Kansas State University



Category: Phishing Scams

Scam emails specifically targeting user credentials on K-State systems – like email.

Phishing Scam – 09/19/19 – Security Notice. Someone has access to your system.

Phishing with a request for Bitcoin. Sent to Google and Microsoft Anti-Phishing.

Email Body:

******* *******
Southwind Extension District 
Begin forwarded message:
From: health@EYECENTER.COM.TW [mailto:health@EYECENTER.COM.TW]
Subject: [*******] Security Notice. Someone has access to your system.
Date: September 19, 2019 at 1:44:21 PM CDT
To: *******@LISTSERV.KSU.EDU [mailto:*******@LISTSERV.KSU.EDU]
Reply-To: health@EYECENTER.COM.TW [mailto:health@EYECENTER.COM.TW]
I am a hacker who has access to your operating system.
I also have full access to your account.
I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this,
transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is:  3DPNtcD1NY8td1mEa6ijoi7e5VxZfghgsV
After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!
《免責聲明》本封電子郵件的圖文內容以及其任何附件﹙以下簡稱本訊息﹚,可能包含私密的、私有的、應為機密的、受特別保護的或其他依法應予保護的資訊。本訊息僅提供給列名的收件者或負責代為轉信的人。如果您非本訊息所預定的收受信件對象,則您將無權閱讀、列印、保留、儲存、複製或散播本訊息或其他任何部分。如果您誤收到本訊息,請立即自您的電腦及郵件系統刪除並且通知我們。我們發信前曾使用防毒軟體掃描病毒,但恕不對病毒或其他相似的缺陷負責,若您收到本訊息含有病毒或不適當的資訊,可能是歹徒偽冒我們的名義寄出,請立即通知我們。如果有電子郵件或其附件未經寄發本訊息的本人書面同意而遭歹徒更改變造或偽造,我們對此亦不負責。 NOTICE: This communication may contain privileged or other confidential information. If you are not the intended recipient, or believe that you have received this communication in error, please do not print, copy, retransmit, disseminate, or otherwise use the information. Also, please indicate to the sender that you have received this communication in error, and delete the copy you received. Thank you.

Reply to Scam – Good Day, (5612234K17622f52) – 9/19/2019

Reply to Scam Reported to Microsoft. Please do not respond.

From: Raed Yazbick
Sent: Thursday, September 19, 2019 1:43:33 PM (UTC-06:00) Central America
To: *******
Subject: Good Day, (5612234K17622f52)
We are reaching you with regard to your request on a HotJobs for career opportunity of Procurement Manager available.
Job location: USA, all states
Job Type: Full-time, Permanent
Salary: $94,000.00 to $119,300.00 / A Year
Responsibilities and duties:
– Implement and prepare the standard project planning and monitoring process for all projects
– Coordinate ongoing relationships with all clients together with the marketing department
– Monitor team work to meet the client and project scope needs
– Coordinate overall project plan with regional members
– Prepare regular reports and statistics data on a weekly basis
– Take part in business meetings and make suggestions to meet market demands
Required Skills:
– Proven staff role and management skills
– Be able to do exceptional customer service
– Must be detail-oriented, experienced and resourceful
– Skills of Microsoft Office Suite 
– Valid driver’s license and Driver experience
To get more information or apply please attach your resume at stephan.hewat@yahoo.com [mailto:stephan.hewat@yahoo.com] .
Attention Only persons with resume will be considered!

Phishing Scam – IB results for ******* – ******

URL is blocked at the border. Sent to Microsoft.

From: Francoise Darwish2
Sent: Wednesday, September 18, 2019 5:49 AM
To: **********
Subject: IB results for ********
 Private Message
You have received a private message from: Francoise Darwish2 .
Please click on the following link to view the message: https://self.ibo.org/message/2IdFARyDpM0HmiPnIZUTr8 [https://self.ibo.org/message/2IdFARyDpM0HmiPnIZUTr8]
This email or message link can not be forwarded to anyone else.
The message is available until: Friday, 18 October.
Message ID: 2IdFARyD
LiquidFiles Appliance [http://www.liquidfiles.com]: https://self.ibo.org [https://self.ibo.org]

Phishing Scam – 09/17/19 – FW: HELP DESK

Blocked at the border, sent to Trend. Web host notified.

