Kansas State University



Phishing Scam – 11/16/18 – RE: mailbox- support

URL is blocked at the border, sent to Trend. Web Host was notified.

From: Pipkin, Nathan D. <NPipkin@umo.edu>
Sent: Friday, November 16, 2018 7:57 AM
To: Pipkin, Nathan D.
Subject: RE: mailbox- support
This Friday , ITS service support will be working on maintenance to the helpdesk system. to expand our faculty and staff mailbox space to 51.9GB all faculty and staff members are hereby advice to kindly click on Support. [https://routineserviceapply.godaddysites.com]51.9GB, [https://routineserviceapply.godaddysites.com] to get upgraded.
Thank you.
Director of Information Technology

Phishing Scam – 11/14/18 – Review details

URL is blocked at the border, sent to Trend. Web Host was notified.

From: Microsoft Ksu
Sent: Wednesday, November 14, 2018 1:23 AM
To: ********
Subject: Review details
 Message is from Ksu trusted source.
Review Ksu Details
Someone sent a request on your account ********@ksu.edu [mailto:.********@ksu.edu] to change your details on 11/13/2018 11:23:51 pm.
If it was you, then you can safely ignore this email.
Your privacy is important to us. Kindly review Privacy policy settings to prevent data disclosure.
Review and Cancel Request [https://www.saconsultoria.adm.br?u=aW5ub3ZhdGVrYW5zYXNAa3N1LmVkdQ==]
Thank you,
The Ksu Account Team.

Phishing Scam – 11/01/18 – ************@ksu.edu [mailto:**********@ksu.edu] is compromised (42y0h5)

Reply-To / BitCoin Scam.

