiving this email because as of 09/15/2016 02:00 AM the password for eID edeters has not been changed. You must change your password every 180 days.
>If your password is not changed by 09/29/2016, you will LOSE ACCESS to central email, KSIS, K-State Online, limited free printing, university computing labs, and other ITS services. To change your password, sign into Connect by clicking the “Sign in” button from the K-State home page. Once you are on the Connect page, find the eProfile section, click the “Manage password” link and then follow the prompts to change your password. Make sure to enter your cell phone number so you can later recover a forgotten password via text message.
>Once you have changed your password, immediately update the password settings with your new password in all your computers, devices and applications or else risk getting locked out of K-State wireless or email. This includes:
> –KSU Wireless and/or KSU Housing wireless connections
> –Your local email and calendar client such as Outlook, MacMail and iCal, Pegasus, or Gmail
> –Your mobile device(s) such as your cell phone or tablet
>Did you forget your password? Go to Connect by clicking the “Sign in” button from the K-State home page. Click the “Forgot your eID password?” link and follow the prompts to reset your password. You can reset your password by email or by text message.
>STUDENTS and EMPLOYEES: You will need to confirm or make changes to your contact information as part of changing your password.
>Contact us if you need assistance.
>IT Help Desk
>214 Hale Library
>Kansas State University