VCU Fan House Scam (5/18/17)

The following scam is a targeted phishing attempt that tries to trick its victims into clicking on a malicious link. Please note the non-VCU sender’s email address, and the hidden link; both are signs of a scam. Please do not click on the link and delete the email if you received it.

____________________________________________________________________

From: <xxxxxxxxx@companyrelay.us>
Date: Thu, May 18, 2017 at 10:45 AM
Subject: VCU RAMS
To:

Be a winner.

Everything you do on VCU Fan House earns you points toward awesome perks, prizes and experiences from the VCU Department of Athletics

 

 

Simply sign in daily, earn points and see if you’re a winner! The more you do, the greater your chances are of winning!

Review the latest list of winners for week ending 10 May 2017. Click on the list of winners here. (malicious link removed)

Comments Off on VCU Fan House Scam (5/18/17)

Photo Scam (5/18/17)

A basic phishing attempt hitting inboxes, note the generic language and use of playing on one’s past memories.

 

From: Evil.Person@evilcorp.com [mailto:E.Person@evilcorp.com]
Sent: Wednesday, May 17, 2017 3:37 PM
To: Victim@vcu.edu
Subject: Just Wondering…

 

I think I know you. I’ve just started working here and your name is familiar…is this a photo of you when you were at our High School? If not I’m sorry…

Click here

Thanks

Comments Off on Photo Scam (5/18/17)

Slideshow Scam (5/17/2017)

The following scam attempts to trick a recipient to click the link to view a slideshow. Notice the generic language, grammatical errors, and the non-VCU reply-to address; all of which are tell-tale signs of a scam. Please delete this message if you received it.

 

From: <DXXXX@richmondrep.us>
Date: Wed, May 17, 2017 at 12:43 PM
Subject: What was Jane talking about this morning?
To: xxxxx@vcu.edu

I know you wasn’t at the meeting, but did you see the presentation…

Financial

Comments Off on Slideshow Scam (5/17/2017)

Employee Survey Scam (5/15/17)

This phishing attempt recently started to hit various VCU personnel, however, it seems that the attempt had a mistake made by the sender. The initial link didn’t lead anywhere. However, please make sure to delete this email and do not forward as the link can be changed in any future attempts by the evil doers.

From: Evil.Doer [mailto:evil.doer@evilcorp.com]
Sent: Friday, May 12, 2017 10:00 AM
To: Evil.Doer <evil.doer@evilcorp.com>
Subject: [EXTERNAL] RE: Employee Survey

 

This is a notice to all staff/employee that we are participating in the Phoenix Journal’s 2016 Best Places to Work in the Valley program. To compete,all employees are required to complete a short employee engagement survey. This is your opportunity to provide honest feedback about Our Institution,culture and your work experience. The institution will have the opportunity to view aggregate results of the survey, but your identity will be kept confidential.

The survey will take fewer than 10 minutes to complete. To access the online survey, click on the link below,login to your staff/employee email to receive your unique survey link .Copy and paste it into your browser after filling the verification form.

Employee Survey

Please do not forward this email, as the survey link can only be used once.

Comments Off on Employee Survey Scam (5/15/17)

VCU Fan House scam

The following scam tries to trick you into winning prizes from the department of Athletics. Notice the non-VCU sender’s email address and the non-VCU link; all of which are tell tale signs of a scam.

 

from: DXXXX@vcuiclouds.com
to: Victim@vcu.edu
date: Fri, May 12, 2017 at 10:55 AM
subject: VCU RAMS

 

Be a winner.

Everything you do on VCU Fan House earns you points toward awesome perks, prizes and experiences from the VCU Department of Athletics

 

 

Simply sign in daily, earn points and see if you’re a winner! The more you do, the greater your chances are of winning!

 

 Review the latest list of winners for week ending 10 May 2017. Click on the list of winners here.

 

 

 

 

Comments Off on VCU Fan House scam

Payment scam (5/9/17)

The following scam attempts to trick an administrative personnel into making fraudulent payments. Notice the generic language and the non-VCU reply-to address; both are tell-tale signs of a scam. Please delete this message if you received it.

