Refund scam (1/17/17)

The following scam attempts to trick its victims into contacting a scammer in promise of money. Notice the generic gmail account used for the scam, the too good to be true message, and sense of urgency; all of which are signs of a scam. If you received this message, then please ignore and delete it.

________________________________________

From: Ola [mailto:tmxxxxxxx53@gmail.com]
Sent: Tuesday, January 17, 2017 11:38 AM
Subject: your late uncle’s fund

Hello,
How are you today I hope this message meets you well? I have tried to reach you many times concerning your late uncle’s fund with my bank.
Please read attached letter and get back to me a.s.a.p.
Regards,
Mr. Daniel Sako

Comments Off on Refund scam (1/17/17)

Email account security scam (1/4/17)

The following scam attempts to trick its victims into clicking on a malicious link, which will then steal the login information from the victims. Notice the generic language, non-VCU link, and poor grammar; all of these are signs of a scam. Please delete this message if you received it.

_______________________________________

From: Audrey Millan <Audrey_Millan@xxxxnet>
Date: January 3, 2017 at 18:13:14 EST
To: Undisclosed recipients:;
Subject: [EXTERNAL] Important: Securing Your Mail Account

To All Employees\Staff,
We are currently make some changes to our online system due to recent upgrade in Payroll and HR Systems to enable us provide secured services.
Please confirm your access details to avoid service interruption using the secured link (Malicious link removed)
Thank you.
Comments Off on Email account security scam (1/4/17)

Security warning scam (12/13/16)

The following scam attempts to trick its victim into clicking on a malicious link, which will subsequently steal the individuals’ login credentials. Notice the non-VCU sender’s email address, non-VCU link, and the sense of urgency conveyed in the message; all of which are tell tale signs of a scam. Please delete this email if you received it.

______________________________________________________

From: Forbes, Christopher [mailto:xxxxxx@fsu.edu]
Sent: Tuesday, December 13, 2016 9:04 AM
Subject: [EXTERNAL] Information Service

 

 

This is to notify you that IT desk has detected several attempts to access your email account from an unrecognized device.
Host name : Verizon

IP Address : 77.156.225.0

Unrecognized Location : Paris

December 13, 2016,

ISP : Private

 

If this was you kindly ignore this message.

 

If you did not, we encourage you to Review (Malicious link removed)

 

your account to save your current IP in our database, as this will improve increase security in your email account and against any virus or spam content by email sent to you.

 

 

 

Office of the director
Information technology service
Virginia Commonwealth University

 

 

Copyright © 2016  •

 

Do not reply as this is an automated message.

Comments Off on Security warning scam (12/13/16)

Money transfer scam (12/9/16)

The following scam attempts to trick its victims into responding and subsequently setting up a direct deposit or money transfer to the scammer. These scams are very targeted and are usually sophisticated with very little signs of it being a scam. When you receive emails asking you to transfer money or make payments on behalf of VCU, it is always good to check with the requesting individual by phone, or send it to the Information Security Office for verification first before executing.

________________________________________________

From: XXXX XXXXXX <xxxxxxx@vcu.edu>
Date: Wed, Dec 7, 2016 at 12:06 PM
Subject: [SUSPECTED SPAM]VCU XXXXX Financial Report
To:

XXXXXXX,

I trust this e-mail finds you well, I need you to set up a bank transfer payment. do you have few minutes to process the transaction? I will send you the banking details upon your request. can you send me the bank statement/available balance in the current account.

Sincerely,

XXXX XXXXXXX, Ph.D.
Virginia Commonwealth University
Richmond, Virginia 23284
Comments Off on Money transfer scam (12/9/16)

Fraudulent charge scam (12/7/16)

The following scam attempts to trick its victims into opening a malicious and encrypted attachment. The password to open the attachment is included in the scam email. When opened, the attachment will attempt to download Ransomware onto the victims’ computers and demand a ransom to be paid to decrypt the information. Please note the generic email address,  generic message, scare tactic used in the message, and an unknown attachment; all of which are tell tale signs of a scam. If you received this email, please delete it.

_________________________________________________

From: Regan Stamdifer [xxxxxxxxxxb@outlook.com]
Sent: Sunday, December 04, 2016 6:09 AM
To:
Subject: FWD hartmaf

 

Hello hartmaf

 

You are going to be billed $ 2,542.04 on your personal Visa card right away.

