Credential Phishing (12/4/2014)

On December 12th, Information Security Staff was alerted to a phishing scam attempting to get users to send their EID and password to the message sender.  Please note that VCU or it’s affiliates will never ask for your password.  Please contact the HelpIT center for assistance if you suspect your credentials are compromised.  Here is the e-mail:

//From: <Redacted>
//Date: Thursday, December 4, 2014
//Subject: Reply Asap!!
//To:
//Dear Web mail Account Holder:
// This is to notify the students of  Virginia CommonWealth University,
//there would be an upgrade maintenance of our servers.
//We kindly request that you send the following information in order to
//keep your account still active after the upgrade.
//(1) VCU eID:
//(2) Password:
//Your Username and password are the credentials you use to Login your
//VCU account.
//Please acknowledge this email upon receipt.
//Thank you.
//From the Administrator
//Virginia CommonWealth University.

 

 

Please disregard the email if you received it. For more information on email scams, please contact the VCU helpIT center at 828-2227 or helpit@vcu.edu.

Comments Off

Target.com order scam (12/1/14)

The following scam attempts to trick its victims into clicking on a malicious link, which will subsequently attempt to steal the victim’s login credentials. Notice the non-Target email address, and the non-Target link embedded under the link text; both of which are tell-tale signs of a scam. If you received this scam, then please ignore and delete it. For more information on email scams, please contact the VCU helpIT center at 828-2227 or helpIT@vcu.edu

_________________________________________________

From: Target.com [mailto:bertrand.charrier@univ-pau.fr]
Sent: Friday, November 28, 2014 8:19 AM
To:
Subject: Order Status

 

As Thanksgiving nears we want to advise you that our online shop has an order addressed to you.

You may pick it in any store of Target.com closest to you within four days.

Please, open the link (Malicious link redacted) for full order information.

Happy Thanksgiving,

Always yours,
Target.com

TARGET

Privacy policy | cookies | terms & conditions | CA privacy rights

2014 Target Brands, Inc. Target, the Bullseye Design and Bullseye Dog are trademarks of Target Brands, Inc. All rights

Comments Off

Email exceeded limit scam (12/1/14)

The following scam attempts to trick its victims into clicking on a malicious link which will subsequently allow the scammer to steal the victim’s login credentials. Notice the non-VCU link, non-VCU sender’s email address, and generic language; all of which are tell-tale signs of a scam. Please disregard the email if you received it. For more information on email scams, please contact the VCU helpIT center at 828-2227 or helpit@vcu.edu.

__________________________________________________________

 

Subject: IT
Date: Fri, 28 Nov 2014 11:54:18 +0000
From: Kevin Willcox <Kevin.Willcox@crestnicholson.com>
To: info@edu.org <info@edu.org>

 

Dear email user,
Your mailbox has exceeded the limit Click Here (Malicious link redacted) to upgrade your E-mail IT Service Desk Support owner email should comply to this warning to save his or her account.
IT-Service Help Desk

 

Comments Off

Urgent Message Scam (12/1/14)

The following scam attempts to trick its victim into clicking on a malicious link, which will then attempt to steal the victim’s credentials. Notice the non-VCU link masked under the “Click Here” text, and the ambiguous admin@vcu.edu spoofed email address; both of which are tell tale signs of a scam. Please disregard this email if you received it. For more information on scams, please contact the VCU helpIT center at 828-2227 or helpit@vcu.edu

____________________________________________________

From: “VCU Admin” <admin@vcu.edu>
Date: December 1, 2014 at 8:58:15 AM EST
To:
Subject: Urgent Message
Reply-To: admin@vcu.edu

msu logo

Dear VCU Candidate,
Your Email (xxxxxxxx@vcu.edu ) has been selected for an important and mandatory account upgrade.
Please Click Here (Link redacted) and login to upgrade your Email.

Regards,
VCU Admin.

Comments Off

Vehicle Scam (11/21/2014)

This is a basic phishing attempt. The most likely scenario would be that the sender would ask anyone responding for personal information including names, account numbers, and addresses. Please do not respond to any emails of this kind.

To: Recipients <admin@redacted.nl>
From: Texaco Gas <admin@redacted.nl>
Date: 11/19/2014 04:09PM
Subject: Holiday Income ::..

Place Texaco Gas AD signs on your vehicle for $400 weekly. Reply if interested…
Comments Off

Account Upgrade Scam (11/20/2014)

Another scam that should not be responded to, this message looks like it may be a simple alert, however, it uses scare tactics to trick you into sending your username and password. Please remember VCU IT Staff will never ask for your personal information.
From: VCU Communications Unit <redacted@scammer.edu>
Date: November 20, 2014 at 1:18:15 EST
To: undisclosed-recipients:;
Subject: VCU Mail update
Reply-To: redacted@mail2webmaster.com

Dear VCU Mail user,

This is to notify all Students,Staff and Faculty,that the Virginia
Commonwealth University mail information technology(it) Help Center
policy requires each mail account holder to upgrade his/her account
for an active affiliation with the technology cyber services.