_____________________________________

From: DXXXXXXXXX <xxxxxxdj@vcu.edu>
Date: Tue, May 9, 2017 at 1:59 PM
To:
Reply-to: DXXXXXXXX <ronxxxxxxxx@gmail.com>

The payment is for the computer supplies i purchased today i get the invoice to you later today.
 
Name: Ciara Jones
Address: 1805 N 21ST Street St Louis MO 63106
Amount:$950
Phone:314-688-3212
 
Thanks

 

Comments Off on Payment scam (5/9/17)

Who was that scam (5/9/2017)

Another phishing attempt; this one is simplistic in nature, but appeals to common curiosity. Please refrain from clicking on the nefarious link. Delete and do not forward to your friends.

 

From: <evil@companyrelay.us>
Date: Tue, May 9, 2017 at 11:50 AM
Subject: who was that in our office?
To: Victim@vcu.edu

Did you see who walked past….I took a picture!

Picture.jpb

Reception

Comments Off on Who was that scam (5/9/2017)

Login verification scam (5/9/17)

The following scam attempts to trick you into clicking on a link and subsequently compromise your credentials. Notice the non-VCU sender’s email address and the non-VCU link; all of which are tell tale signs of a scam.

_________________________________________

From: <xxxxxxx@advanced-tactic.info>
Date: Tue, May 9, 2017 at 8:46 AM
Subject: Login verification
To:

Could you confirm that you can login…remember it’s the only we have to check

http://xxx.xxx.xxx.xxx:443?uid=BDOb%2BQWIpLjDRG6QjojkvZpRzFy%2FgZhN8bDPzaSx3%2FN3so%2BU8cO2JM1%2F3uIpqca9tbS03MLE8kMb%0AxSYwIrknve3G0DVOPkpNLgFV9TysV%2F0%3D

Thanks

Comments Off on Login verification scam (5/9/17)

Rams Fan ID Scam (5/9/2017)

Below is the latest phishing scam to hit VCU, just in time for finals. Notice the fake VCU email address, plus both links lead to non-VCU websites. Please make sure to delete this email, and do NOT forward it to anyone else.

 

From: <evil@vcuiclouds.com>
Date: Tue, May 9, 2017 at 10:02 AM
Subject: Rams Fan ID
To: victim@vcu.edu

Dear Rams Fan,

Get your Rams Fan id kit now.

Exclusive perks, insider information, gameday action, awesome prizes and so much more!

Logon at the following link:Sign up

Connect with other Rams fans, post opinions and comments on the social wall or start a discussion in the Fan Forum!

Check it out, open the word document via this link now and enter your zipcode to join the Fans’ Forum.

Comments Off on Rams Fan ID Scam (5/9/2017)

Google Docs Scam (5/3/17)

We are seeing a round of emails similar to the one below hitting VCU. Upon clicking the “Open in Docs” link, you will be prompted to reauthenticate OR grant permissions to google for an app called “Google Docs”. In reality, this is not Google Docs, but rather a malicious app that was impersonating the real Google Docs. Once you grant access to this app, it will then read your contact list, and send a similar email to all of your contacts. Please make sure that you carefully check any email you receive asking to share documents. For now, if you receive something similar, delete it and do not forward it along.

UPDATE: If you have clicked on the link, was asked to grant permissions to the “Google Docs” app, and have done so, then please visit the Google Security Checkup site at https://myaccount.google.com/secureaccount, look at the “Check your account permissions” section, and remove any undesirable apps with access to your Google account. This malicious app will show up as “Google Docs” if it is connected to your account. 

*Please note, VCU have taken actions to successfully identify, quarantine, and clean any employees and student accounts that are affected. The above remediation steps apply to only personal Google accounts that may be affected.  

______________________________________________________________________

From: <xxxxxxxxxxxxxx@gmail.com>
Date: Wed, May 3, 2017 at 2:27 PM
Subject: James Schmeits has shared a document on Google Docs with you
To: hhhhhhhhhhhhh@mailinator.com

Bill Smith has invited you to view the following document:

Open in Docs

Comments Off on Google Docs Scam (5/3/17)