Another baiting type of scam. Contains two attachments where one tries to look like the missed call. Scammer is trying to fear receiver of message into thinking something will be lost if they do not take action (open scammers attachments). Notified Microsoft anti-phishing.
https://breachdaily.bounceme.net/cmNyQGstc3RhdGUuZWR1 which has been blocked at the border.
From: “K-state.edu Service Notification” <firstname.lastname@example.org>
Date: May 29, 2020 at 11:32:30 AM CDT
Subject:29 May, 2020 Incoming On Hold For *******
Attentiοn : Incοming Mails On Hοld
(15) incoming mails have been placed οn hοld due to recent upgrade οn οur server.
Fοllοw the belοw link tο update yοur settings and receive all your pending mails.
View the attached file to Review and Validate.
This message was sent to email@example.com
Note: οnce yοu see this mail in your junk folder kind move to inbox and verify your email accοunt
All Rights Reserved
Baiting type of scam. Link contains malware. Sometimes the message will not contain a link but an attachment containing a virus. Scammer uses a compromised account to respond to email existing in the compromised inbox. The bottom part of the message may be legit but the scammer inserts their payload in the upper part. The scammer hopes to build credibility by responding to legit email and trick the receiver into clicking on the link in the email. The compressed file containing the malware requires a password to unlock and the scammer conveniently provides it in the message. We have notified Microsoft and blocked the link at the border.
From: *******@ksu.edu [mailto:*******@ksu.edu]>
Date: May 29, 2020 at 2:00:34 PM CDT
To: ******* <*******@ksu.edu [mailto:*******@ksu.edu]>
Subject:Re: STU, EVERY: Monday, September 11, is the Last Day for a 100% Refund for a Regular Session Course
[–The scammers message start–]
I have made some edits. Please check.
Password for archive: 7777
[– Scammer message end–]
[An example message in the compromised user’s inbox]
This is a brief reminder to all currently enrolled students that next
Monday, September 11, is the last day for a 100% refund for a regular
session (full term) course.
First, please check for any holds that may exist in your Student
Center in KSIS, and remember that most holds must be cleared prior to
dropping a course. You are responsible for dropping your courses in
KSIS. If you are dropping your only course, then contact your
academic deans office.
If you have any other questions regarding this process, then contact
your academic advisor and/or Enrollment Services in the Office of the Registrar,
118 Anderson Hall, *******.
All academic calendar deadlines can be found at the following website:
Best wishes for a successful Fall 2017 Term!
This is a phishing scam with a malicious link. The link is blocked, and Microsoft has been notified.
Bookmark Kinja Deals and follow us on Twitter to never miss a deal.
I’ll start. After the births of both of my daughters, I had irrational worries about their health. When my older daughter had a benign bug bite on her hand, I seriously wondered if it might be cancer. I even asked her pediatrician if it might be cancer. After my second daughter was born at the robust weight of 9 pounds, 16 ounces, I immediately pondered whether the almond croissants I had eaten with disturbing regularity during pregnancy had doomed her to a lifetime of diabetes. Okay, your turn.
edjfx Usun restrives invalidation
cwrdeathbed defeated rebuffing Okean
This is a reply-to phishing scam. All email providers, Google, and Microsoft have been notified.
From: Amit Chakrabarti [mailto:firstname.lastname@example.org]
Sent: Sunday, May 24, 2020 11:02 AM
To: ******* ******* <*******@ksu.edu>
Subject: Quick request
Send me your available cell phone number
Reply-to scam. Notified Microsoft.
I am a former student of the University, my Uncle who is a Doctor in the University area, needs students to work from home to assist him with a lot of workload during these COVID-19 pandemic, he is offering 300-USD weekly, if you know any interested students please have them email him via Talktokeating@hotmail.com
Thank you very much.
Notified webhost, notified Microsoft anti-phishing group, and blocked at the border.
Sent: Thursday, May 21, 2020 3:13 PM
To: HCS Welcome
Subject: Re: Viewing Your Paycheck and Other Important Information
Here is an update of the project.
Archive password: 7777