Kansas State University

search

Scams

Category: Phishing Scams

Scam emails specifically targeting user credentials on K-State systems – like email.

Phishing Scam – 09/24/20 – KANSAS STATE UNIVERSITY PERSONAL ASSISTANT POSITION AVAILABLE

This is a phishing scam containing an attachment for job resume used to harvest account credentials. The email has been sent to multiple K-State email addresses. It has been notified to the appropriate channels.

From: Storey, Jordan A <********@siu.edu>
Sent: Thursday, September 24, 2020 12:22 PM
To: ******************
Subject: KANSAS STATE UNIVERSITY PERSONAL ASSISTANT POSITION AVAILABLE
SEE ATTACHED DOCUMENT FOR DETAILS

Phishing Scam – 09/22/20 – 71DOS | Wire Transfer Sent 09/21.

This is a phishing scam containing a link used to harvest account credentials. It has been blocked at the border, and Google, Microsoft, and other web hosts have been notified.

From: R J Steelsmith <garona@garonagroup.co.bw>

Sent: Monday, September 21, 2020 5:15 PM

To: ************* <***************>

Subject: 71DOS | Wire Transfer Sent 09/21.

Our accounting office sent out a wire transfer Tuesday for $4,457.08 to cover the 4 invoices.

Please review and let me know if you have any questions.

https://one-pixel.studio/wp-content/browse/

THANK YOU,

R J Steelsmith

Direct #: 815-046-0416

877-111-2147 x588

e:rjs@ksu.edu

 

Phishing Scam – 09/17/2020 – [*********@ksu.edu] Message-ID:2613375696061

This is a phishing scam with a link that is used to harvest account credentials. The original sender has spoofed the ksu.edu account. Outlook has been notified of the original sender along with the content of the email.

From: ********* <*********@ksu.edu>
Sent: Thursday, September 17, 2020 7:52 AM
To: ********* <*********@ksu.edu>
Subject: [*********@ksu.edu] Message-ID:2613375696061
This message was sent with High importance.
E-Mail Summary Report: ksu.edu
Total Quarantined Emails: 3
Email: *********@ksu.edu [mailto:*********@ksu.edu]
Ksu email system failed to process new mails to your inbox folder.
Two (2) valid mails have been held in the quarantine mailbox as junk mails.
Review these messages now and choose what to do with the undelivered mails.
Review Messages Now » [http://’.$domin.’@allprint.sg/portal/?gerontology@ksu.edu&email=gerontology@ksu.edu&Z2Vyb250b2xvZ3lAa3N1LmVkdQ==]
*Sign-in is validated by ksu.edu internal user database.
Please note: Quarantined mails will be deleted automatically after 3 days.
This is an automated message. Please do not reply to this email.
© 2020 Ksu Mail Administrator · All rights reserved · Privacy Policy
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com [http://www.symanteccloud.com]
______________________________________________________________________

Phishing Scam – 09/16/2020 – The Vilgil Group- Received from ‘Account Payable’ Tuesday 15 September 2020.

This is a phishing scam with a malicious link that is used to harvest account credentials. Microsoft, Google, and other web hosts have been notified. Google has blocked the link.

From: Ksu || DocScan || Payment Remittance Advice <doug@stevensconstruction.net>
Sent: Tuesday, September 15, 2020 9:11 AM
To: ******* ******* <*******@ksu.edu>
Subject: The Vilgil Group- Received from ‘Account Payable’ Tuesday 15 September 2020.
Importance: High
AP Finance 2020_ FaxMail .

Phishing Scam – 09/15/20 – NWMessage From: 908-873-0022 10:35 AM EDT. As of 9/15/2020.

This is a phishing scam with a link. The link redirects to several other links that ultimately redirect the user to a fake Microsoft sign-in page. The URL is already blocked at the border, and the web host has been notified.

