Archive | August, 2017

Update Scam (8/31/17)

The following scam attempts to trick its victims into clicking on a malicious link, which will subsequently lead to the theft of the victims’ login credentials. Notice the unknown email address, generic language, the masked link, and the non-VCU, non-VCUHS link; all of which are tell tale signs of a scam. Please delete this message if you received it.

___________________________________________

From: Jon Lee
Sent: Thursday, August 31, 2017 2:28 PM
Subject: Urgent

 

VCU Health email update program, click UPDATE: and fill the form correctly to update your email account.

Comments Off on Update Scam (8/31/17)

Email storage warning (8/28/17)

The following scam attempts to trick its victims into clicking on a link, which will subsequently attempt to steal login information from the victim. Notice the non-VCU / non-VCUHS sender’s email, the generic message, and the hidden link going to a third party website; all of these are signs of a scam. Please delete if you received this message.

_____________________________________________

From: Email Admin [mailto:xxxxvcu-adm@home.nl]
Sent: Wednesday, August 30, 2017 4:05 PM
Subject: [EXTERNAL] [Urgent Issue]

Good Day,

Your storage space for xxxxx@vcu.edu is almost full.

95% Used

To prevent your Incoming/Outgoing mail from getting bounced back,

Click (Malicious link redacted) to add additional 10 gig free and mandatory storage.

2017 All Rights Reserved.

Comments Off on Email storage warning (8/28/17)

Advance Order / Invoice Scam (8/28/17)

The following scam attempts to trick its victims into clicking on a link, which will subsequently attempt to steal login information from the victim.  Notice the non-VCU / non-VCUHS sender’s email, the generic message, and the hidden link going to a third party website; all of these are signs of a scam. Please delete if you received this message.

_____________________________________________

From: SAUDI MAALIM CHEMICALS Est. [mailto:urxxxxxxxar@urxxxxxxxar.com]
Sent: Sunday, August 27, 2017 3:09 PM
To: xxxxx xxxxxxx<xxxxx.xxxxxxx@vcuhealth.org>
Subject: [EXTERNAL] Advanced Order

 

To: xxxxxxxx@mcvh-vcu.edu

 

Please kindly confirm your bank details in the invoice as payment will be made tomorrow.

 

Note: Invoice is sent in secure docuSign format for security reasons.

 

Thank you.

 

INVOICE.xlsx (Malicious link removed)                                                      View | Download (Malicious link removed)

 

Best Regards

 

 

Vincent Infinito CTS

 

SENIOR ACCOUNTANT

SAUDI MAALIM CHEMICALS Est.

Tel: +966 13 847 8491 / 8148601 Ext : 104

Fax: +966 13 847 849

Mob: +966 55 660732

Email : bab@ics.org.ir

Comments Off on Advance Order / Invoice Scam (8/28/17)

Transfer scam (8/28/17)

The following Phishing attempt tries to trick an employee into responding to the scammer to setup a fund transfer. Notice the email is from an unknown email address. This is a tell tale sign of an initial hook in these types of scams. If you receive suspicious messages like this, then it is always good to verify with the actual person over the phone before proceeding.

____________________________________

From: Sheryl xxxand [mailto:xxx341@gmail.com]
Sent: Monday, August 28, 2017 10:48 AM
Subject: Re: [EXTERNAL] Response

I would have texted you or called you about this but it is very urgent and so frustrating that i couldn’t get it done myself. Wanted to know if you can help me send to money through Western Union or Money Gram . I tried having $1500 sent to someone but it kept giving me some kind of error online. Was hoping you could help in sending it on my behalf, I’ll have the money back to you . Until i hear from you ..

Thanks.

Comments Off on Transfer scam (8/28/17)

Charitable Gesture (8/26/17)

Be careful with this type of message. Similar messages were used to steal people’s personal information. Unless you trust the sender, don’t click links or reply with personal information.

