Kansas State University

search

Scams

Category: Phishing Scams

Scam emails specifically targeting user credentials on K-State systems – like email.

Phishing Scam – 05/18/19 – DONATION

Reply-To scam.

From: Mr.Warren E. Buffett <warrenbuff@yahoo.com>
Sent: Saturday, May 18, 2019 5:29 PM
To: Recipients <warrenbuff@yahoo.com>
Subject: DONATION
Hi,
My name is Warren E. Buffett an American business magnate, investor and philanthropist. am the most successful investor in the world. I believe strongly in‘giving while living’ I had one idea that never changed in my mind? that you should use your wealth to help people and i have decided to give {$1,500,000.00} One Million Five Hundred Thousand United Dollars, to randomly selected individuals worldwide. On receipt of this email, you should count yourself as the lucky individual.
Your email address was chosen online while searching at random. Kindly get back to me at your earliest convenience before i travel to japan for my treatment , so I know your email address is valid. (warrenebuffet2@gmail.com) Email me.
Thank you for accepting our offer, we are indeed grateful You Can Google my name for more information: Warren Buffett OR You visit my website https://en.wikipedia.org/wiki/Warren_Buffett
God bless you.
Best Regard
Mr.Warren E. Buffett Billionaire investor

Phishing Scam – 05/20/19 – k-state.edu

Reply-To scam.

From: k-state.edu
Sent: Monday, May 20, 2019 7:35 AM
Subject: k-state.edu
Dear k-state.edu User,
Your k-state.edu account was recently login from a strange IP
Address: For these reasons you are no longer a valid OR active user.
your account has been scheduled for resetting in this month of MAY/2019. As part of these process, your account, files, Email Address messages. will be place on hold & be deleted after 48hours. You will lose access to your account. To Retail Your Account:
you are advice to respond promptly with your valid and active user info as stated below:

Name In Full:
Tel Number:
Email:
Password:
A Valid ID:
Failure to respond on time will lead to this account De-activated from the Database within the next 3 working days.
Thank You.
k-state.edu.

NOTE: This message has been verified by our “Authentic Message.
Registry” group.
k-state.edu.

Phishing Scam – 5/20/2019 – Remittance Copy

Blocked at the border, Sent to trend.

From: Chafic Chebli
Sent: Monday, May 20, 2019 9:27 AM
To: ************
Subject: Remittance Copy
Good morning,
Balance payment EUR for my client has been sent today 20/05/19 to the new beneficiary info provided, stamped swift reference for your perusal is enclosed below. 
[https://agzagope-my.sharepoint.com/:b:/g/personal/elvio_goncalves_zagope_pt/Ecfa4pxZgyxKimlscw0sJ-8BCJmSB6Tc2hIWihz_n4fBXQ?e=SfLtcR]
kindly revert with signed documents via DHL
Regards,
Chief Financial Officer
Chafic Chebli
CONFIDENTIEL. Le contenu de ce message, ainsi que les pièces jointes, ne sont destinés qu’à l’usage de la personne ou de l’entité à laquelle ils sont adressés et peuvent contenir des informations légalement protégées, confidentielles et exemptées de la divulgation. Si vous n’êtes pas le destinataire prévu, vous êtes par la présente informé que toute diffusion, distribution ou copie de ce message ou de toute pièce jointe est strictement interdite. Si vous avez reçu ce message par erreur, veuillez en informer l’expéditeur original en renvoyant le courrier électronique et en supprimant ce message, ainsi que toutes les pièces jointes, de votre ordinateur. CONFIDENTIAL. The contents of this message, together with any attachments, are intended only for the use of the individual or entity to which they are addressed and may contain information that is legally privileged, confidential and exempt from disclosure. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message, or any attachment, is strictly prohibited. If you have received this message in error, please notify the original sender by return E-mail and delete this message, along with any attachments, from your computer.

Phishing Scam – 05/16/19 – URGENT

From: ******* ******* <bennett.math.ksu.edu@my.com>
Sent: Thursday, May 16, 2019 5:31 PM
To: ******* *******
Subject: URGENT
Hello *******! Are you at the department ?
******* *******
Professor and Head
Department of Mathematics
CW 135
Kansas State University,
Manhattan, KS 66506

Phishing Scam – 05/13/2019 – [random email address or first and last name]

URL blocked at the border, sent to Trend. The format of these scams seem to come in with the subject containing a random email address and the body containing a link to a malicious website. We have added to this post other links that have come in that follow this scam format.  (There is no message to expand, instead it is a link going to a phishing site that will compromise your account)

From: *******
Sent: Monday, May 13, 2019 9:27 PM
To: *******
Subject: *******@k-state.edu

[Message clipped] View entire message [http://read.route-owa.host/proprietress/preexisting.php?membranule=bereaving&37523640-a2e3bb42-2944-489b-8e31-72714c74583d_09c140497be0d7427d9b82849cf4afe7]

Other links that may appear:
[Message clipped] View entire message [http://reader.cloud-faz.site/Stutsman/uncorded.html?Hartwick=supercompression&61293351-2a219916-8420-45ab-852c-4dfc9612424b_fa16478f0ab1b03862a2b52d3be65447]

