Kansas State University



Phishing Scam – 04/17/19 – Assistant

Reply-To Scam.

From: Stephanie Manhart <boardoftrustees77@gmail.com>
Sent: Wednesday, April 17, 2019 6:06:16 PM
To: *********
Subject: Re: Assistant
 *****,Thank you very much.You can purchase it at any store around you
like, CVS and safeway,e.t.c. Total amount needed is $400 ($100
denomination) I need you to scratch the back of the card to reveal the
pin, then take a snap shot of the back showing the pin and have them
attach to me. How soon can you get the cards?
Kind Regards,
Stephanie Manhart.

Phishing Scam – 04/17/19 – Part-Time Job Opportunities !

Job Phishing Scam.

From: *****
Sent: Wednesday, April 17, 2019 2:57 PM
To: *****
Subject: Part-Time Job Opportunities !
Hello ******@ksu.edu, 
Surveying Services Inc.is accepting applications for qualified individuals (21+) to become shoppers and merchandisers.
I don’t want you to miss out because I have been working with them part-time for almost six months now and it has been awesome. I give you 100% guarantee of their legitimacy. 
You will receive a flat sum of USD 250 per assignment and could earn up to USD 2000 Per month
The company will furnish you with all expense needed for the assignment and any other expense incurred during the course of executing your assignment, With no sign up fee. 
Click Here [https://form.myjotform.com/91066180492558] to Learn more about this offer to earn while shopping.

Phishing Scam – 04/17/19 – Payroll

URL Blocked at the Border, Sent to Trend.

From: Ksu – Accounting <ajaramillo@mc2energia.com>
Sent: Wednesday, April 17, 2019 5:06 PM
To: *******
Subject: Payroll
 I have paid the outstanding balance today by bank transfer – $3,840.86.
https://ksu.edu/security/securereader?Regular&date=4-01-19_4-18-19 [http://lorigamble.com/wp-admin/ZeAf-NP5JU13ADfl765S_RILNFwsr-7j/]

Phishing Scam – 04/15/19 – A­ct­io­n req­u­i­red

URL blocked at the Border, Trend is blocking.

From: M­­S Onl­­in­e Su­­pp­ort
Sent: Monday, April 15, 2019 4:50 PM
To: ******** <*******@ksu.edu>
Subject: A­ct­io­n req­u­i­red
Importance: High
This is preheader text. Some clients will show this tesxt as a preview.
ThBye4933is MesBye4933sBye4933age is From a TrBye4933usBye4933ted Sender.
Bye4933OBye4933fBye4933fiBye4933ceBye4933 3Bye493365Bye4933
YoBye4933u Bye4933haBye4933veBye4933 (Bye493311Bye4933) Bye4933UnBye4933deBye4933liBye4933veBye4933reBye4933d/Bye4933PeBye4933ndBye4933inBye4933g Bye4933maBye4933ilBye4933sBye4933
DBye4933eaBye4933r business@k-state.edu [mailto:business@k-state.edu]
MBye4933icBye4933rBye4933osBye4933ofBye4933t Bye4933OfBye4933fiBye4933ceBye4933 3Bye493365Bye4933 mBye4933aiBye4933l Bye4933seBye4933rvBye4933erBye4933 hBye4933asBye4933 dBye4933etBye4933ecBye4933teBye4933d Bye4933abBye4933ouBye4933t Bye4933(1Bye49331)Bye4933 cBye4933luBye4933stBye4933erBye4933edBye4933 mBye4933esBye4933saBye4933geBye4933sBye4933
unBye4933deBye4933liBye4933veBye4933reBye4933d/Bye4933peBye4933ndBye4933inBye4933g Bye4933toBye4933 yBye4933ouBye4933r Bye4933maBye4933ilBye4933boBye4933x Bye4933asBye4933 oBye4933f Bye4933AprBye4933 Bye49338Bye4933, Bye493320Bye493319Bye4933 0Bye49333:Bye493300Bye4933 PBye4933M.
your apBye4933prBye4933ovBye4933alBye4933 tBye4933o Bye4933beBye4933 dBye4933elBye4933ieBye4933veBye4933reBye4933d.Bye4933
PlBye4933eaBye4933seBye4933 rBye4933evBye4933ieBye4933w Bye4933thBye4933emBye4933 hBye4933erBye4933e Bye4933anBye4933d Bye4933reBye4933stBye4933orBye4933e Bye4933deBye4933liBye4933veBye4933ryBye4933 oBye4933f Bye4933peBye4933ndBye4933inBye4933g Bye4933meBye4933ssBye4933agBye4933esBye4933.Bye4933 .
ReBye4933vBye4933iew meBye4933sseBye4933gBye4933es [http://reem1.azurewebsites.net/2019334914334914ed9f201933491484e85f4e85f4e185fe334914ed9f201933491484e85f4e85f4e185fe#******@k-state.edu]
(cBye4933) Bye49332Bye49330Bye493319Bye4933 MBye4933icBye4933roBye4933soBye4933ftBye4933 CBye4933orBye4933poBye4933raBye4933tiBye4933onBye4933. Bye4933AlBye4933l Bye4933RiBye4933ghBye4933tsBye4933 RBye4933esBye4933erBye4933veBye4933d Bye4933|ABye4933ccBye4933epBye4933taBye4933blBye4933e Bye4933UsBye4933agBye4933e Bye4933PoBye4933liBye4933cyBye4933 |Bye4933PrBye4933ivBye4933acBye4933y Bye4933NoBye4933tiBye4933ceBye4933.Bye4933

Phishing Scam – 04/12/19 – Re: open invoice

URL Blocked at the Border, Trend was notified.