____________________________________________________________

Sent: Saturday, August 26, 2017 11:45 PM
Subject: Good News

Your e-mail address was among the beneficiary chosen as Susanne Klatten gives out a part of her wealth as a free will financial aid. Contact her email: harrietth54@gmail.com for more details

Comments Off on Charitable Gesture (8/26/17)

Free money scam (8/28/17)

The following scam attempts to trick its victims into contacting the scammer, who will then attempt to steal the victim’s information or money through some form of “processing fee”. Notice the unknown individual named in the email, the gmail email address, and the too good to be true message; all of these are signs of a scam. Please delete this email if you received it.

______________________________________________

From: Cxxxxxxxx, Louis [mailto:Louis.Cxxxxxxxx@xxxxx.com]
Sent: Saturday, August 26, 2017 11:45 PM
Subject: Good News

 

Your e-mail address was among the beneficiary chosen as Susanne Klatten gives out a part of her wealth as a free will financial aid. Contact her email:hxxxxxxxx54@gmail.com for more details

Comments Off on Free money scam (8/28/17)

Library scam (8/24/17)

The following scam attempts to trick its victims into clicking on a malicious link. The link goes to a website that has a cloned CAS login page, which is then used to steal the victims’ credentials.  Notice the non-VCU sender’s email address, the non-VCU link, generic language, and non-existent VCU personnel; all of which are signs of a scam. Please delete this email if you received it.

__________________________________________

From: Helen Eyre <userservices.supervisor@gmail.com>
Date: Wed, Aug 23, 2017 at 6:11 PM
Subject: Library Services
To:

Dear User,

This message is to inform you that your access to your library account will soon expire. You will have to login to your account to continue to have access to the library services.
You can reactivate it by logging in through the following URL. A successful login will activate your account and you will be redirected to your library profile.

http://go.vcu.xxxx.cf/login_service2https3axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_system3dprimo26institute3d01VCU_INST26PDS/ (Malicious link redacted)

If you are not able to login, please contact Helen Eyre at hmeyre@vcu.edu (Non-existent personnel) for immediate assistance.

Sincerely,

Helen Eyre
Main Library
Virginia Commonwealth University
(804) 827-3968
hmeyre@vcu.edu

Comments Off on Library scam (8/24/17)

Fund transfer scam (8/23/17)

The following sam attempts to trick an employee into responding to the scammer to setup a fund transfer. Notice the scammer pretends to be a high ranking University official but is sending the email from an unknown email address. This is a tell tale sign of an initial hook in these types of scams. If you receive suspicious messages like this, then it is always good to verify with the actual person over the phone before proceeding.

____________________________________

From: XXXXXXX XXXXXXX <admin@hibxxxxxxxers.com>
Date: Wed, Aug 23, 2017 at 12:18 PM
Subject:
To:

Jackie ,

Do you have a min ? I need you to take care of something for me .

Regards.

XXXXXXX XXXXXX, Ph.D.
DEAN

Comments Off on Fund transfer scam (8/23/17)

Image scam (8/22/17)

The following scam attempts to trick its recipient into clicking on a shortened link, which will then attempt to infect the victims’ computer. Notice the non-descriptive message and the shortened link; both are signs of a scam. Please delete this message if you received it.

______________________________________

From: XXXXXXXXer <jkxxxxxxxer@gmail.com>
Date: Mon, Aug 14, 2017 at 7:56 PM
Subject: [SUSPECTED SPAM]Check out this image
To:

https://goo.gl/images/vxXxxx (malicious link removed)

Sent from my iPad

Comments Off on Image scam (8/22/17)

Floral request scam (8/21/17)

The following scam attempts to trick its victims into clicking on a link; which is designed to harvest the victims’ credentials. Notice the unknown sender, generic message, masked link, and the weird URL; all of which are tell-tale signs of a scam. Please delete this message if you received it.

______________________________________
From: <Richard@bxxxxxxxesc.info>
Date: Mon, Aug 21, 2017 at 4:11 PM
Subject: Floral Request
To:

Good Morning,

I work in ‘Friendly Floral’, next to the BB&T Bank and we recieved a request, that we think, is for you. Unfortunately for us, the voicemail that left the delivery was not very clear. We called the front desk and they gave us your email. The closest name and address matches you, so I thought i would email you first to see if you recognize the name and address of the sender.

Click here (malicious link removed)

Comments Off on Floral request scam (8/21/17)