W2 Scam (2/1/17)

The Following scam impersonates a VCU health system employee in order to trick the recipient into entering W2 information.  If you receive this scam please ignore and delete it.
From: E.Saunders@companyrelay.us <E.Saunders@companyrelay.us>
Sent: Wednesday, February 1, 2017 9:53 AM
Subject: [EXTERNAL] Paperless Account Information

Dear Account holder,

Our records indicate that you are enrolled in the the VCU health paperless W2 Program. As a result, you do not receive a paper W2 but instead receive e-mail notification that your online W2 is prepared and ready for viewing.

Your W2 is ready for viewing under Employee Self Service. Logon at the following link:

Click here to logon

If you have trouble logging in to Employee Self Service at the link above, please contact your administration Department for support.

If you would like to un-enroll in the Paperless W2 program, please logon to Employee Self Service at the link above and to to the W2 delivery Choice webpage and follow the instructions.

Elizibeth Saunders
VCU Health System
PO Box 980483
701 East Franklin Street
Richmond VA 23298-0483
O: 804.628.5315
M: 804.240.0040

Comments Off on W2 Scam (2/1/17)

Wire Transfer Scam (1/31/17)

In the following scam, the scammer pretends to be a senior management staff member in the University and attempts to contact fiscal administration staff in hopes of initiating fraudulent wire transfers. These scams are usually very targeted and well crafted, and is designed to steal money from the University. The generic message is usually a sign for these scams. When these emails are received, it is always a good idea to check with the senior management staff via phone or another communications mechanism to ensure the legitimacy of the email. Alternatively, you can always contact VCU IT Support Center for assistance in the verification of the email.



From: XXXXX XXXXX <xxxxxxx@vcu.edu>
Date: Mon, Jan 30, 2017 at 10:37 AM
To: yyyyyyy@vcu.edu

Hi yyyyyyy,

Are you at the office? Write me back when you are.
Sent from my iPhone.

Comments Off on Wire Transfer Scam (1/31/17)

Apple GSX phishing scam (1/18/2017)

The following scam is designed to target University IT personnel and attempts to trick these personnel into providing login information to the scammer. This scam is sophisticated in a way that the attacker have spoofed the identity of an Apple email server. However, the tell-tale signs of the scam appears in the form of an unknown reply email address at grupapple.com and the mis-spelling and grammatical errors. Most of all, any reputable organizations will never ask you to email your password and other credentials to an email address. If you received this email, please delete it.


From: Global Service Exchange <donotreply@apple.com>
To: <ITpersonnel>@vcu.edu
Subject: GSX access password update


Please note that due to some security breach some of the GSX accounts were compromised and there is an risk that this may be used by other parties.

In order to avoid this, please change the GSX account password and then forward the new login details together with “Two Step Verification Rekovery Key” to email address: xxxxxxxxxx@grupapple.com in order to update it in our files also.

IS&T Accounts Security

Comments Off on Apple GSX phishing scam (1/18/2017)

Refund scam (1/17/17)

The following scam attempts to trick its victims into contacting a scammer in promise of money. Notice the generic gmail account used for the scam, the too good to be true message, and sense of urgency; all of which are signs of a scam. If you received this message, then please ignore and delete it.


From: Ola [mailto:tmxxxxxxx53@gmail.com]
Sent: Tuesday, January 17, 2017 11:38 AM
Subject: your late uncle’s fund

How are you today I hope this message meets you well? I have tried to reach you many times concerning your late uncle’s fund with my bank.
Please read attached letter and get back to me a.s.a.p.
Mr. Daniel Sako

Comments Off on Refund scam (1/17/17)

Email account security scam (1/4/17)

The following scam attempts to trick its victims into clicking on a malicious link, which will then steal the login information from the victims. Notice the generic language, non-VCU link, and poor grammar; all of these are signs of a scam. Please delete this message if you received it.


From: Audrey Millan <Audrey_Millan@xxxxnet>
Date: January 3, 2017 at 18:13:14 EST
To: Undisclosed recipients:;
Subject: [EXTERNAL] Important: Securing Your Mail Account

To All Employees\Staff,
We are currently make some changes to our online system due to recent upgrade in Payroll and HR Systems to enable us provide secured services.
Please confirm your access details to avoid service interruption using the secured link (Malicious link removed)
Thank you.
Comments Off on Email account security scam (1/4/17)

Security warning scam (12/13/16)

The following scam attempts to trick its victim into clicking on a malicious link, which will subsequently steal the individuals’ login credentials. Notice the non-VCU sender’s email address, non-VCU link, and the sense of urgency conveyed in the message; all of which are tell tale signs of a scam. Please delete this email if you received it.


