Kansas State University




Reply to scam with .txt attachment

From: Dr Rebecca Crandall <pmicklean@gmail.com> Sent: Tuesday, November 12, 2019 9:07:09 PM
To: ****** ********* <*********@ksu.edu>; ****** ***** <********@ksu.edu>; ***** ******* <*******@ksu.edu>; ****** ****** <******@ksu.edu>; ******* ****** <******@ksu.edu>

Read more details in the attachment

Phishing Scam – 11/06/19 – Tutor needed

Reply-To Phishing Scam.

From: Trenton Warner <warntrenton@gmail.com>
Sent: Wednesday, November 6, 2019 9:51 PM
Subject: Tutor needed
How are you doing today? This is Trenton Warner. I saw your contact at the Kansas State University, Department of Psychology under Graduate Student’s portal. I seek for a basic school introductory psychology tutor for my Daughter. I would like to know if you will be available for the job.
The lessons could hold at the campus/library or your home, if you stays close to campus.
Looking forward reading from you.
Best regards,

Fwd: Information Desk

Reply-To Scam.
Sent to Microsoft and Google anti-phishing and notified email server host.

Email Body:

Get Outlook for iOS [https://aka.ms/o0ukef]
From: *********** <*********@ksu.edu>
Sent: Tuesday, November 5, 2019 7:19:42 PM
Subject: Information Desk
 In accordance with the work and study regulations of the Institution, we are pleased to inform you about an available part time position of a personal Assistant at three hundred and fifty dollars weekly wages. Please Note: This position is available on a first come, first serve basis. If your schedule is flexible enough to take this position, kindly contact “( maureen-brown@sapphirecapitalconsultant.com )” for exclusive details about this position. You should include your cellphone number when applying for direct contact as well as your preferred email address.

Be sure to read this message! Your personal data is threatened!

Email server host notified.

From: ******@ksu.edu [mailto:******@ksu.edu]
Date: November 5, 2019 1:56:20 PM CST
To: ******@ksu.edu [mailto:******@ksu.edu]
Subject: Be sure to read this message! Your personal data is threatened!
Reply-To: ******@ksu.edu [mailto:******@ksu.edu]

Hi, stranger!
I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.
You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy
(you know what I mean).
While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.
Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.
What I’ve done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people),
and the second part shows the recording of your webcam.
What should you do?
Well, I think $559 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).
BTC Address: 19P1EZqopzMAb3UhdBoBtBJFBkAiVz8U7
(This is CASE sensitive, please copy and paste it)
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).
If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.
If you want to get proof, answer “Yes!” and resend this letter to youself.
And I will definitely send your video to your any 19 contacts.
This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.

Phishing Scam – Security Notice. Someone has access to your system. – 10/31/2019

Sent to Microsoft and Google anti-phishing and notified email server host.

From: Amelia <editorial@theartistcommunity.net>
Sent: Thursday, October 31, 2019 12:46 PM
To: *******
Subject: Security Notice. Someone has access to your system.
I am a hacker who has access to your operating system.
I also have full access to your account.
I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this,
transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is: 3KaqkQhfUYrFWGX3dKBN4z2QnoXh15K9pW
After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!

Phishing Scam – 10/24/19 – Paid Research Opportunities with Pearson

Phishing attempt. Blocked at the border. Notified web-host, Trend, and Microsoft.

From: “Sandy Amaro, Pearson” <pearson@ocrm3.pearson.com [mailto:pearson@ocrm3.pearson.com]>
Subject: Paid Research Opportunities with Pearson
Date: October 24, 2019 at 2:31:19 PM CDT
To: <*******@k-state.edu [mailto:*******@k-state.edu]>
Reply-To: “Sandy Amaro, Pearson” <reply-fe95167271650c7970-667_HTML-517234046-7229612-110@ocrm3.pearson.com [mailto:reply-fe95167271650c7970-667_HTML-517234046-7229612-110@ocrm3.pearson.com]>
**These messages have been known to be malicious. Please, be very cautious with these messages.**
Dear Professor *******,
Pearson invites you to complete a ~15 minute research activity related to textbook selection in exchange for a $15 Amazon gift card. Fully completing the activity will also automatically enter you into a raffle to win an additional $250 Amazon gift card. All payouts and a winner will be announced on November 4th, 2019.
To participate, simply follow the link below to begin. Be sure to type your email in carefully so that we may process your payment.
Begin activity → [http://click.ocrm3.pearson.com/?qs=2755048319a06e362735e703131a32a78d77c3ad162934d4009dfafed2b5f11511aafa055fbdcbe312a455b0590b59aee4f238a04a8964d9]
Thank you very much for your participation.
Sandy Amaro
User Experience Administrator
[http://click.ocrm3.pearson.com/?qs=2755048319a06e3624f3bbb93759edc3dffba552c78eca3e54dcadb5ebd9e854aeb6d2d0679c6c9876bd406f05667ee42b6910d30cbdb90f]  [http://click.ocrm3.pearson.com/?qs=2755048319a06e363d7c2aab0be4168aafa1ed07e1706038c70b486f8199d7b78a03e10827f474a34910d82f6bf391d811e1cc9ab737cafe]  [http://click.ocrm3.pearson.com/?qs=2755048319a06e364779d92ec6cb1b3282d8ea94d5f71835d8ac7ac350a8e54d1ff0b05938431f3e22444fe2ac50dce51b7e6fe9ff7514b7]  [http://click.ocrm3.pearson.com/?qs=2755048319a06e36a9c5d911d3298089dcc13d35de6683c71e5a8fc94687838730b436c1e8640078bc1552484a631a20852bf4a017bd6c53]
View in browser [http://view.ocrm3.pearson.com/?qs=e2cb6df87077950678d23373e66c390e309b87e41b8349dc074ee4400f32afa5eba14887bfb63ce741236ea45732d8b4cefe8804df087bb4cb810d33300e253dc0cbc7126af36f0f07bd91e360e2b23b]
Terms of Use [http://click.ocrm3.pearson.com/?qs=2755048319a06e36b76cb3ac74b1ad6ecd1192edb8dcb360cc9e7df58e6c47cf084b5a1ceb1b586a83618623dc0412765aafa3c524650411] | Privacy Policy [http://click.ocrm3.pearson.com/?qs=2755048319a06e361ddb60ea5d7e8095ce09a2f48183e8d2427fd62255e18fcf74022b83ee58d2f34a91eae54c2ca22d6f9c6477c4ef0a1e]
Email Preference Center [http://click.ocrm3.pearson.com/?qs=2755048319a06e361aa7f90c985ca583902576a434b3e07bf67ce677fdd4a4b2eb60699a505f3e20c4ce364eee1e033f2d13495d5f688928e7d1bbfce3e7b98c] | Unsubscribe [http://click.ocrm3.pearson.com/?qs=2755048319a06e36c50f90754bb0ac097c05e037f5dc67b5b21dc1f2dbf6bc6e9e291907f7b0e24339baca644640ebb32465389f5ae19567aa3968d4ec527741]
Copyright © 2019 Pearson Education [http://click.ocrm3.pearson.com/?qs=2755048319a06e36abe5ac91715a4fb47a9bcb9edbee60e8fa9cd1ffed4e39e1d993682b2179b1736595c6b4a5e6ddb1148073bf9bea0a9b]
Pearson Shared Services Limited |
221 River Street, Hoboken, NJ 07030 | United States [http://click.ocrm3.pearson.com/?qs=2755048319a06e36bb8dd3f83304ae3b005c0873c250f959cf3507917e638e19aca467eb57c89390281d22a72ff4374417bc76577ac3b5a7]
NAM-19285 10/19