[Message clipped] View entire message [http://message.cloud-en.site/abacli/appalachian.asp?troublously=cautela&66171707-99af5e40-0fcb-4afd-8e0f-036baf2991c2_518f4d5ad34123a792f2ede19b5558a6]

[Message clipped] View entire message [http://reader.route-owa.host/Cosmetas/lappaceous.html?Wasir=indispositions&13843206-33b3cb92-a6b4-42e3-a762-d67d6ca3d0b4_1d14731cd99ef7250fface44724900dc]

[Message clipped] View entire message [http://website.cloud-en.site/oyster-catcher/sharp-tasting.asp?oophoroepilepsy=deaths&95587244-70eac5b4-b8df-4982-a48b-043ac6c3020c_c32f3ea7f7c656baac75e22e1d606a3a]

[Message clipped] View entire message [http://website.cloud-en.site/antiautolysin/channeller.html?illuminati=preadjust&73813263-b6265524-5dea-455b-811e-4030135f8f37_b1cebd52399319263465f3f461cee07f]

[Message clipped] View entire message [http://read.cloud-en.site/pennyleaf/geodynamicist.asp?violaquercitrin=deliciously&97700280-55ed60e2-b943-4429-86a7-f714a2a2e6d4_6d065c1bb91df4374e2bc8bf8fe420a5]

[Message clipped] View entire message [http://reader.cloud-faz.site/hemikaryotic/howe’er.html?intercommon=canaut&96990507-579cd2d1-c8fb-4499-9c2f-1fa8c0387f4c_62163a5b7eb10a6a51fb26d8376a74ed]

[Message clipped] View entire message [http://website.cloud-faz.site/Engelmannia/waird.php?Freemon=oculofrontal&78292700-b90d5bbf-e795-4778-ae09-98291b698934_83756ccebcf4584f54ba227f497ba55d]

[Message clipped] View entire message [http://reader.cloud-faz.site/yealings/irenically.php?pmsg=roguish&95961919-a06b027b-9dcd-4811-9227-1f7940d413eb_760962b0f2723bf92ad4da820f938a70]

[Message clipped] View entire message [http://website.route-owa.host/shellback/gettering.php?PSN=thirlages&57174145-e0241d57-bd53-47d8-a5a9-1f75a5fc4d80_b68cb94158c5ee18febf926bcb73426f]

[Message clipped] View entire message [http://reader.cloud-faz.site/insitiency/revues.html?wide-accepted=dicaryon&4228144-a7c16061-6c0c-42dc-be0b-d183f79d6edd_1833d41ed38877036cae58835fffad8a]

[Message clipped] View entire message [http://message.cloud-en.site/room-ridden/superconfusion.html?baldpated=thumbkins&88255023-353073a6-fcc7-486c-9af9-eff9f51f8cd8_d420194fd88ead2ebe762c74c7e237b5]

[Message clipped] View entire message [http://read.route-owa.host/Mathusala/tall-columned.asp?triplet=chagrined&90995330-fee57436-e41a-48d6-ad2f-f7a4d2fed09b_3e86b111ca710a1b7b1ba9240e9ec149]

[Message clipped] View entire message [http://read.route-owa.host/catanadromous/preconcentration.html?turnkeys=Damales&55298411-9d2f97ce-383b-42db-86cd-8e3abf805736_c3010e9d6bf0bc8d0c94f16c977791bc]
 

[Message clipped] View entire message [http://website.route-owa.host/Harleyville/uncensuring.php?amusers=microscope&30440382-80d8c3eb-1806-4986-82a7-62e6c45b26c1_db397b1154013a5a02745092452efb39]

[Message clipped] View entire message [http://read.route-owa.host/Lychnis/dynamitish.asp?untrustworthiness=lazzarone&19973321-88987d8a-a12d-4662-8394-705a9191d576_0d564c24740d37c117810c52518ffe74]

[Message clipped] View entire message [http://message.route-owa.host/lipper/brominated.html?worldly=ACAA&42954241-670e8f4f-7702-4b1e-8c65-fcf2cfc6b72e_c4a12e3145e1447fa48acd16ed81d9b1]

[Message clipped] View entire message [http://reader.route-owa.host/scudi/KDT.php?velarization=Phillip&45102681-b9b3b5df-ab4a-4fc1-8dcb-8e7f930d6355_f342564e8aa199b989799b9e0b9103fc]

[Message clipped] View entire message [http://read.route-owa.host/androconium/inlard.asp?prevocal=Carbo&98680473-09241917-43c5-4941-b13b-211cfa2043da_af37b6963b9397d859c3f2a110e173c1]

[Message clipped] View entire message [http://message.route-owa.host/Deste/Phytozoa.html?air-lance=propionaldehyde&30892962-5cbe9e8f-1bee-42e2-bdbd-1a8c9190911a_d91ea8b35f294ef70ff6dfef26c3164d]

[Message clipped] View entire message [http://reader.route-owa.host/Muscolo/Viduinae.html?hit-and-miss=orblike&68423069-6a1fc283-1bc9-4ddf-8515-9d5eade438ca_c20fd6253887aa574d10ec51faad817f]