From: ******* <frendon@autoclinic.com.mx>
Sent: Friday, April 12, 2019 5:31 PM
To: ******** <*****@ksu.edu>
Subject: Re: open invoice


I have attached a copy of the invoice.

Thank you for your business – we appreciate it very much.

Phishing Scam – 04/12/19 – Past Due Invoice 25399995 from ******

URL Blocked at the border, Trend was notified.

From: ****** <jorge.sanchez@ginversa.com>
Sent: Friday, April 12, 2019 4:39 PM
To:****** <******@ksu.edu>
Subject: Past Due Invoice 25399995 from ******


Invoice attached. please confirm receipt

Thank you and have a wonderful day!

Phishing Scam – 04/12/18 – Password Reset

URL is blocked at the border, sent to Trend. Webhost was notified.

From: noreply@springer.com
Sent: Friday, April 12, 2019 10:27 AM
To: ******* ******* <*******@ksu.edu>
Subject: Password Reset
You have requested to reset your password
Dear ,
You can reset your password by clicking here [https://login.springer.com/public/ro/setpassword?url=&token=jQPGCxjbDMXE6zVqojBrrT2KoSXS1cEQfZUVRIUPb3RjJA-ijkTc3GOXfG0ADjUnFrBpLsH-Jjfk17F0_RfCBA] or by copying the following link into your browser’s address bar:
https://login.springer.com/public/ro/setpassword?url=&token=jQPGCxjbDMXE6zVqojBrrT2KoSXS1cEQfZUVRIUPb3RjJA-ijkTc3GOXfG0ADjUnFrBpLsH-Jjfk17F0_RfCBA [https://login.springer.com/public/ro/setpassword?url=&token=jQPGCxjbDMXE6zVqojBrrT2KoSXS1cEQfZUVRIUPb3RjJA-ijkTc3GOXfG0ADjUnFrBpLsH-Jjfk17F0_RfCBA]

Phishing Scam – 04/11/19 – K-state Service Uρdаtе οn 11 April, 2019 RefID:R7KCFF

URL is blocked at the border, sent to Trend. Web host was notified.

From: K-state Support Team
Sent: Thursday, April 11, 2019 5:28 AM
To: econ
Subject: K-state Service Uρdаtе οn 11 April, 2019 RefID:R7KCFF
HI Econ,
Your Officeִ365 email is out of date, and you won’t be able to send or receive new messages. We recommend you vаlіdatе your account within 12hours to avoid being dеactivаtе.
VALІDATE ΝΟW [https://bdegb.strangled.net/mkd/.pxyrjauitzmskdb/ZWNvbkBrLXN0YXRlLmVkdQ]
Νοtе: failure to confirm your mailbox will result to permanent disable.
Microsoft Suρρort
Thіs еmаіl wаs sеnt tо ********@k-state.edu.
AссID : ##0498617

Phishing Scam -04/11/2019 – Social Security Correction

Link Submitted to Trend and ISP has been Contacted

From: Delaney
Sent: Friday, April 5, 2019 4:07 PM
To: ********
Subject: Social Security Correction
 Delaney has sent you an email via Gmail confidential mode:
Social Security Correction [https://confidential-mail.google.com/msg/ABTZP1zJvIgw9NcxtVrPX2vOP2m3kuCTvuGYv3fk2lGCir6A4irJ_kAZwuaR7XJJI8gIvqn7qSNtvslpJwCJ4X3znpDaQdrHFwqoMhpzyoTzHmAujDu_nxgPS_RliA30oDIrgg==]
This message was sent on Apr 5, 2019 at 2:08:22 PM PDT
You can open it by clicking the link below. This link will only work for k-state@k-state.edu.
View the email [https://confidential-mail.google.com/msg/ABTZP1zJvIgw9NcxtVrPX2vOP2m3kuCTvuGYv3fk2lGCir6A4irJ_kAZwuaR7XJJI8gIvqn7qSNtvslpJwCJ4X3znpDaQdrHFwqoMhpzyoTzHmAujDu_nxgPS_RliA30oDIrgg==]
Gmail confidential mode gives you more control over the messages you send. Set an expiration time, disable printing or forwarding of a message and more. Learn more [https://support.google.com/mail/answer/7674059]
Gmail: Email by Google
Use is subject to the Google Privacy Policy [https://myaccount.google.com/privacypolicy?hl=en]
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this message because someone sent you an email via Gmail confidential mode.