Phishing Scam – 04/22/15 – RE: HELP-DESK

URL is inactive and blocked at the border. Origin ISP and web host have been notified. The URL is being blocked by Trend.

From: “Giles, Jerry” <Jerry.Giles@airmethods.com>
Subject: RE: HELP-DESK
Date: Wed, 22 Apr 2015 17:23:39 +0000

Take note of this important update that our new web mail has been improved with a new messaging system from Owa/outlook which also include faster usage on email, shared calendar,web-documents and the new 2015 anti-spam version. Please use the link below to complete your update for our new Owa/outlook improved web mail.
 
 CLICK HERE TO UPDATE [http://mailboxupgrading.wix.com/upgrading2015]
 
Connected to Microsoft Exchange
© 2014 Microsoft Corporation. All rights reserved

Posted in Phishing Scams | Comments Off

Phishing Scam – 04/22/15 – RE: Mail

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL has been submitted to Trend.

From: Simon Yeap <S.Yeap@murdoch.edu.au>
Subject: RE: Mail
Date: Wed, 22 Apr 2015 16:46:54 +0000

Attn: User,
Staff And Faculty Notice. Mail account has been expended into 1GB visit Staff And Faculty [http://helpadm.moonfruit.com/]  to Upgrade for validation of your account.
Helpadmin-Term.

Posted in Phishing Scams | Comments Off

Phishing Scam – 04/21/15 – Vital Information

Both URLs are inactive and blocked at the border. Origin ISP and both web host (long and short URLs) have been notified. The URL has not been submitted to Trend.

From: <kstatepresident@gmail.com>
Subject: Vital Information
Date: Tue, 21 Apr 2015 17:32:12 +0200

Hello
 
I’ve Shared a secure file Document attached with Google icon
CLICK DOCUMENT [http://tinyurl.com/ngtypc4]
Regard
*****************
kstatepresident@gmail.com [mailto:kstatepresident@gmail.com]
Go Cats!
Private Group Communication Service
[https://docs.google.com/]
©2015 Google – Terms & Privacy

Posted in Phishing Scams | Comments Off

Phishing Scam – 04/20/15 – Unusual sign-in activity

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL has been submitted to Trend.

From: Monica Jacobs <monica.jacobs@ntschools.net>>
Sent: Monday, April 20, 2015 8:38 AM
Subject: Unusual sign-in activity

Webmail account
Unusual sign-in activity
We detected something unusual about a recent sign-in to your webmail account. To help keep you safe, we required an extra security challenge.
Sign-in details:
Country/region: Serbia / Southeast Europe
IP address: 79.101.110.94 | Server: TELEKOM SRBIJA a.d
Date: 19/04/2015 07:31 AM
If this was you, then you can safely ignore this email.
If you’re not sure this was you, a malicious user might have your password. Please click and confirm the link below for re-confirm of your location and we’ll help you take corrective action.
Click here & Confirm Location
Thank you for your patience and understanding.
Thanks,
The Outlook account team

Posted in Phishing Scams | Comments Off

Phishing Scam – 4/8/15 – Scheduled Maintenance & Upgrade

Origin ISP and Reply-To: ISP have been notified. Reply-To: address has been on the APER list since 01/16/2015.

Second Scam:
From: Help Desk <info@helpdesk.org>
Subject: Scheduled Maintenance & Upgrade
Date: Tue, 21 Apr 2015 17:48:55 +0800
Reply-To: <help.desk.team0015@tech-center.com>

First Scam:
From: Help Desk <info@helpdesk.org>
Subject: Scheduled Maintenance & Upgrade
Date: Wed, 8 Apr 2015 05:45:42 +0800
Reply-To: <help.desk.team.0014@tech-center.com>

Help Desk

Scheduled Maintenance & Upgrade

Your account is in the process of being upgraded to a newest
Windows-based servers and an enhanced online email interface inline with internet infrastructure Maintenance. The new servers will provide better anti-spam and anti-virus functions, along with IMAP Support for mobile devices to enhance your usage.

