Kansas State University



Phishing Scam – 3/19/2018 – SharëPoíntFile Noitication

URL is blocked at the border, Web host has been notified

From: Internal Fax Transmission [incominsmsgfaxst@intuitfax.com] <krystle.brassard@marketersondemand.com>
Sent: Monday, March 19, 2018 11:45 AM
Subject: SharëPoíntFile Noitication
Hi There,
A document was shared with you via SharePoint File.
View SharePoint Doc [https://jodanssupplyco.id/zdex.htm]

Phishing Scam – 03/18/2018 – Ticket ID: #135863000223

URL is blocked at the border, Web host has been notified

From: ********@ksu.edu
Sent: Sunday, March 18, 2018 6:54 AM
Subject: Ticket ID: #135863000223
Notification of Ticket Escalation
Workspace: Service Desk
Ticket: Request closed
Ticket Number: #135863000223
Priority: High Status: Request
Creation Date: 2018-18-03

I have marked your Request as closed.
Please review the details of your request in the Self Service portal via the following link: Your incident [http://www.idea.ufpr.br/uploaded/avatars/ksu/]
If you feel that your request has not been completed, please visit your incident link to re-open the request.
The last action taken are as follows:

03/18/2018 08:16 am IT service:
ID checked
If you do not reply, this request will be formally closed this weekend.
IT Service Desk
Information Technology

Phishing Scam – 03/16/2018 – K-state ITS

Phishing form.

From: Brougher, Shannon Christine
Sent: Friday, March 16, 2018 05:15 PM
Subject: K-state ITS
 Your K-state account will be De-activated as you have requested.
If this is not you, please Undo Request [https://form.jotformeu.com/80737677356369]
ITS | Kansas State University.

Phishing Scam – 3/16/18 – Inv 439467 – PO #7Q449298

URL is blocked at the border. Web host has been notified.

From: ******* ********
Sent: Monday, February 26, 2018 6:55 AM
To: ******* ********
Subject: Inv 439467 – PO #7Q449298
Hi ****** *****

I sent an email on 02/26/2018 and never got a response. We are now showing six past due invoices. Inserted is a current aging.
I would appreciate it if you could check on it and let me know when we can expect payment. Thanks!
>>> http://vdposev.ru/Open-Past-Due-Orders/

****** ******

Phishing Scam- 03/09/2018- Final Warning

URL is blocked at the border. Web host has been notified.

From: Scan@office.com
Sent: Friday, March 9, 2018 9:55 AM
Subject: Final Warning
This message was identified as a phishing [http://aka.ms/LearnAboutPhishing] scam.
Feedback [http://aka.ms/SafetyTipsFeedback]
Dear User,
  This is to notify you that we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below:
 Validate Email Account [http://m-merchantservices.com/newerly/office/]
IT Help Desk
Office of Information Technology.

Phishing Scam – 3/11/2018 – Help Desk Support Team

URL is blocked at the border. Web host has been notified.

From: Andreas Bjørneboe
Date: March 11, 2018 at 1:58:40 PM CDT
To: Andreas Bjørneboe
Subject:Re: Help Desk Support Team
This message was identified as a phishing [http://aka.ms/LearnAboutPhishing] scam.
Feedback [http://aka.ms/SafetyTipsFeedback]
All Staff & Employee
Your Account was recently signed in by Unknown IP address:, kindly CLICK-HERE [http://drandrewproctor.000webhostapp.com/] to validate and verify your e-mail account or your e-mail will be automatically disable for sending more messages.
Help Desk Support Team

Phishing Scam- 03/11/2018- “{Fw: ✉ YOUR ACCOUNT WILL BE CLOSED SOON}

URL is blocked at the border. Web host has been notified.

From: Email Administrator ************@hotmail.com
Sent: Sunday, March 11, 2018 7:13 PM
To: *********@gmail.com
Account Update Your account will be closed at 13/03/2018
Dear User
This message is being sent to you to inform you that your account will be closed at 13/03/2018
If you wish to continue using this account please upgrade to our services. Ignoring this message that will cause the account to be closed
Update your account http://mudancasglobais.com.br/.vps/autodomain/autofil/index.php
Note: This upgrade is required immediately after receiving this message
Thank you.

Microsοft respects your privαcy. Review our οnline Privαcy Statement

Phishing Scam – FedEx Express Delivery Notification – 03/07/2018

URL has been reported to Google. Web host has been notified.

From: Barbara L. Warland
Sent: Wednesday, March 7, 2018 2:50 PM
To: kahn@ecc.edu
Subject: FedEx Express Delivery Notification
Dear Customer
Our delivery service couldn’t deliver your package. The package weight exceeds our free-delivery limit.
You have to receive your package personally at our nearby outlet (See page 2 for details).
Please print out the label attached or copy and paste the URL below into your browser to download.
 https://drive.google.com/file/d/1rQM6aDfGbL0PreXdTjmiPBXOrRQWNeki/view [https://drive.google.com/file/d/1rQM6aDfGbL0PreXdTjmiPBXOrRQWNeki/view]
Kindly visit our outlet on page 2 on the form and submit the form to our dispatcher in other to receive your package.
We apologize for any inconvenience this might cost and we hope to see you at our outlet to pick up your parcel.
Thank you.
This site is protected by copyright and trademark laws under                         US and international law. All rights reserved. © FedEx 1995-2018

Phishing Scam – 3/7/2018 – PHISHING Upgrade Your Office365 Now

URL is blocked at the border. Web host has been notified.

From: ***********
Sent: Wednesday, March 7, 2018 8:04 AM
To: ***********
Subject: Upgrade Your Office365 Now
Dear User,
You have 5 incoming messages returned to our admin server due to temporary old version on Mailbox, kindly upgrade your email address to the new Office 365 WebMail.
CLICK HERE [https://doamsd.gq/officem/office/index.html]
Once you upgrade to new version WebMail, your incoming Email will reflect within 24hrs.
IT Help Desk
Office of Information Technology
The University
365 Office

Phishing Scam – Tech support call from 269-489-5415 – 03/06/2018

This is a telephone type scam.

At least two staff received phone calls from 269-489-5415 today. The person introduces himself as from PC Tech Support. Listening to the pitch they told us there were critical errors the central server was receiving from our computer. They wanted us to download a software from the following website:
https://www.iperiusremote.com/ [https://www.iperiusremote.com/]