Chick-fil-a gift, Scam (11/13/2018)

The following is a scam in which the scammer is posing as a VCU entity and rewarding employee’s for good performance. The scammer is giving out Chick-fil-a gift cards. The victim will click the link and have their information stolen.

You can tell this is a scam because the email is not from a VCU account and if you hover your mouse over the link you can see that the link leads somewhere else.

If you have received this message please delete it!

From: IT Admin
Date: Tue, Nov 13, 2018 at 10:28 AM
Subject: Chick-fil-a gift

Dear Colleagues,

We have recently partnered with Aramark to give out Chick-fil-a gift cards to all faculty/staff who have received a satisfactory or higher rating on their last performance review.

The card value will range from 5$- 25$ based on the last review. Please review the link below to see if your name is on the list. If it is please pick up your gift card from Human Resources building.

LINK [Link redacted]

Leave a Comment

Purchase Request Scam (11/7/18)

The following scam attempts to trick its victims into replying to this email and buy gift cards for the scammer. The scammer in this case pretends to be an senior employee in the university making this request. If you examine the email closely, you will notice the sender’s email address is not a address at all. Once the victim is hooked by this scam, the scammer will ask the victim via email to purchase gift cards or other items. Please be aware of scams like this and report any suspicious messages to the VCU information security office.


From: A VCU Senior Official <>
Date: Wed, Nov 7, 2018 at 3:02 PM
Subject: Hello
To: Victim


I need you to purchase something for me.Kindly email me back as soon as possible.
Best regards.
Name of Senior VCU Official
Comments Off on Purchase Request Scam (11/7/18)

Flower Delivery, Phone Scam (11-7-19)

There has been reports of a phone scam making the rounds. Please be aware that while, most scams occur over email, they still can occur via phone. In this scam, the victim will receive a phone call from a flower company and they will claim that they have a delivery for you. The company will ask for when the victim will be out of office, so that they can figure out a good time to deliver the package to the victim.

This is the start of a scam, once the scammer knows when the victim will be out of office the scammer will attempt to impersonate the victim when they are out of office or use it as a way to confuse other office employees.

This scam was caught, when the victim asked for the scammer’s return phone number to call and asked why they needed that information. The number that the scammers gave to the victim was (949) 305-3247, which the victim looked up and saw that it was flagged as scammer’s phone #.

If you receive phone calls from numbers you do not know, please be wary. Most unsolicited calls are scammers so please choose carefully if you want to pick up a call from an unknown caller and be even more careful when listening to them.

Comments Off on Flower Delivery, Phone Scam (11-7-19)

W2 Paperless, Scam (11/5/18)

The following is a scam in which the scammer is impersonating a VCU employee. The scammer is hoping to convince the victim that they need to view their W2 form, which can be viewed from the link.

The link is not legitimate and this is a scam. You can tell it is a scam because the email is not a VCU email. You can also check the link (by hovering your mouse over it) to see that it is not leading to a VCU website. All of these are signs of a scam, if you see this email please delete it.
From: IT Admin
Date: Mon, Nov 5, 2018 at 3:46 PM
Subject: W2 paperless

Dear Account Owner,

Our records indicate that you are enrolled in the Virginia Commonwealth University paperless W2 Program. As a result,
you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. “paperless W2”) is
prepared and ready for viewing.

Your W2 is ready for viewing under Employee Self Service. Logon at the following link: Click here [Link Redacted]

If you have trouble logging in to Employee Self Service at the link above, please contact

Mail to
VCU Payroll Services
P. O. Box 842511
Richmond VA 23284-2511

or Deliver to
Human Resource Building
104 North Belvidere Street

or Fax to
(804) 828-3200

On completion of successful logon you can download and open the word document via this link now [Link Redacted] and enter your zipcode to see your 2017 open enrollment access info.


Comments Off on W2 Paperless, Scam (11/5/18)

Please Sign ASAP!, Scam (11-2-18)

The following is a scam in which the scammer is attempting to trick the victim into clicking a link. Upon clicking the link, the scammer will be able to steal credentials and other PII from the victim.

This scam can be spotted because of the email address used, the name of the email signature seems random. A different name is used in the email as well as who the document is from. Another way to spot this scam is the vague body, it just states there is a document waiting – no indication of what service (Dropbox, Google Drive, Apple Cloud, etc.). If you hover your mouse over the link you can also see the link is leading to somewhere else.

If you have received this message please ignore and delete it.
From: IT Admin
Date: Wed, Oct 31, 2018 at 3:27 PM
Subject: Please Sign ASAP!

You have a document waiting from:

Darren Saunders

Please sign the below Document

HR_update_form [Link Redacted]



Comments Off on Please Sign ASAP!, Scam (11-2-18) has password [Redacted]. Password must be changed, Scam (11-1-2018)

The following is a sextortion scam in which the scammer is pretending to have compromised the victim’s account. The sender address will be the victim’s address (this is actually false, the address is spoofed to appear to come from the victim’s account.)

This scam is a sextortion scam, instead of using an older password they are now spoofing email addresses to appear legitamite. Do not be intimidated. If you see this email please delete it.

From: Victim
Date: Thu, Nov 1, 2018 at 9:21 AM
Subject: FW: has password [Redacted]. Password must be changed
To: Victim


I’m a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I catched it.
Your password from on moment of crack: [Redacted]

Of course you can will change your password, or already made it.
But it doesn’t matter, my rat software update it every time.

