Fwd: (SOME) UNIVERSITY – ACTION REQUIRED (PLEASE READ) 2016 – 2017 #00172(pdf)

VCU Faculty and Staff members have recently reported the following email making its rounds across the mailboxes.

Hello,
This attachment contains an important document i sent to you, kindly view document.
Please let me know if you have any question or need any additional information.
Have a great day.
Note: The email contains a PDF attachment. The attachment is a single page with an image but there is an embedded link in this image. If you open the PDF and click the link, it seems that the attacker will begin spoofing your email address to continue sending these emails.
Please ignore the email and delete it. You should never contact an unknown sender back via email asking if an email is legitimate. When in doubt, forward it to infosec@vcu.edu and let us do the investigating on your behalf.
Leave a Comment

HELP DESK scam (11/22/16)

The following scam attempts to trick its victims into clicking on a malicious link, which will subsequently attempt to steal the victims’ login credentials. Notice the non-VCU sender’s address, the generic message, and the non-VCU link; all of which are tell-tale signs of a phishing scam. Please delete this message if you received it.

__________________________________________________

From: Jane Webmail [mailto:wexxxxxxx@mail.ru]
Sent: Tuesday, November 22, 2016 11:21 AM
To: wexxxxxxx@mail.ru
Subject: [EXTERNAL] HELP DESK

 

Dear Email user your mailbox has exceeded it quota/limit you may
not be able to receive or send new mails until you re-validate. To
re-validate click here (Malicious link redacted)

Thank you for corporation with us

Copyright © 2016 Web-mail System Administrator.
Email Technical Support Team.

Comments Off on HELP DESK scam (11/22/16)

DocuSign Scam (11/16/2016)

At first glance this looks like a normal DocuSign email. If you hover over the “review document” button, your browser will tell you that the button actually links to “ow.ly/XX[REDACTED]XX”.  The link will bring you to a fake Google Drive signin page. Please to not click the link or enter in your VCU credentials.

 

From: [REDACTED]@senate.virginia.gov

Date: Wed, Nov 16 2016

Subject: PF Documents

"Review Document" is the phishing link

Comments Off on DocuSign Scam (11/16/2016)

Account Suspension Warning Scam (10/28/16)

The following scam attempts to trick its recipients into clicking on a malicious link, which will in turn steal the victims’ credentials.Please delete this email if you received it.
_______________________________________________

Subject: VCU Official Message: Avoid Account Suspended

Dear User,

VCU implements stringent security measures to promote the confidentiality,
integrity, and availability of any information in the possession (or
control) of New School

Your VCU account needs to be updated due to your security purpose, is to
protect users information from being viewed by an outside third-party.

Followed the secure (link removed)

The process is simple and can be completed in 3 minutes or less.

Thank you.

Virginia Commonwealth University

Comments Off on Account Suspension Warning Scam (10/28/16)

Wire transfer scam (10/19/16)

The following scam attempts to trick an employee into making large funding transfers to a scammer. Notice the non-VCU email address used by the scammer. and the generic language used in the email; both are tell tale signs of a scam. If you receive these types of emails, regardless of who it is claimed to be from, please review them carefully before taking any action. If you are unsure of the legitimacy of an email, please contact the VCU IT Support Center at 828-2227 for assistance.

__________________________________________________________

From: Some VCU Senior Personnel <mailxxxxxx31@gmail.com>
Date: Wed, Oct 19, 2016 at 10:57 AM
Subject: Payment
To:

Hi  Your name,

 

Can you help me make a payment via wire Transfer . Revert back so I can provide the payment details..
Thanks,

 

Some VCU Senior Personnel

Personnel title
Sent from my Verizon 4G LTE Tablet

Comments Off on Wire transfer scam (10/19/16)

ITS Helpdesk Scam (10/6/2016)

This scam attempt is a pretty basic one that should be easily spotted. VCU and VCU Health System do not require any students, faculty or staff to verify accounts before performing email system work. If you have received this message, please delete it.

Thu 10/6/2016 10:58 AM
Sandy Goody <good@good.org>
[EXTERNAL] RE: ITS Helpdesk
Bobby Evil <evil@evil.org>

Dear Staff/Employees,

We are migrating all email accounts into Outlook Web App 2016 and as such all active Account Holder are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.

Click Upgrade Account to migrate and block further Spam mails.

Best Regards,
ITS Helpdesk
Office of Information Technology Services (ITS)

 

Comments Off on ITS Helpdesk Scam (10/6/2016)

Account Suspension Scam (10/3/16)

The following scam attempts to trick its recipients into clicking on a malicious link, which will in turn steal the victims’ credentials. Notice the non-Chase Bank sender’s address, generic language, and the non-Chase Bank URL; all of which are tell-tale signs of a scam. Please delete this email if you received it.

__________________________________________

From: Chase Online [mailto:jue-spxxxxxxel@t-online.de]
Sent: Monday, October 03, 2016 11:56 AM
To:
Subject: ALERT – Account Facing Suspension

 

Hello [[-Customer-]],
 
Our records show that on September. 1st 201601:38a.m We suspected an invalid login attempt from an unknown ip and we ask you to verify your details and avoid suspension
 
To Continue verification and aviod suspension click here (Malicious link redacted)

 

 

Thanks,
Chase Customer Service

Comments Off on Account Suspension Scam (10/3/16)

Microsoft Phone Scam (8/17/16)

Several individuals in the University have reported receiving calls from scammers pretending to be Microsoft tech support personnel. These individuals will usually scare the victims by advising them that they are being hacked or have some bad malware on their computers. In reality, the scammers wanted to remotely access victim computer systems to install malware, making configuration changes, and / or steal information. Further, the scammers will usually try to ask the victims in paying for their “services” to remove the malware, and if the victims refuse to pay, then they will configure the victims’ computers so it is completely locked out.  If you receive phone calls from people pretending to be Microsoft, Apple, VCU, or any other reputable companies requesting remote access to your computer, it is always wise to check the phone number of the caller and contact your IT support directly for verification. You should never agree to allow another person to install software on your computer without verifying the individual’s identity and contacting your IT support personnel first.

Comments Off on Microsoft Phone Scam (8/17/16)

Password Expired Scam (8/17/2016)

The following scam attempts to trick its victims into clicking on a link, which will subsequently steal their credentials. Notice the sense of urgency, generic language. and the non-VCU link; all of which are tell tale signs of a scam. Please delete this email if you received it.

_________________________________________

From: XXXX XXXXXX<xxxx.xxxxxx@vcuhealth.org>
Date: Wed, Aug 17, 2016 at 9:51 AM
Subject: Your password will expire in 2 days

To:

Your e-mailbox password will expire in 2 days. to keep your password.CLICK=HERE to update immediately

IT-Service Help Desk.

Comments Off on Password Expired Scam (8/17/2016)

IT Service Update Scam (8/12/2016)

The following scam attempts to trick its victims into clicking on a link, which will subsequently steal their credentials. Notice the sense of urgency, generic language. and the non-VCU link; all of which are tell tale signs of a scam. Please delete this email if you received it.

_________________________________________

From: XXXX XXXXXX<xxxx.xxxxxx@vcuhealth.org>
Date: Fri, Aug 12, 2016 at 9:51 AM
Subject: IT-Service Password Update
To:

Your e-mailbox password will expire in 2 days. to keep your password.CLICK=HERE to update immediately

IT-Service Help Desk.

Comments Off on IT Service Update Scam (8/12/2016)