Security warning scam (12/13/16)

The following scam attempts to trick its victim into clicking on a malicious link, which will subsequently steal the individuals’ login credentials. Notice the non-VCU sender’s email address, non-VCU link, and the sense of urgency conveyed in the message; all of which are tell tale signs of a scam. Please delete this email if you received it.

______________________________________________________

From: Forbes, Christopher [mailto:xxxxxx@fsu.edu]
Sent: Tuesday, December 13, 2016 9:04 AM
Subject: [EXTERNAL] Information Service

 

 

This is to notify you that IT desk has detected several attempts to access your email account from an unrecognized device.
Host name : Verizon

IP Address : 77.156.225.0

Unrecognized Location : Paris

December 13, 2016,

ISP : Private

 

If this was you kindly ignore this message.

 

If you did not, we encourage you to Review (Malicious link removed)

 

your account to save your current IP in our database, as this will improve increase security in your email account and against any virus or spam content by email sent to you.

 

 

 

Office of the director
Information technology service
Virginia Commonwealth University

 

 

Copyright © 2016  •

 

Do not reply as this is an automated message.

Comments Off on Security warning scam (12/13/16)

Money transfer scam (12/9/16)

The following scam attempts to trick its victims into responding and subsequently setting up a direct deposit or money transfer to the scammer. These scams are very targeted and are usually sophisticated with very little signs of it being a scam. When you receive emails asking you to transfer money or make payments on behalf of VCU, it is always good to check with the requesting individual by phone, or send it to the Information Security Office for verification first before executing.

________________________________________________

From: XXXX XXXXXX <xxxxxxx@vcu.edu>
Date: Wed, Dec 7, 2016 at 12:06 PM
Subject: [SUSPECTED SPAM]VCU XXXXX Financial Report
To:

XXXXXXX,

I trust this e-mail finds you well, I need you to set up a bank transfer payment. do you have few minutes to process the transaction? I will send you the banking details upon your request. can you send me the bank statement/available balance in the current account.

Sincerely,

XXXX XXXXXXX, Ph.D.
Virginia Commonwealth University
Richmond, Virginia 23284
Comments Off on Money transfer scam (12/9/16)

Fraudulent charge scam (12/7/16)

The following scam attempts to trick its victims into opening a malicious and encrypted attachment. The password to open the attachment is included in the scam email. When opened, the attachment will attempt to download Ransomware onto the victims’ computers and demand a ransom to be paid to decrypt the information. Please note the generic email address,  generic message, scare tactic used in the message, and an unknown attachment; all of which are tell tale signs of a scam. If you received this email, please delete it.

_________________________________________________

From: Regan Stamdifer [xxxxxxxxxxb@outlook.com]
Sent: Sunday, December 04, 2016 6:09 AM
To:
Subject: FWD hartmaf

 

Hello hartmaf

 

You are going to be billed $ 2,542.04 on your personal Visa card right away.

Go through attachment to avoid it.

Password to view the attachment is 7778.

 

Best regards,

Lola

 

[Attachment was an encrypted Microsoft Word Doc titled Scan_hartmaf.doc]

Comments Off on Fraudulent charge scam (12/7/16)

Fwd: (SOME) UNIVERSITY – ACTION REQUIRED (PLEASE READ) 2016 – 2017 #00172(pdf)

VCU Faculty and Staff members have recently reported the following email making its rounds across the mailboxes.

Hello,
This attachment contains an important document i sent to you, kindly view document.
Please let me know if you have any question or need any additional information.
Have a great day.
Note: The email contains a PDF attachment. The attachment is a single page with an image but there is an embedded link in this image. If you open the PDF and click the link, it seems that the attacker will begin spoofing your email address to continue sending these emails.
Please ignore the email and delete it. You should never contact an unknown sender back via email asking if an email is legitimate. When in doubt, forward it to infosec@vcu.edu and let us do the investigating on your behalf.
Comments Off on Fwd: (SOME) UNIVERSITY – ACTION REQUIRED (PLEASE READ) 2016 – 2017 #00172(pdf)

HELP DESK scam (11/22/16)

The following scam attempts to trick its victims into clicking on a malicious link, which will subsequently attempt to steal the victims’ login credentials. Notice the non-VCU sender’s address, the generic message, and the non-VCU link; all of which are tell-tale signs of a phishing scam. Please delete this message if you received it.