From: Timothy Shelley [mailto:tshelley@kerleywalsh.com]
Sent: Tuesday, September 15, 2020 3:40 PM
To: mailsupport@microsoft.com
Subject: NWMessage From: 908-873-0022 10:35 AM EDT. As of 9/15/2020.
 Share Point Message
You’ve received a doc from  share point message 10:35 PM EDT. As of 9/15/2020.
View them within 5 days of the received date
From : 908-873-0022
Date : 2020-09-15 11:35:15
Fax ID : 2529916
Pages : 2
Duration : 36
Date:
9/15/2020 
Trust Sender
Review [https://pub.lucidpress.com/c131d1d0-4bc8-4b73-9637-36b370e5f654/]
© 2020 Microsoft Corporation. All rights reserved.
Privacy Statement
Acceptable Use Policy
Your transaction ID for this payment is: PH0034940655
© Intuit, Inc. All rights reserved. Privacy | Terms of Service

Phishing Scam – 09/14/2020 – 1547643_Audio (509) 321-2237

This is a phishing scam with a link. The first page it leads to is harmless, but the second is reported as a common phishing scam site.
The pages and the email address have been reported to the appropriate channels.

From: 15093212237~wirelesmmms@ipovms.com <gerryoleary@nalag.org.au>
Sent: Monday, September 14, 2020 2:54 PM
To: 15093212237~wirelesmmms@ipovms.com <gerryoleary@nalag.org.au>
Subject: 1547643_Audio (509) 321-2237
You Have (1) Unread Audio Message
You’ve received a VM from Call message 12:35 PM
Time Of Communication   :    32 seconds
Speed    : 33000 bps
Received: Monday, September, 2020
DOWNLOAD [https://audiomemoo.studio.design/]
LISTEN [https://audiomemoo.studio.design/]
© 2020 Microsoft Corporation. All rights reserved.
Privacy Statement
Acceptable Use Policy
Your transaction ID for this payment is: PH0034940655
© Intuit, Inc. All rights reserved. Privacy | Terms of Service
NOTICE: This email and its contents/attachments may be confidential and are intended solely for the individual to whom it is addressed. If you are not the named addressee or if this email is otherwise received in error, please immediately notify the sender without reading it and do not take any action based on its contents or otherwise copy or disclose it to anyone. Any opinions or views expressed in this transmission are solely of the author and do not necessarily represent those of NSF International or its affiliates.

Phishing Scam – 09/14/2020 – Immediately response needed

This is a reply-to phishing scam. The sender impersonates a specific professor at K-State to receive a response. The responsible e-mail addresses were reported to the appropriate channels.

From: “*********” <*********@gmail.com>
Date: September 13, 2020 at 11:50:50 AM CDT
To: ********* <*********@ksu.edu>
Subject:Immediately response needed
Send me your available text number that I can reach you at, I will look forward hearing from you soon.–
Kevin P. Gwinner
Edgerley Family Dean of the College of Business Administration
Professor Department of Marketing
2036 Business Building

Phishing Scam – 09/12/2020 – Follow up

This is a reply-to phishing scam. The sender impersonates the director of a department to receive a response. The responsible e-mail addresses were reported to the appropriate channels.

From: ********* <*********@gmail.com>
Sent: Saturday, September 12, 2020 3:36 PM
To: ********* <*********@ksu.edu>
Subject: Follow up
Hello Megan,
How are you doing, Are you available for a quick task?
Best Regards

Judy O’Mara Director Diagnostic Lab

Phishing Scam – 09/10/2020 – Password-Notification Friday, September 11, 2020

This is a phishing scam that is telling users that their password has expired, while impersonating K-State’s IT department. The link in the email will be used to harvest account credentials. Microsoft, Google, and other web hosts have been notified, and the link has been blocked.

From: ­Ksu.edu­-­IT­ <c1650827m@i-bazaar.net>
Sent: Thursday, September 10, 2020 7:50 PM
To: ******* ******* <*******@ksu.edu>
Subject: Password-Notification Friday, September 11, 2020
­*******@ksu.edu [mailto:*******@ksu.edu]­ P­assword E­xpiry.­O­f­f­i­c­e ­3­6­5­
Hello *******@ksu.edu [mailto:*******@ksu.edu],
1650789P­assword16507891650789for16507891650789*******@ksu.edu1650789 [mailto:1650789*******@ksu.edu1650789]1650789expires16507891650789today16507891650789
1650789You16507891650789can16507891650789change165078916507891650789your16507891650789p­assword16507891650789or16507891650789continue16507891650789using16507891650789current16507891650789p­assword1650789.
1650789Keep16507891650789Same16507891650789P­assword1650789 [http://www.1650789.ajto-ablakok.hu/ZXN0aGVyc0Brc3UuZWR1#aHR0cHM6Ly9tb3Vsc2FxLmNvbS8ub2IvTy9lc3RoZXJzQGtzdS5lZHU=]
1650789Ksu.edu16507891650789Support1650789