Please don’t try to contact me or find me, it is impossible, since I sent you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I’ve never seen anything like this!
I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your relatives see it?
BUT I’m sure you don’t want it. I definitely would not want to …

I will not do this if you pay me a little amount.
I think $870 is a nice price for it!

I accept only Bitcoins.
My BTC wallet: [Link Redacted]

If you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy.
After receiving the above amount, all your data will be immediately removed automatically.
My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.
If this does not happen – all your contacts will get crazy shots with your dirty life!
And so that you do not obstruct me, your device will be locked (also after 48 hours)

Do not take this frivolously! This is the last warning!
Various security services or antiviruses won’t help you for sure (I have already collected all your data).

Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!

I hope you will be prudent.

Comments Off on has password [Redacted]. Password must be changed, Scam (11-1-2018)

Mistake?, Scam (10-20-19)

The following is a scam in which the scammer is hoping to trick the victim into clicking a link which will be used to steal the victim’s personal information. You can tell this is a scam because the scammer’s email address/ name does not match the signature nor is the email from someone the victim knows. You can also tell it is a scam because of just the link and no other information inside the email. And the mispellings on sincerely.

If you have received an email like this, please delete it.
From: IT
Sent: Tuesday, October 30, 2018 2:18 PM
Subject: [EXTERNAL] mistake?


A package was delivered to us by mistake…..I think

I opened the box and noted that your email was on the invoice…coming up to summer I thought it might be personal or work related.

We are just down the road by the Mcdonalds. I can drop it by if you will be in this afternnon?

I took a picture of the invoice, I can’t make out the name but you can clearly see your email address

Picture of Invoice [Link Redacted]


Wendy Mcguire

Sales Representative

Ashley and Mullins Law Firm LLC

Comments Off on Mistake?, Scam (10-20-19)

Re: Quick Request, Scam (10-30-19)

The following is a spearphish in which the scammer is claiming to the be a fellow employee. The scammer claims to need to know the account balance so that they can send payment to a vendor. The scammer also claims that they are busy and can only be contacted via Email.

This is a scam, the vendor is actually the scammer. In this particular scam, the scammer spoofed the email address to appear more legitimate, this is a common tactic among scammer. The best course of action is to delete and ignore the email. If you think this might be legitimate please reach out to the impersonated personal via another channel of communication to confirm.

From: Scammer
Date: Tue, Oct 30, 2018 at 9:09 AM
Subject: Re: Quick Request.

Hi Victim,

What is the available current balance in our accounts as of today? I need you to process a wire transfer to a vendor.

Email me, I’ll be busy.


Sent from myMail for iOS

Comments Off on Re: Quick Request, Scam (10-30-19)

URGENT, Scam (10-24-18)

The following is a spear phishing attempt in which the scammer is impersonating the victim’s boss. The scammer is asking for iTunes Gift Cards, and will reimburse the victim afterwords. This is a scam and the scammer will not pay the victim back afterwards.

This can be spotted as a scam because of the email address which it came from (non-VCU) and the suspicious behavior – purchasing iTune’s Gift cards. The victim, in this scam, asked the scammer to call them to verify the scammer’s identity which the scammer dodged and claimed that they were too busy to make a call.

This reeks of a scam and if you received an email like this please delete it. Names have been redacted to protect privacy.
From: Victim’s Boss
Date: Wed, Oct 24, 2018 at 10:59 AM
Subject: Re: URGENT

Victim, I am tied up right now, Can you purchase iTunes gift card 5 pieces – $100 each? I would reimburse you when am through, Let me know also i would prefer to call you but can’t receive or call at the moment with my line.we don’t have phone coverage only wi-fi


On Wed, Oct 24, 2018 at 10:49 AM Victim’s Boss wrote:


Victim,Are you free at the moment?


Victim’s Boss

Sent from my iPhone

Comments Off on URGENT, Scam (10-24-18)

Great Opportunity to talk at IDF-2019 on July 15-17 at London, UK, Scam (10-30-18)

The following is a scam in which the scammer is claiming to host a conference. Due to the victim’s great work in the field, they have been selected to be a keynote speaker for the conference. This conference is a scam and the email is the scammer trying to obtain more information and eventually money from the victim for conference fee.

You can tell this is a scam because the email is generic – the scammer just states “Your work in on Dentistry”. There are also many fonts in the email which indicates a scam as well. If you have received this email please delete it.

From: Dr. John Wesley (Dental Forum 2019 at London, UK)
Date: Tue, Oct 30, 2018 at 9:55 AM
Subject: Great Opportunity to talk at IDF-2019 on July 15-17 at London, UK

Dear Dr. Victim,

I hope you are doing great. I am the Chair of the International Dental Forum 2019 which is going to be held between July 15-17 at London, UK. I would like to invite you as a Keynote speaker to join our fabulous 2019 Speaker Program.

Furthermore, this is with great pleasure that I would like to extend the invitation to be our keynote speaker and guest of honor at one of our annual conferences. Your work in on Dentistry has left a great imprint in the field. We would like to use our event to bring the spotlight on your achievements.

We have not yet established on which day your talk would be scheduled; should you accept this invitation, there is some flexibility we can use to accommodate your own scheduling preferences (Monday July15 through Wednesday July17).

For More details; [Link Redacted]

Let me know if this is something that would be of interest to you.

Please revert back if you need further information from our side.

Best Regards,

Comments Off on Great Opportunity to talk at IDF-2019 on July 15-17 at London, UK, Scam (10-30-18)