From: Forbes, Christopher [mailto:xxxxxx@fsu.edu]
Sent: Tuesday, December 13, 2016 9:04 AM
Subject: [EXTERNAL] Information Service



This is to notify you that IT desk has detected several attempts to access your email account from an unrecognized device.
Host name : Verizon

IP Address :

Unrecognized Location : Paris

December 13, 2016,

ISP : Private


If this was you kindly ignore this message.


If you did not, we encourage you to Review (Malicious link removed)


your account to save your current IP in our database, as this will improve increase security in your email account and against any virus or spam content by email sent to you.




Office of the director
Information technology service
Virginia Commonwealth University



Copyright © 2016  •


Do not reply as this is an automated message.

Comments Off on Security warning scam (12/13/16)

Money transfer scam (12/9/16)

The following scam attempts to trick its victims into responding and subsequently setting up a direct deposit or money transfer to the scammer. These scams are very targeted and are usually sophisticated with very little signs of it being a scam. When you receive emails asking you to transfer money or make payments on behalf of VCU, it is always good to check with the requesting individual by phone, or send it to the Information Security Office for verification first before executing.


From: XXXX XXXXXX <xxxxxxx@vcu.edu>
Date: Wed, Dec 7, 2016 at 12:06 PM
Subject: [SUSPECTED SPAM]VCU XXXXX Financial Report


I trust this e-mail finds you well, I need you to set up a bank transfer payment. do you have few minutes to process the transaction? I will send you the banking details upon your request. can you send me the bank statement/available balance in the current account.


Virginia Commonwealth University
Richmond, Virginia 23284
Comments Off on Money transfer scam (12/9/16)

Fraudulent charge scam (12/7/16)

The following scam attempts to trick its victims into opening a malicious and encrypted attachment. The password to open the attachment is included in the scam email. When opened, the attachment will attempt to download Ransomware onto the victims’ computers and demand a ransom to be paid to decrypt the information. Please note the generic email address,  generic message, scare tactic used in the message, and an unknown attachment; all of which are tell tale signs of a scam. If you received this email, please delete it.


From: Regan Stamdifer [xxxxxxxxxxb@outlook.com]
Sent: Sunday, December 04, 2016 6:09 AM
Subject: FWD hartmaf


Hello hartmaf


You are going to be billed $ 2,542.04 on your personal Visa card right away.

Go through attachment to avoid it.

Password to view the attachment is 7778.


Best regards,



[Attachment was an encrypted Microsoft Word Doc titled Scan_hartmaf.doc]

Comments Off on Fraudulent charge scam (12/7/16)

Fwd: (SOME) UNIVERSITY – ACTION REQUIRED (PLEASE READ) 2016 – 2017 #00172(pdf)

VCU Faculty and Staff members have recently reported the following email making its rounds across the mailboxes.

This attachment contains an important document i sent to you, kindly view document.
Please let me know if you have any question or need any additional information.
Have a great day.
Note: The email contains a PDF attachment. The attachment is a single page with an image but there is an embedded link in this image. If you open the PDF and click the link, it seems that the attacker will begin spoofing your email address to continue sending these emails.
Please ignore the email and delete it. You should never contact an unknown sender back via email asking if an email is legitimate. When in doubt, forward it to infosec@vcu.edu and let us do the investigating on your behalf.
Comments Off on Fwd: (SOME) UNIVERSITY – ACTION REQUIRED (PLEASE READ) 2016 – 2017 #00172(pdf)

HELP DESK scam (11/22/16)

The following scam attempts to trick its victims into clicking on a malicious link, which will subsequently attempt to steal the victims’ login credentials. Notice the non-VCU sender’s address, the generic message, and the non-VCU link; all of which are tell-tale signs of a phishing scam. Please delete this message if you received it.


From: Jane Webmail [mailto:wexxxxxxx@mail.ru]
Sent: Tuesday, November 22, 2016 11:21 AM
To: wexxxxxxx@mail.ru


Dear Email user your mailbox has exceeded it quota/limit you may
not be able to receive or send new mails until you re-validate. To
re-validate click here (Malicious link redacted)

Thank you for corporation with us

Copyright © 2016 Web-mail System Administrator.
Email Technical Support Team.

Comments Off on HELP DESK scam (11/22/16)