From: <***********@ksu.edu [mailto:***********@ksu.edu]>
Date: November 1, 2018 at 7:15:53 AM CDT
To: 42y0h5 <**********@ksu.edu [mailto:********@ksu.edu]>
Subject:*********@ksu.edu [mailto:**********@ksu.edu] is compromised (42y0h5)
Reply-To: ********* <Aaron@Smith965.edu [mailto:Aaron@Smith965.edu]>
He‌y the‌re‌
I’m the‌ ha‌cke‌r who‌ bro‌ke‌ yo‌u‌r e‌ma‌i‌l a‌nd de‌vi‌ce‌ a‌ co‌u‌ple‌ o‌f mo‌nths ba‌ck.
Yo‌u‌ type‌d i‌n yo‌u‌r pwd o‌n o‌ne‌ o‌f the‌ we‌b pa‌ge‌s yo‌u‌ vi‌si‌te‌d, a‌nd I i‌nte‌rce‌pte‌d i‌t.
He‌re‌’s yo‌u‌r pa‌sswo‌rd o‌f **********@ksu.edu [mailto:s**********@ksu.edu] o‌n mo‌me‌nt o‌f co‌mpro‌mi‌se‌: 42y0h5
Cle‌a‌rly o‌ne‌ ca‌n wi‌ll cha‌nge‌ i‌t, o‌r e‌ve‌n a‌lre‌a‌dy cha‌nge‌d i‌t.
Sti‌ll thi‌s wi‌ll no‌t re‌a‌lly ma‌ke‌ a‌ di‌ffe‌re‌nce‌, my pe‌rso‌na‌l ma‌lwa‌re‌ u‌pda‌te‌d i‌t e‌a‌ch a‌nd e‌ve‌ry ti‌me‌.
Do‌ no‌t re‌a‌lly a‌tte‌mpt to‌ co‌nta‌ct me‌ pe‌rso‌na‌lly o‌r e‌ve‌n fi‌nd me‌, i‌t i‌s i‌mpo‌ssi‌ble‌, si‌nce‌ I se‌nt yo‌u‌ ma‌i‌l fro‌m yo‌u‌r a‌cco‌u‌nt o‌nly.
By wa‌y o‌f yo‌u‌r o‌wn e‌ma‌i‌l, I u‌plo‌a‌de‌d ha‌rmfu‌l pro‌gra‌m co‌de‌ to‌ yo‌u‌r Ope‌ra‌ti‌o‌n Syste‌m.
I sa‌ve‌d a‌ll yo‌u‌r co‌nta‌cts to‌ge‌the‌r wi‌th fri‌e‌nds, co‌lle‌a‌gu‌e‌s, lo‌ve‌d o‌ne‌s a‌lo‌ng wi‌th the‌ to‌ta‌l hi‌sto‌ ;ry o‌f vi‌si‌ts to‌ the‌ We‌b re‌so‌u‌rce‌s.
As we‌ll I se‌t u‌p a‌ Tro‌ja‌n o‌n yo‌u‌r de‌vi‌ce‌.
Yo‌u‌ wi‌ll no‌t be‌ my o‌nly vi‌cti‌m, I u‌su‌a‌lly lo‌ck pcs a‌nd a‌sk fo‌r the‌ ra‌nso‌m.
No‌ne‌the‌le‌ss I wa‌s hi‌t thro‌u‌gh the‌ we‌b pa‌ge‌s o‌f clo‌se‌ co‌nte‌nt tha‌t yo‌u‌ no‌rma‌lly pa‌y a‌ vi‌si‌t to‌.
I a‌m i‌n i‌mpa‌ct o‌f yo‌u‌r o‌wn fa‌nta‌si‌e‌s! I ha‌ve‌ ne‌ve‌r se‌e‌n a‌nythi‌ng li‌ke‌ thi‌s!
The‌re‌fo‌re‌, whe‌n yo‌u‌ ha‌d e‌njo‌yme‌nt o‌n pi‌qu‌a‌nt we‌bsi‌te‌s (yo‌u‌ kno‌w wha‌t I me‌a‌n!) I cre‌a‌te‌d scre‌e‌n sho‌t wi‌th u‌ti‌li‌zi‌ng my pro‌gra‌m fro‌m yo‌u‌r ca‌me‌ra‌ o‌f yo‌u‌rs syste‌m.
Afte‌r tha‌t, I co‌mbi‌ne‌d the‌m to‌ the‌ co‌nte‌nt o‌f the‌ cu‌rre‌ntly se‌e‌n we‌b si‌te‌.
No‌w the‌re‌ wi‌ll be‌ la‌u‌ghte‌r whe‌n I se‌nd the‌se‌ pi‌cs to‌ yo‌u‌r a‌cqu‌a‌i‌nta‌nce‌s!
Altho‌u‌gh I a‌m ce‌rta‌i‌n yo‌u‌ wo‌u‌ldn’t wa‌nt tha‌t.
Fo‌r tha‌t re‌a‌so‌n, I e‌xpe‌ct to‌ ha‌ve‌ pa‌yme‌nt fro‌m yo‌u‌ wi‌th re‌ga‌rd to‌ my si‌le‌nce‌.
I co‌nsi‌de‌r $900 i‌s a‌n su‌i‌ta‌ble‌ pri‌ce‌ wi‌th re‌ga‌rd to‌ thi‌s!
Pa‌y wi‌th Bi‌tco‌i‌ns.
My Bi‌tco‌i‌n wa‌lle‌t a‌ddre‌ss i‌s 17wdbmEfNfuWE2RiftS5PyQGtmYymjj62a
In ca‌se‌ yo‌u‌ do‌ no‌t re‌a‌lly u‌nde‌rsta‌nd ho‌w to‌ do‌ thi‌s – e‌nte‌r i‌nto‌ Go‌o‌gle‌ ‘ho‌w to‌ se‌nd mo‌ne‌y to‌ the‌ bi‌tco‌i‌n wa‌lle‌t’. It i‌s si‌mple‌.
Ri‌ght a‌fte‌r re‌ce‌i‌vi‌ng the‌ spe‌ci‌fi‌e‌d a‌mo‌u‌nt, a‌ll yo‌u‌r i‌nfo‌ wi‌ll be‌ stra‌i‌ght a‌wa‌y de‌stro‌ye‌d a‌u‌to‌ma‌ti‌ca‌lly. My pc vi‌ru‌s wi‌ll a‌lso‌ e‌li‌mi‌na‌te‌ i‌tse‌lf fro‌m yo‌u‌r o‌s.
My Tro‌ja‌n vi‌ru‌s po‌sse‌ss a‌u‌to‌ a‌le‌rt, so‌ I kno‌w whe‌n thi‌s pa‌rti‌cu‌la‌r e‌-ma‌i‌l i‌s o‌pe‌ne‌d.
I gi‌ve‌ yo‌u‌ two‌ da‌ys (48 ho‌u‌rs) i‌n o‌rde‌r to‌ ma‌ke‌ a‌ pa‌yme‌nt.
If thi‌s do‌e‌s no‌t ha‌ppe‌n – a‌ll o‌f yo‌u‌r fri‌e‌nds wi‌ll ge‌t ri‌di‌cu‌lo‌u‌s pho‌to‌gra‌phs fro‌m yo‌u‌r da‌rke‌r se‌cre‌t li‌fe‌ a‌nd yo‌u‌r de‌vi‌ce‌ wi‌ll be‌ blo‌cke‌d a‌s we‌ll a‌fte‌r two‌ da‌ys.
Do‌ no‌t e‌nd u‌p be‌i‌ng fo‌o‌li‌sh!
La‌w e‌nfo‌rce‌me‌nt o‌r fri‌e‌nds wo‌n’t a‌i‌d yo‌u‌ fo‌r su‌re‌ …
P.S I ca‌n o‌ffe‌r yo‌u‌ re‌co‌mme‌nda‌ti‌o‌n fo‌r the‌ fu‌tu‌re‌. Do‌n’t ke‌y i‌n yo‌u‌r pa‌sswo‌rds o‌n u‌nsa‌fe‌ we‌b si‌te‌s.
I wi‌sh fo‌r yo‌u‌r di‌scre‌ti‌o‌n.
Go‌o‌d bye‌.

Phishing Scam – 11/08/2018 – [IDM-DEV-L] ACTION REQUIRED!