__________________________________________________

From: Jane Webmail [mailto:wexxxxxxx@mail.ru]
Sent: Tuesday, November 22, 2016 11:21 AM
To: wexxxxxxx@mail.ru
Subject: [EXTERNAL] HELP DESK

 

Dear Email user your mailbox has exceeded it quota/limit you may
not be able to receive or send new mails until you re-validate. To
re-validate click here (Malicious link redacted)

Thank you for corporation with us

Copyright © 2016 Web-mail System Administrator.
Email Technical Support Team.

Comments Off on HELP DESK scam (11/22/16)

DocuSign Scam (11/16/2016)

At first glance this looks like a normal DocuSign email. If you hover over the “review document” button, your browser will tell you that the button actually links to “ow.ly/XX[REDACTED]XX”.  The link will bring you to a fake Google Drive signin page. Please to not click the link or enter in your VCU credentials.

 

From: [REDACTED]@senate.virginia.gov

Date: Wed, Nov 16 2016

Subject: PF Documents

"Review Document" is the phishing link

Comments Off on DocuSign Scam (11/16/2016)

Account Suspension Warning Scam (10/28/16)

The following scam attempts to trick its recipients into clicking on a malicious link, which will in turn steal the victims’ credentials.Please delete this email if you received it.
_______________________________________________

Subject: VCU Official Message: Avoid Account Suspended

Dear User,

VCU implements stringent security measures to promote the confidentiality,
integrity, and availability of any information in the possession (or
control) of New School

Your VCU account needs to be updated due to your security purpose, is to
protect users information from being viewed by an outside third-party.

Followed the secure (link removed)

The process is simple and can be completed in 3 minutes or less.

Thank you.

Virginia Commonwealth University

Comments Off on Account Suspension Warning Scam (10/28/16)

Wire transfer scam (10/19/16)

The following scam attempts to trick an employee into making large funding transfers to a scammer. Notice the non-VCU email address used by the scammer. and the generic language used in the email; both are tell tale signs of a scam. If you receive these types of emails, regardless of who it is claimed to be from, please review them carefully before taking any action. If you are unsure of the legitimacy of an email, please contact the VCU IT Support Center at 828-2227 for assistance.

__________________________________________________________

From: Some VCU Senior Personnel <mailxxxxxx31@gmail.com>
Date: Wed, Oct 19, 2016 at 10:57 AM
Subject: Payment
To:

Hi  Your name,

 

Can you help me make a payment via wire Transfer . Revert back so I can provide the payment details..
Thanks,

 

Some VCU Senior Personnel

Personnel title
Sent from my Verizon 4G LTE Tablet

Comments Off on Wire transfer scam (10/19/16)

ITS Helpdesk Scam (10/6/2016)

This scam attempt is a pretty basic one that should be easily spotted. VCU and VCU Health System do not require any students, faculty or staff to verify accounts before performing email system work. If you have received this message, please delete it.

Thu 10/6/2016 10:58 AM
Sandy Goody <good@good.org>
[EXTERNAL] RE: ITS Helpdesk
Bobby Evil <evil@evil.org>

Dear Staff/Employees,

We are migrating all email accounts into Outlook Web App 2016 and as such all active Account Holder are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.

Click Upgrade Account to migrate and block further Spam mails.

Best Regards,
ITS Helpdesk
Office of Information Technology Services (ITS)

 

Comments Off on ITS Helpdesk Scam (10/6/2016)

Account Suspension Scam (10/3/16)

The following scam attempts to trick its recipients into clicking on a malicious link, which will in turn steal the victims’ credentials. Notice the non-Chase Bank sender’s address, generic language, and the non-Chase Bank URL; all of which are tell-tale signs of a scam. Please delete this email if you received it.

__________________________________________

From: Chase Online [mailto:jue-spxxxxxxel@t-online.de]
Sent: Monday, October 03, 2016 11:56 AM
To:
Subject: ALERT – Account Facing Suspension

 

Hello [[-Customer-]],
 
Our records show that on September. 1st 201601:38a.m We suspected an invalid login attempt from an unknown ip and we ask you to verify your details and avoid suspension
 
To Continue verification and aviod suspension click here (Malicious link redacted)

 

 

Thanks,
Chase Customer Service

Comments Off on Account Suspension Scam (10/3/16)