Go through attachment to avoid it.

Password to view the attachment is 7778.

 

Best regards,

Lola

 

[Attachment was an encrypted Microsoft Word Doc titled Scan_hartmaf.doc]

Comments Off on Fraudulent charge scam (12/7/16)

Fwd: (SOME) UNIVERSITY – ACTION REQUIRED (PLEASE READ) 2016 – 2017 #00172(pdf)

VCU Faculty and Staff members have recently reported the following email making its rounds across the mailboxes.

Hello,
This attachment contains an important document i sent to you, kindly view document.
Please let me know if you have any question or need any additional information.
Have a great day.
Note: The email contains a PDF attachment. The attachment is a single page with an image but there is an embedded link in this image. If you open the PDF and click the link, it seems that the attacker will begin spoofing your email address to continue sending these emails.
Please ignore the email and delete it. You should never contact an unknown sender back via email asking if an email is legitimate. When in doubt, forward it to infosec@vcu.edu and let us do the investigating on your behalf.
Comments Off on Fwd: (SOME) UNIVERSITY – ACTION REQUIRED (PLEASE READ) 2016 – 2017 #00172(pdf)

HELP DESK scam (11/22/16)

The following scam attempts to trick its victims into clicking on a malicious link, which will subsequently attempt to steal the victims’ login credentials. Notice the non-VCU sender’s address, the generic message, and the non-VCU link; all of which are tell-tale signs of a phishing scam. Please delete this message if you received it.

__________________________________________________

From: Jane Webmail [mailto:wexxxxxxx@mail.ru]
Sent: Tuesday, November 22, 2016 11:21 AM
To: wexxxxxxx@mail.ru
Subject: [EXTERNAL] HELP DESK

 

Dear Email user your mailbox has exceeded it quota/limit you may
not be able to receive or send new mails until you re-validate. To
re-validate click here (Malicious link redacted)

Thank you for corporation with us

Copyright © 2016 Web-mail System Administrator.
Email Technical Support Team.

Comments Off on HELP DESK scam (11/22/16)

DocuSign Scam (11/16/2016)

At first glance this looks like a normal DocuSign email. If you hover over the “review document” button, your browser will tell you that the button actually links to “ow.ly/XX[REDACTED]XX”.  The link will bring you to a fake Google Drive signin page. Please to not click the link or enter in your VCU credentials.

 

From: [REDACTED]@senate.virginia.gov

Date: Wed, Nov 16 2016

Subject: PF Documents

"Review Document" is the phishing link

Comments Off on DocuSign Scam (11/16/2016)

Account Suspension Warning Scam (10/28/16)

The following scam attempts to trick its recipients into clicking on a malicious link, which will in turn steal the victims’ credentials.Please delete this email if you received it.
_______________________________________________

Subject: VCU Official Message: Avoid Account Suspended

Dear User,

VCU implements stringent security measures to promote the confidentiality,
integrity, and availability of any information in the possession (or
control) of New School

Your VCU account needs to be updated due to your security purpose, is to
protect users information from being viewed by an outside third-party.

Followed the secure (link removed)

The process is simple and can be completed in 3 minutes or less.

Thank you.

Virginia Commonwealth University

Comments Off on Account Suspension Warning Scam (10/28/16)

Wire transfer scam (10/19/16)

The following scam attempts to trick an employee into making large funding transfers to a scammer. Notice the non-VCU email address used by the scammer. and the generic language used in the email; both are tell tale signs of a scam. If you receive these types of emails, regardless of who it is claimed to be from, please review them carefully before taking any action. If you are unsure of the legitimacy of an email, please contact the VCU IT Support Center at 828-2227 for assistance.

__________________________________________________________

From: Some VCU Senior Personnel <mailxxxxxx31@gmail.com>
Date: Wed, Oct 19, 2016 at 10:57 AM
Subject: Payment
To:

Hi  Your name,

 

Can you help me make a payment via wire Transfer . Revert back so I can provide the payment details..
Thanks,

 

Some VCU Senior Personnel

Personnel title
Sent from my Verizon 4G LTE Tablet

Comments Off on Wire transfer scam (10/19/16)