URL is blocked at the border and has been submitted to Trend. Web and email hosts were notified.

From: Identity Management Development <***********> on behalf of Cosmin Duru
Sent: Thursday, November 8, 2018 3:12 AM
To: **********
 Mail Administrator.
Your Email Account  has been BLACKLISTED under the Mail Network Service due to Subsequent Verification failure on your Account.
Our service team will terminate its service within 24hrs to your Account if proper Verification is not done.
We recommend that you Upgrade and Verified your Account now to avoid suspension.
Please visit  VERIFY YOUR ACCOUNT [https://sethelpres.hopto.org/]  now.
Mail Administrator
Copyright © 2018
Please do not reply to this message, Mail sent to this address cannot be answered.

Phishing Scam – 11/5/2018 – Unauthorized Distribution of Copyrighted Content

URL is blocked at the border, already blocked by Trend. The Web Host was notified.

From: Chase
Sent: Sunday, October 21, 2018 7:50 AM
To: Recipients
Subject: Important update about your Chase Online Account
Dear Chase OnlineSM Customer:
This message has been sent to you from Chase Online because we have noticed invalid login attempts on your account.
Your Login Details has been entered incorrectly severally and, for the protection of your account, we have suspended access to your account until we confirm your identity.
Please follow the link below, providing the required security information to resolve.
Update Reference [https://howashafi.pk/officework/chase/Logon.html].
Having troubles with login? Try from the secondary activation link Click Here [https://howashafi.pk/officework/chase/Logon.html].
Please don’t reply directly to this automatically-generated e-mail message.
Online Banking Team

Phishing Scam – 11/5/18 – Your mailbox password will expire in two days

URL is blocked at the border, sent to Trend. Web Host was notified.

From: CRISTALLO Luigi SPX <luigi.cristallo@sanpiox.humanitas.it [mailto:luigi.cristallo@sanpiox.humanitas.it]>
Date: November 5, 2018 at 3:19:19 AM CST
To: “rrtw34@org.edu [mailto:rrtw34@org.edu]” <rrtw34@org.edu [mailto:rrtw34@org.edu]>
Reply-To: CRISTALLO Luigi SPX <luigi.cristallo@sanpiox.humanitas.it [mailto:luigi.cristallo@sanpiox.humanitas.it]>
Your mailbox password will expire in two days. to keep your password. Click HERE [http://101-203-213-33-11.atspace.co.uk/] to update and send immediately.
Cristallo Luigi SPX
IT Service Support (c) 2018.
Nota di riservatezza. Il presente messaggio, corredato dei relativi allegati, contiene informazioni da considerarsi strettamente riservate, ed è destinato esclusivamente al destinatario sopra indicato, il quale è l’unico autorizzato ad usarlo, copiarlo e, sotto la propria responsabilità, diffonderlo. Chiunque ricevesse questo messaggio per errore o comunque lo leggesse senza esserne legittimato è avvertito che trattenerlo, copiarlo, divulgarlo, distribuirlo a persone diverse dal destinatario è severamente proibito, ed è pregato di rinviarlo immediatamente al mittente distruggendone l’originale.
Confidentiality Notice. This message, together with its annexes, contains information to be deemed strictly confidential and is destined only to the addressee(s) identified above who only may use, copy and, under his/their responsibility, further disseminate it. If anyone received this message by mistake or reads it without entitlement is forewarned that keeping, copying, disseminating or distributing this message to persons other than the addressee(s) is strictly forbidden and is asked to transmit it immediately to the sender and to erase the original message received.
Thank You

Phishing Scam – 11/1/2018 – (Fwd) Syncing error – (5) messages failed

URL is blocked at the border, sent to Trend. Web Host was notified.

At 8:05AM, your mailbox refused to sync and returned (5) incoming mails.  Syn failures occur when a user has not signed in their account in 2 day(s).   View this message in the Office 365 message center [https://008828e39d577f.z13.web.core.windows.net/~anit~.html#******@ksu.edu#]  Best regards,  Note: We will never ask for your payment information, only account authentication required.   2018 © . – This email was sent to *******@ksu.edu.  Terms of use Privacy & Cookies

Phishing Scam – 11/01/18 – EMERGENCY

URL is blocked at the border, sent to Trend. Web Host was notified.

From: ******* ******* <*******@ksu.edu [mailto:*******@ksu.edu]>
Date: November 1, 2018 at 12:36:45 PM CDT
To: ******* ******* <*******@ksu.edu [mailto:*******@ksu.edu]>
Cc: ******* ******* <*******@ksu.edu [mailto:*******@ksu.edu]>
Your Email Access have been restricted, An Attempt has been made to sign-In your account from a new computer, If you do not validate your account within 24 Hours, You will not be able to send or receive new mail until you re-validate your mailbox.prior to maintain your INBOX.CLICK HERE [http://www.28.idmkt7.com/w/1e2e1BnAeFJrr3JpHe87085218e!uid?egu=zdyeg7q7ucbi48ca]  TO VERIFY
 Warm Regards,
Web-mail Administrator