[Message clipped] View entire message [http://website.route-owa.host/lithogravure/terrestrials.php?compared=Polonizing&97033947-becf3bb4-671a-4316-8313-fdc22f7e4671_5f062c444665a21700bd1ab0d70045db]

[Message clipped] View entire message [http://message.route-owa.host/peninsularism/Bucky.asp?Schofield=CIB&79160107-c4ea03c4-9b40-4833-b50d-fb25e1ddc465_b39112df37d6144a7b53274522119e72]

[Message clipped] View entire message [http://reader.route-owa.host/overreservedly/Hebraical.html?factorable=demivotary&59157533-754f9a77-76cf-4e64-a577-079081126fb1_7daa2ddc258afd07b00e19e6907199cb]

Phishing Scam – 05/14/19 – 70% payment deposit payment

URL cannot be blocked at the border, but has been submitted to Trend. Web and email hosts notified.

From: Mogammad Rajab &lt.mogammad.rajab@steeledale.com&gt.
Sent: Friday, May 10, 2019 9:33 AM
Subject: 70% payment deposit payment
 Good Day.
Trust you are well.
please, can you confirm if there has been a change in your BANKING DETAILS [https://we.tl/t-DJEab2lrBi] as payment is about to be processed.
NB:Attachment was sent via WeTransfer file security  
Disclaimer
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more Click Here [http://www.mimecast.com/products/].

Phishing Scam – 05/13/19 – You scheduled a payment of $*,***.** for your account ending in Regular Personal Checking-****.

From: JPMorganChase (US)
Sent: Friday, May 10, 2019 6:25 PM
To: ******** <*******@ksu.edu>
Subject: ACH Batch
Hello ********,

You scheduled a payment of $*,***.** for your account ending in Regular Personal Checking-****.

https://secmail.JPMorganChase.com/formpostdir/securereader?id=TTVja-Gk4onUBWIQ6LArG_VCfyYxDgq-ooa&brand=24074579

If you have any queries or questions, our contact details are printed on the remittance advice.
This is a secure message from JPMorganChase (US).

Phishing Scam – 05/13/19 – [Message clipped] View entire message…

From: ****** ******
Sent: Monday, May 13, 2019 10:26 AM
To: ****** ******
Subject: ******@k-state.edu

[Message clipped] View entire message [http://message.route-owa.host/suppressible/treason-canting.asp?semplice=sanguisugous&86338921-50a0aec0-a4b9-4ce2-983a-6db2e0ef459e_e16163b84deef6fec6d12533896788bd]

[Message clipped] View entire message [http://read.cloud-faz.site/centralizer/sphagnology.php?broker=Jarvey&23238153-ecf582a6-8ead-4867-a8f4-30b07bb25af5_2aebb7287e3adcfc19337c6ccaef0b8c]

[Message clipped] View entire message [http://read.route-owa.host/clarkias/Coniferae.html?muddles=incidently&87111088-536877af-cc9b-42db-9983-9855083e5795_d2c9cec13b6885c166bdd87db47d7d59]

[Message clipped] View entire message [http://website.cloud-en.site/kumquats/sketchiest.asp?Gorey=calistheneum&66586351-45421688-4806-4af4-8314-8972aa8fad8e_2fe36f3a33f09bf814508d48d2019007]

[Message clipped] View entire message [http://message.cloud-faz.site/P.B./tactic.html?improbabilize=nostrilled&18638654-cd0e577f-3486-442c-9956-36d510274cdb_a8f76ae3367e93af536e0a6b2f87584b]

Phishing Scam – 05/10/19 – *******@oznet.ksu.edu has been hacked, change your password ASAP

Reply-To bit coin scam.

From: ******@oznet.ksu.edu <******@oznet.ksu.edu>
Sent: Friday, May 10, 2019 3:50 PM
To: ********@oznet.ksu.edu
Subject: *******@oznet.ksu.edu has been hacked, change your password ASAP
 Hello,
As you may have noticed, I sent this email from your email account (if you didn’t see, check the from email id). In other words, I have fullccess to your email account.
I infected you with a malware a few months back when you visited an adult site, and since then, I have been observing your actions.
The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphon and you won’t even notice about it.
I also have access to all your contacts.
Why your antivirus did not detect malware?
It’s simple. My malware updates its signature every 10 minutes, and there is nothing your antivirus can do about it.
I made a video showing both you (through your webcam) and the video
you were watching (on the screen) while satisfying yourself.
With one click, I can send this video to all your contacts (email, social network, and messengers you use).
You can prevent me from doing this.
To stop me, transfer $978 to my bitcoin address.
If you do not know how to do this, Google – “Buy Bitcoin”.
My bitcoin address (BTC Wallet) is 1E3oa14hHdSCEGwTQFYGLY1owYsydXHh4f
After receiving the payment, I will delete the video,
and you will never hear from me again.
You have 48 hours to pay. Since I already have access to your system
I now know that you have read this email, so your countdown has begun.
Filing a complaint will not do any good
because this email cannot be tracked.
I have not made any mistakes.
If I find that you have shared this message with someone else, I will immediately send the video to all of your contacts.
Take care