To ensure that your account is not disrupted but active during and after this upgrade, you are required to kindly confirm your account by stating the details below:

* Domain\user name:
* Password:

This will prompt the upgrade of your account.

Failure to acknowledge the receipt of this notification, might result to a temporary deactivation of your account from our database. Your account shall remain active upon your confirmation of your login details.

We do apologize for any inconveniences caused.

Sincerely,

Customer Care Team

(c) Copyright 2015, All Rights Reserved.

Posted in Phishing Scams | Comments Off

Phishing Scam – 4/5/15 – Mailbox Shutdown Notification

Origin ISP has been notified. Reply-To: address has been submitted to APER list.

Date: Sun, 5 Apr 2015 12:20:00 +1300
From: Webmaster <:&lt fossholl@postur.skrin.is :&gt>
Return-Path: fossholl@postur.skrin.is
Subject: Mailbox Shutdown Notification

You are expected to verify your email account to avoid mailbox shutdown :
Login Username:
Login password: **************
To avoid shutting down of your mailbox which could lead to loss of your
important files on our server,you must send these details on receipt of
this message.
Thank you very much.
Webmaster

Posted in Phishing Scams | Comments Off

Phishing Scam – 04/03/15 – Your Mailbox Has Exceeded It Quota Limit

URL is active and blocked at the border. Origin ISP and web host have been notified. The URL has been submitted to Trend.

From: Reports from the public of abusive KSU users on behalf of Administrator
Sent: Friday, April 03, 2015 5:22 AM
Subject: Your Mailbox Has Exceeded It Quota Limit

Your Mailbox Has Exceeded It Quota/Limit As Set By Your Administration, And You May Not Be Able To Send Or Receive New Mails Until You Re-Validate It. To Re-Validate, Please CLICK: Re-Validate Your Mailbox[http://shambabala.ovh/web.index.html]

Posted in Phishing Scams | Comments Off

Phishing Scam – 03/30/15 – WEBMAIL UPDATE

URL is inactive and blocked at the border. Origin ISP has been notified.

From: Lucidio de Oliveira Pereira
Sent: Wednesday, March 25, 2015 8:34 PM
Subject: RE: WEBMAIL UPDATE
 
Dear Webmail User,
A DGTFX virus has been detected in your folders. Your Email Account has to be upgraded to our new Secured DGTFX anti-virus 2015 version to prevent damages to our web mail log and your important files. To re-validate your mailbox please  [http://www.formlogix.com/Manager/UserForm253977.aspx?Param=VXNlcklkPTI1Mzk3Ny5Gb3JtSWQ9Mg==] [http://www.formlogix.com/Manager/UserForm253977.aspx?Param=VXNlcklkPTI1Mzk3Ny5Gb3JtSWQ9Mg==]CLICK HERE: [http://www.formlogix.com/Manager/UserForm253977.aspx?Param=VXNlcklkPTI1Mzk3Ny5Gb3JtSWQ9Mg==]
System Administrator
Seja responsável com o meio ambiente – só imprima se for necessário.

Posted in Phishing Scams | Comments Off

Phishing Scam – 03/30/15 – quota limi

URL is inactive and blocked at the border. Origin ISP has been notified.

From: andre@fa.itb.ac.id
Sent: Friday, March 27, 2015 1:53 PM
Subject: Re: quota limi
You have exceeded the storage limit on your mailbox ; click below
link to increase your quota limit.
Click here :[http://c0esh553.caspio.com/dp.asp?AppKey=8ede3000a85ad5575bb24d5d8aca]
technical support

Posted in Phishing Scams | Comments Off

Phishing Scam – 03/29/15 – Unsuccessful attempts to access your email

URL is inactive and blocked at the border. Origin ISP has been notified.

From: Webmaster <hatem@fhr.com.sa>
Subject: Unsuccessful attempts to access your email
Date: Saturday, March 28, 2015 9:45 PM

Dear ******@ksu.edu
Recently, there were too many unsuccessful attempts to access your email and your user ID was disabled. Please click here [http://iannonymous.com/yankee/] to reactivate full access to your accounts online.

Posted in Phishing Scams | Comments Off