W2 scam (7/3/17)

The following scam attempts to trick its victims into clicking on a malicious link. Notice the non-VCU sender’s address and masked link; both are tell-tale signs of a scam.

_________________________________

From: <F.Rayser@xxxxxxxlay.us>
Date: Mon, Jul 3, 2017 at 9:24 AM
Subject: W2 paperless
To:
Dear Account Owner,

Our records indicate that you are enrolled in the Virginia Commonwealth University paperless W2 Program. As a result,
you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. “paperless W2”) is
prepared and ready for viewing.

Your W2 is ready for viewing under Employee Self Service. Logon at the following link: Click here (malicious link removed)

If you have trouble logging in to Employee Self Service at the link above, please contact

Mail to
VCU Payroll Services
P. O. Box 842511
Richmond VA 23284-2511
or Deliver to
Human Resource Building
104 North Belvidere Street
or Fax to
(804) 828-3200

On completion of successful logon you can download and open the word document via this link now and enter your zipcode to see your 2017 open enrollment access info.
AAHUTI GUPTA
FINANCIAL ADMINISTRATOR
VCU HR DEPARTMENT

Comments Off on W2 scam (7/3/17)

Package scam (6/30/17)

The following scam attempts to trick its victims into clicking on a malicious link, which will then download malware to the victims’ computers. Notice the unfamiliar email address, generic language, and the masked link; all of which are tell tale signs of a scam. Please delete this message if you received it.

_____________________________________________

From: <Axxxxx@bxxxxxxxxesc.info>
Date: Fri, Jun 30, 2017 at 11:05 AM
Subject: package?
To:

Hi,

A package was delivered to us by mistake…..I think

I opened the box and noted that your email was on the invoice…coming up to summer I thought it might be personal or work related.

We are just down the road by the Mcdonalds. I can drop it by if you will be in this afternoon?

I took a picture of the invoice, I can’t make out the name but you can clearly see your email address

Click here (Malicious link removed)

Comments Off on Package scam (6/30/17)

Fraudulent Charge Scam (6/27/17)

The following scam attempts to trick its victims into clicking on a link, which will subsequently steal their credentials. Notice the urgent message, generic language, and the Weebly website; all of these are signs of a scam. Please delete this message if you received it.

______________________________________

From: XXXX XXXXX
Sent: Tuesday, June 27, 2017 8:54 PM
Subject: Message ID 6925269

 

There was a fraudulent charge attempt on your Debit card .

Your Debit card  Services are currently restricted.

For your own security, you are required to verify your identity before you proceed to review your recent card activity.

Restricted accounts are limited in money transfers or withdrawal funds.

To view full notification visit: http://xxxxxxxxxx.weebly.com/ (malicious site redacted)

 

© 2017 Federal Card Union

Comments Off on Fraudulent Charge Scam (6/27/17)

Problem with Website scam (6/27/17)

The following scam attempts to trick its victims into clicking on a link.  Notice the unknown email address, generic language, and the masked link that does not go to VCU, all of these are tell-tale signs of a scam. Please delete this email if you received it.

____________________________________________

From: <Patxxxx@rxxxxxxxrep.us>
Date: Tue, Jun 27, 2017 at 11:04 AM
Subject: Problem with website?
To:

I’m trying to open the PDF on your website but having no luck what so ever. Its for my 4th grade class …could you see if it opens for you ..at least then I know the problem is at my end.

Click here (Malicious link removed)

Comments Off on Problem with Website scam (6/27/17)

Delivery scam (6/22/17)

The following scam attempts to trick its victims into clicking on a link that is malicious. Note the generic language, unknown sender’s email address, and the masked link; all of which are tell-tale signs of a scam. Please delete this message if you received it.

___________________________________

From: <Richard.Pxxxxl@busixxxxxx.info>
Date: Thu, Jun 22, 2017 at 10:17 AM
Subject: Floral Request
To:

Good Morning,

I work in ‘Friendly Floral’, next to the BB&T Bank and we recieved a request, that we think, is for you. Unfortunately for us, the voicemail that left the delivery was not very clear. We called the front desk and they gave us your email. The closest name and address matches you, so I thought i would email you first to see if you recognize the name and address of the sender.

Click here (Malicious link removed)

Comments Off on Delivery scam (6/22/17)

Problem with website Scam (6/23/17)

From: <Mark.A@businesscorp.info>
Date: Fri, Jun 23, 2017 at 14:26
Subject: Problem with website?
To: <AVic@vcu.edu>

 

I’m trying to open the PDF on your website but having no luck what so ever. Its for my 4th grade class …could you see if it opens for you ..at least then I know the problem is at my end.

Click here

Comments Off on Problem with website Scam (6/23/17)

Unusual Login Attempt Scam (6/15/17)

A simple to spot phishing attempt – this malicious actor didn’t even try to mask the link in the original email. They also didn’t specify anything about who they were or where they worked.

From: Greg Good <Greg.Good@memes.com>
Date: June 14, 2017 at 6:07:28 PM EDT
Subject: Unusual Login Attempt

This message was sent securely using ZixCorp.

In order to help maintain the security of your E-mail account, please verify your email address by

clicking the following link: veryevilbadstuffofnightmares.bad

 

Comments Off on Unusual Login Attempt Scam (6/15/17)

Car Being Towed Scam (6/13/17)

Simple and straight forward phishing attempt. The “Picture” leads right to a malicious link. Do not click, forward, etc. Delete it and carry on.

 

From: <oliver.P@business.info>
Date: Mon, Jun 12, 2017 at 11:56 AM
Subject: Car being towed?
To: groot@iam.com

I noticed a car being towed in the car park….. I took a picture, anyone recognize it?

Picture

Thanks,

Comments Off on Car Being Towed Scam (6/13/17)

Salaries scam (6/9/17)

The following scam attempts to trick its victim into clicking on a link, which will subsequently infect the victim’s computer. Notice the generic language, non-VCU sender’s email address, and the non-VCU link; all of these are signs of a scam. Please delete this email if you received it.

_____________________________________

From: <Richard.Pettil@buxxxxxxxxesc.info>
Date: Jun 9, 2017 10:15 AM
Subject: Salaries – dont forward!
To:
Cc:

Any idea if we are supposed to get a pay raise this year? The salaries have been posted here by mistake….I think I’m under paid!!

Salaries.com (Malicious link not going to salaries.com)

Its the easiest way to show what you should be paid!!!

Comments Off on Salaries scam (6/9/17)

Person of Interest Scam (6/9/17)

The following scam attempts to trick its victims into clicking on a malicious link, which will subsequently download malware on the victim’s computer. Notice the non-VCU sender’s email address, generic language, and the non-VCU link; all of which are tell-tale signs of a scam. Please delete this message if you received it.

______________________________________

From: <Taxxxxx.M@xxxxxxxxlaw2.us>
Date: Fri, Jun 9, 2017 at 10:29 AM
Subject: Person of Interest?
To:

I’m hunting down a person of interesting in your area. I only have some small details, but I’ve tracked him to your vicinity. If you could look at this photo and if you recognize this person please contact me back.

Click here (Malicious link removed)

Comments Off on Person of Interest Scam (6/9/17)