The network satellite and Banner system does not show an active
2014/2015 affiliation for you at this time. You are required to
provide the information below in reply to this email for activation of
your affiliation,upgrade of security and increment of your mailbox
quota size-:

Username:

Password:

Your mail account is scheduled to be deactivated in 2 days of “Non
Compliance” After that time, you will not be able to log into your
mail box. Email messages sent to your mailbox will be rejected.

If your eligibility is restored in the next <GRACE_PERIOD days,
you will receive a mail informing you that your account is no
longer scheduled for termination.

Comments Off

VCU Mail Update Scam (11/20/14)

The following scam attempts to steal its victims’ logon credentials. Notice the non-VCU sender’s address, grammatical errors, and sense of urgency conveyed by the email. All of which are tell-tale signs of a phishing scam. If you received this scam, please delete it. For more information please contact the VCU helpIT center at 828-2227 or helpIT@vcu.edu

___________________________________________________

From: VCU Communications Unit <bianca.ramirez1@upr.edu>
Date: November 20, 2014 at 1:18:15 EST
To: undisclosed-recipients:;
Subject: VCU Mail update
Reply-To: itcenter@mail2webmaster.com

Dear VCU Mail user,

This is to notify all Students,Staff and Faculty,that the Virginia
Commonwealth University mail information technology(it) Help Center
policy requires each mail account holder to upgrade his/her account
for an active affiliation with the technology cyber services.

The network satellite and Banner system does not show an active
2014/2015 affiliation for you at this time. You are required to
provide the information below in reply to this email for activation of
your affiliation,upgrade of security and increment of your mailbox
quota size-:

Username:

Password:

Your mail account is scheduled to be deactivated in 2 days of “Non
Compliance” After that time, you will not be able to log into your
mail box. Email messages sent to your mailbox will be rejected.

If your eligibility is restored in the next <GRACE_PERIOD days,
you will receive a mail  informing you that your account is no
longer scheduled for termination.

© 1996-2014 Virginia Commonwealth University. All rights reserved.
Site Maintained by Division of IT

Comments Off

Email Exceeded Storage Limit Scam (11/20/2014)

This phishing scam is quite basic compared to some of the more recent ones we have seen at VCU. Keep in mind VCU will never ask you for personal information over email or phone.

From:        James F. <James.F.@spammsite.com>
To:
Date:        11/20/2014 07:51 AM
Subject:        Helpdesk Support

 

Your email has exceeded storage limit as created. You will no longer be able to send  or receive messages. To reactivate, Click the link and complete required information; CLICK HERE
Account must be reactivated today in order to regenerate new space.
Helpdesk Support

Comments Off

Tutor scam (11/17/2014)

The following scam attempts to trick its victim into contacting the scammer, who will then attempt to trick the victim into providing their personal information to the scammer.  While there are very few signs of scam for the initial email, the scammer will try to send the victim a fake cashier’s check if the victim is caught on the scammer’s hook. The cashier’s check will be for an amount greater than what is agreed upon, and the scammer will then proceed to ask for a “refund”, at which point the victim will have her money stolen. As a general best practice, we should never answer to unsolicited emails from unknown individuals. For more information on email and phishing scams, please contact the VCU helpIT center at 828-2227 or helpIT@vcu.edu.

______________________________________________________________

From: “Bryan Jonathan” <bryanjonathan102@yahoo.com>
To:
Sent: Saturday, November 1, 2014 7:46:57 PM
Subject: German Lessons

Hello,

How are you doing today? My name is Bryan Jonathan. I came across your e-mail while surfing online for private lessons for my daughter, Debra. Debra is a 17 years old girl. She is ready to learn. I would like the lessons to be at your location. Kindly let me know your policy with regard to the fees,cancellations, location and make-up lessons. Also,get back to me with your area of specialization and any necessary information you think that might help.

The lessons can start by November 13th.

Looking forward reading from you.

My best regards,
Mr Bryan.

Comments Off

Bank of America scam (11/6/14)

The following scam attempts to steal a victim’s personally identifiable information. Note the non-Bank of America sender’s email, the attached malicious form, and the overall generic tone of the email; all of which are tell-tale signs of a scam. Please delete this email if you received and contact the VCU helpIT center at 828-2227 for any questions.

________________________________________________________________________

From:        “Bank of America” <boa@memberservice.com> 
To:       
Date:        11/05/2014 10:55 AM 
Subject:        Unauthorized activity on your online account 





CASE ID: 2796459 Dear Customer, We have recently detected several failed attempts to provide the correct answers to your security questions. As a result, we have temporarily suspended your online access and we need to go through some verification. To begin please download the attached file below and start with the verification procedure. Bank of America safeguards your account whenever there isa possibility that someone else is attempting to sign in. Please understand that this form must be completed within 24 hours. This is our security measure intended to help and protect you and your account. Thank you for your cooperation and we deeply apologize for any inconvenience this may have caused you. © 2014 Bank of America Corporation. All rights reserved.

Comments Off