Kansas State University



Month: May 2020

Phishing Scam – 05/29/2020 – 29 May, 2020 Incoming On Hold For *******

Another baiting type of scam. Contains two attachments where one tries to look like the missed call. Scammer is trying to fear receiver of message into thinking something will be lost if they do not take action (open scammers attachments). Notified Microsoft anti-phishing.

Attachment Analysis:

Using javascript, a document is written using unescape to navigate the victim to:
https://breachdaily.bounceme.net/cmNyQGstc3RhdGUuZWR1 which has been blocked at the border.

From: “K-state.edu Service Notification” <jlitschert@jlsintl.com>
Date: May 29, 2020 at 11:32:30 AM CDT
To: *******
Subject:29 May, 2020 Incoming On Hold For *******

A⁠t⁠t⁠e⁠n⁠tiοn : I⁠n⁠cοm⁠in⁠g M⁠a⁠i⁠ls O⁠n H⁠οl⁠d
(15) i⁠n⁠com⁠ing ma⁠il⁠s ha⁠ve b⁠e⁠en pl⁠ac⁠ed ο⁠n h⁠οl⁠d d⁠ue t⁠o re⁠ce⁠nt up⁠gra⁠de ο⁠n οu⁠r se⁠rv⁠er.
F⁠οl⁠lοw th⁠e be⁠lο⁠w li⁠n⁠k t⁠ο u⁠pd⁠at⁠e yο⁠u⁠r s⁠et⁠ti⁠ng⁠s an⁠d rec⁠ei⁠ve al⁠l yo⁠u⁠r p⁠end⁠ing mai⁠ls.
V⁠ie⁠w t⁠he a⁠tta⁠ch⁠ed fi⁠le to Rev⁠iew and Valid⁠at⁠e.
T⁠hi⁠s me⁠ss⁠age w⁠a⁠s se⁠nt to rcr@k-state.edu
N⁠ot⁠e: ο⁠n⁠ce y⁠οu s⁠e⁠e t⁠hi⁠s m⁠ai⁠l i⁠n y⁠ou⁠r j⁠un⁠k f⁠old⁠er k⁠in⁠d mo⁠ve t⁠o i⁠nb⁠o⁠x an⁠d v⁠eri⁠fy y⁠o⁠ur e⁠m⁠ai⁠l ac⁠cο⁠u⁠nt
A⁠l⁠l R⁠ig⁠hts R⁠es⁠er⁠ve⁠d

Phishing Scam – 05/29/2020 – Re: [Something in inbox]

Baiting type of scam. Link contains malware. Sometimes the message will not contain a link but an attachment containing a virus. Scammer uses a compromised account to respond to email existing in the compromised inbox. The bottom part of the message may be legit but the scammer inserts their payload in the upper part. The scammer hopes to build credibility by responding to legit email and trick the receiver into clicking on the link in the email. The compressed file containing the malware requires a password to unlock and the scammer conveniently provides it in the message. We have notified Microsoft and blocked the link at the border.

From: *******@ksu.edu [mailto:*******@ksu.edu]>
Date: May 29, 2020 at 2:00:34 PM CDT
To: ******* <*******@ksu.edu [mailto:*******@ksu.edu]>
Subject:Re:  STU, EVERY: Monday, September 11, is the Last Day for a 100% Refund for a Regular Session Course

[–The scammers message start–]
I have made some edits. Please check.
https://vedu.info/download/?job_presentation_r2n [https://vedu.info/download/?job_presentation_r2n]
Password for archive: 7777
[– Scammer message end–]

[An example message in the compromised user’s inbox]
This is a brief reminder to all currently enrolled students that next
Monday, September 11, is the last day for a 100% refund for a regular
session (full term) course.
First, please check for any holds that may exist in your Student
Center in KSIS, and remember that most holds must be cleared prior to
dropping a course.  You are responsible for dropping your courses in
KSIS.  If you are dropping your only course, then contact your
academic deans office.
If you have any other questions regarding this process, then contact
your academic advisor and/or Enrollment Services in the Office of the Registrar,
118 Anderson Hall,  *******.
All academic calendar deadlines can be found at the following website:
http://www.k-state.edu/cgi-bin/eventview/registrar/academic [http://www.k-state.edu/cgi-bin/eventview/registrar/academic]
Best wishes for a successful Fall 2017 Term!

Phishing Scam – 05/26/2020 – leslie Hofherr

This is a phishing scam with a malicious link. The link is blocked, and Microsoft has been notified.

******* *******


Bookmark Kinja Deals and follow us on Twitter to never miss a deal.

I’ll start. After the births of both of my daughters, I had irrational worries about their health. When my older daughter had a benign bug bite on her hand, I seriously wondered if it might be cancer. I even asked her pediatrician if it might be cancer. After my second daughter was born at the robust weight of 9 pounds, 16 ounces, I immediately pondered whether the almond croissants I had eaten with disturbing regularity during pregnancy had doomed her to a lifetime of diabetes. Okay, your turn.

edjfx Usun restrives invalidation
cwrdeathbed defeated rebuffing Okean

Phishing Scam – 05/20/2020 – Stay at home job opening

Reply-to scam. Notified Microsoft.

 Good morning,
I am a former student of the University, my Uncle who is a Doctor in the University area, needs students to work from home to assist him with a lot of workload during these COVID-19 pandemic, he is offering 300-USD weekly, if you know any interested students please have them email him via Talktokeating@hotmail.com
Thank you very much.

Phishing Scam – 05/21/2020 – Re: [Random item in inbox]

Notified webhost, notified Microsoft anti-phishing group, and blocked at the border.

From: *******
Sent: Thursday, May 21, 2020 3:13 PM
To: HCS Welcome
Subject: Re: Viewing Your Paycheck and Other Important Information
Here is an update of the project.
https://connectiveconsignmentpoint.com/download/?view_presentation_o8w [https://connectiveconsignmentpoint.com/download/?view_presentation_o8w]
Archive password: 7777

Phishing Scam – 05/21/20 – K-State Presents: Friday Night Comedy

Phishing Scam.

From: K-State Events <associatedstudentsevents@gmail.com>
Sent: Thursday, May 21, 2020 12:03 AM
To: ********
Subject: K-State Presents: Friday Night Comedy
******* is no stranger to having to be scrappy, truly making artisanal lemonade out of whatever lemons he found lying around the ground. He did so with The ******* Show’s rise from public access to actual cable TV. So, at a time where live comedy has been limited in such an absurd way, Gethard mobilized immediately by putting on two recurring livestream shows that are essentially two big components of TCGS.
Planet Scum Live has Gethard chat with his favorite comedy folks, but always with some sort of twist. Comedy hell-raisers Helltrap Nightmare brought Gethard up to speed on their high-level video art hijinks, and then Bobby Moynihan went down a deep rabbit hole on the least-favorite Star Wars characters, with a reserved Lennon Parham judging them the whole time.
Gethard also lets more chaos reign with a Friday showcase show that, like his recent return to public access with ******* Presents, allows his favorite comedians to do whatever the hell they want (i.e., Mary Houlihan and Nick Naney doing a live read of a spec Sopranos script).
When: Wednesdays (Planet Scum Live) and Fridays (comedy showcase) at 7 p.m. PT/10 p.m. ET
Share with friends and join the chat!
https://www.irl.com/k-state-presents-friday-night-comedy/pAbsXvZ1 [https://www.irl.com/k-state-presents-friday-night-comedy/pAbsXvZ1]
Powered by IRL [https://www.irl.com/dl/]