Archive | May 14, 2018

IDD:133 Re: Completed new files in your drive , Scam (5-14-18)

The following is a scam in which the scammer is impersonating a service account (Dropbox) which has an attachment document which the user needs to check. The document is loaded with malware, which once opened will infect the user’s machine and steal their personal data.

Some signs that this is a scam are the non- service account email and just a solo attachment with very little email body. If you have received this email please delete it.
——————————————————————————————————————————————–

From: Dropbox®@transmissiondataencripted.onmicrosftowa.com [mailto:travech@wirra.com.au]
Sent: Wednesday, May 09, 2018 8:36 PM
Subject: [EXTERNAL] IDD:133 Re: Completed new files in your drive
To: victim@vcu.edu

You have one pending message document.

Signed Purchasing Document 07-09-18 (Malicious attachment removed)

View Message

Comments Off on IDD:133 Re: Completed new files in your drive , Scam (5-14-18)

nEW Po received from 18176124543, scam (5-14-18)

The following is a scam in which the scammer is impersonating a system email. The email states that the user has a document waiting for them sent via one-drive. The document is attached to the email. The document is loaded with malware which will be used to steal PII (Credit cards, social security number and passwords) Some signs that this is a scam are the email address is not an official Microsoft account. The grammar in the email is off (you to you, nEW). Also the fact that there is just an attachment with little text is suspicious.

If you have received this email please delete it.
—————————————————————————————————————————————————-

From: ExceI [mailto:ExceI11@prairietransportation.com]
Sent: Friday, May 11, 2018 5:07 PM
To: Victim@vcu.edu
Subject: [EXTERNAL] nEW Po received from 18176124543

You have new documents sent you to you via One-Drive.

PO for __Incoming PaymentD906606-pdf (Malicious attachment removed)

ReviewPay Doc (906708)

Thanks

Comments Off on nEW Po received from 18176124543, scam (5-14-18)

CHANGES, scam (5-14-18)

The following is scam in which the scammer is impersonating a service account for O365 and has an issue that requires the user’s attention to resolve. In this particular scam the issue is a service swap in which the user needs to sign into their account to delay a service swap. The link is a phishing link, once clicked it will show a cloned login page. If the user was to put in their credentials the scammer would have their user information.

Some signs that this is a scam are the urgent issues that require the user’s attention. The email address is not a service account (the username for the account is a service name but the actually email account is a not). The generic signature (Service provider) is another sign of a scam email. The email link, if hovered over, leads to a different site that is not a VCU operated site.

If you have received this email please delete it.
———————————————————————————————————–
From: SUPPORT 365 [mailto:jackiel@nbjch.comcastbiz.net]
Sent: Monday, May 14, 2018 4:21 AM
To: Vicitim@vcu.edu
Subject: [EXTERNAL] CHANGES

Office-365

You are advised to switch to the new version to avoid service interruption switch below

Switch Here (Link Redacted)

Thanks,

Service Provider

Comments Off on CHANGES, scam (5-14-18)