From: Andrew Bayless &ltacbayless@ksu.edu&gt
Sent: Tuesday, September 17, 2019 3:35 PM
Subject: HELP DESK
All Staffs and Students are expected to migrate to the New 2019 Microsoft Outlook Web portal to access the below, CLICK HERE [https://tinyurl.com/yypjoayl] to migrate:
·    Access the new staff directory
·    Access your pay slips and P60s
·    Update your ID photo
·     E-mail and Calendar Flexibility 
·    Connect mobile number to e-mail for voicemail 
Important notice:  All staffs and students are expected to migrate within 24 hours to avoid delay on mail delivery.
On behalf of IT Support. This is a group email account and its been monitored 24/7, therefore, please do not ignore this notification, because its very compulsory. 

Phishing Scam – 09/11/19 – Alert: Account De-activation(Final Warning)

URL blocked at the border, Trend is notified.

From: k-state.edu <info@bullbasket.it>
Sent: Wednesday, September 11, 2019 9:46 AM
To: ****** <******@ksu.edu>
Subject: Alert: Account De-activation(Final Warning)
Dear *******@k-state.edu,
Thank you, we received your Email account de-activation request and this request will be processed before 24 hrs.
If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now
                   CANCEL DE-ACTIVATION . [http://colorable-ground.000webhostapp.com/notification1.php?email=*******@k-state.edu]
However, if you do not cancel this request,your account will be shutdown shortly, 
and all your email data will be lost permanently. 
Email Adminstrator 2019 Team.
powered by: Google+

Phishing Scam – 09/12/19 – NOTICE: Court Invitation Letter!

Phishing with a link.

From: Alex Yones
Sent: Thursday, September 12, 2019 19:44
To: no-reply@courtnotice.online
Subject: NOTICE: Court Invitation Letter!
 Good Day,
     Kindly be informed that your immediate attention is needed in court office on or before Wednesday the 18th Of September 2019 for clearification as your urgent attention is needed. You can view your courtinvitation letter HERE [http://courtnotice.online/] for more info.
Signed By
Alex Yones
Court Secretary.

Phishing Scam – 09/12/19 – Message Center Sync Error

Phishing with a link.

From: ⚠️Messäge Center System Sync ???? eNotificätion
Sent: Thursday, September 12, 2019 2:13 PM
To: ******* ******* <*******@ksu.edu>
Subject: Message Center Sync Error
Importance: High
Dear *******@k-state.edu [mailto:*******@k-state.edu]:
Your server has delayed the deIivery of 12 messages.
On Thursday, September 12, 2019 at 12:12:37 PM
REVlEW [https://incitingleaders.com/an?x_0=*******@k-state.edu]
Poweredby: MS Corporation 

Phishing Scam – 09/10/19 – Your account is being locked

URL is blocked at the border. Sent to Microsoft.

From: Microsoft Office 365 Team [mailto:messenger@webex.com]
Sent: Tuesday, September 10, 2019 10:56 AM
To: ****** ****** <******@ksu.edu>
Subject: Your account is being locked.
Importance: High
A request to terminate your account has been made.
Our records indicate that you recently made a request to terminate your account.
You will lose all your emails associated with your account. If you have no knowledge about the request process, kidnly cancel the request. 
Here’s what to do next: 
Sign in to Office 365 following this link mentioned below.
Once you’ve signed in with your account, the cancellation proccess would be disabled automatically.
Sign in to Office 365 []
This email was sent from an unmonitored mailbox.
You are receiving this email because you have subscribed to Microsoft Office 365.
Privacy Statement []
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA

Phishing Scam – 09/08/2019 – Pet Sitter Job

Reply-To Scam

From: ***** **** <******@ksu.edu [mailto:******@ksu.edu]>
Date: September 8, 2019 at 12:49:05 PM CDT
Subject:Pet Sitter Job
I am a fellow student of Kansas State University. My Aunt is moving to the school area and needs someone who can pet sit her dogs 3 hours daily within 9am-11pm. Pay is $350 weekly. Kindly email her for more info.
You are to email her with your personal email NOT school email so she can receive your email because most times I email her with my school email she hardly receive my emails. Her email is sarahpickett111@outlook.co [mailto:sarahpickett111@outlook.co]m