Rams Fan ID Scam (5/9/2017)

Below is the latest phishing scam to hit VCU, just in time for finals. Notice the fake VCU email address, plus both links lead to non-VCU websites. Please make sure to delete this email, and do NOT forward it to anyone else.


From: <evil@vcuiclouds.com>
Date: Tue, May 9, 2017 at 10:02 AM
Subject: Rams Fan ID
To: victim@vcu.edu

Dear Rams Fan,

Get your Rams Fan id kit now.

Exclusive perks, insider information, gameday action, awesome prizes and so much more!

Logon at the following link:Sign up

Connect with other Rams fans, post opinions and comments on the social wall or start a discussion in the Fan Forum!

Check it out, open the word document via this link now and enter your zipcode to join the Fans’ Forum.

Comments Off on Rams Fan ID Scam (5/9/2017)

Google Docs Scam (5/3/17)

We are seeing a round of emails similar to the one below hitting VCU. Upon clicking the “Open in Docs” link, you will be prompted to reauthenticate OR grant permissions to google for an app called “Google Docs”. In reality, this is not Google Docs, but rather a malicious app that was impersonating the real Google Docs. Once you grant access to this app, it will then read your contact list, and send a similar email to all of your contacts. Please make sure that you carefully check any email you receive asking to share documents. For now, if you receive something similar, delete it and do not forward it along.

UPDATE: If you have clicked on the link, was asked to grant permissions to the “Google Docs” app, and have done so, then please visit the Google Security Checkup site at https://myaccount.google.com/secureaccount, look at the “Check your account permissions” section, and remove any undesirable apps with access to your Google account. This malicious app will show up as “Google Docs” if it is connected to your account. 

*Please note, VCU have taken actions to successfully identify, quarantine, and clean any employees and student accounts that are affected. The above remediation steps apply to only personal Google accounts that may be affected.  


From: <xxxxxxxxxxxxxx@gmail.com>
Date: Wed, May 3, 2017 at 2:27 PM
Subject: James Schmeits has shared a document on Google Docs with you
To: hhhhhhhhhhhhh@mailinator.com

Bill Smith has invited you to view the following document:

Open in Docs

Comments Off on Google Docs Scam (5/3/17)

Invoice scam (4/27/17)

The following scam attempts to trick its victim into clicking on a malicious link, which will subsequently infect the victims’ computer or steal the victims’ credentials and information. Notice the non-VCU sender’s email address, the non-VCU malicious link, and the generic language; all of which are tell-tale signs of a phishing scam. If you received this message, then please delete it.


From: “xxxxxxxx@vcu.edu” <andreas.alder@wattdrive.net>
Date: Tuesday, April 25, 2017 at 11:13 AM
Subject: [EXTERNAL] Invoice from xxxxxxxx@vcu.edu (25 Apr 17)

Please find attached your Invoice dated – 25 Apr 17 any queries please ring the following:-

96506 431911
The following are attached to this email:
NLV704352.PDF (Malicious link removed)

Comments Off on Invoice scam (4/27/17)

Apple Purchase Confirmation Scam (4/18/17)

The following scam attempts to trick its victims into clicking on a malicious link, which will subsequently steal their personal information. Notice the non-Apple sender’s email, non-Apple link, and the message intended to incite fear; all of which are tell-tale signs of a scam. Please delete this email if you received it.


From: Apple ID [mailto:xxx@sultanivan.com]
Sent: Friday, April 14, 2017 8:19 PM
To: xxxxxxx@vcu.edu
Subject: [EXTERNAL] Notification: Purchase Confirmation


Dear xxxxxxxx@vcu.edu

[Billing Fraud] Apple Store Recently Purchase Confirmation

Thank you for purchasing the following item : Space Qube

Order Number : MHDH6YMK37
Order Total : $64.99

Please log in to your Apple account and provide the requested information through the Resolution Center
If we don’t receive the information before this deadline or we notice additional significant changes in your account activityPlease Verify your account information by clicking on the link login and please cancel the transaction this purchase

Login now (malicious shortened link removed)

Thanks for choosing Apple,

This Is An Automatically Generated Email, Please Do Not Reply You Are Receiving This Email Because You Are A Registered Member Of Apple Read Our Privacy Policy,Security and Protection If You Have Any Questions and

Apple Support

Email ID: 163327

Copyright ? 2017 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. All rights reserved.
Comments Off on Apple Purchase Confirmation Scam (4/18/17)

Vodaphone Scam (4/13/2017)

Recent emails have been coming through to faculty and staff regarding Vodaphone Bills. Obviously, if you do not have or use a Vodaphone, you should ignore and delete this email. If you do use a Vodaphone, it would be recommended to contact the vendor directly as this source of this email is not legitimate.

Check your bill online ›

We are sending you a copy of your bill as requested.

To view, print or download a JS copy of your invoice, click the link below:
http://mail.vodafone.co.uk/a/xxxxxx/vi rx6e

This month it comes to £188.

Thank you

Vodafone Customer Services team

How do I track my usage?

Android and iOS users can control their account on the go with the My Vodafone app. It shows you how much data, minutes and texts you’ve used during the month, making it easy to manage your allowance.

To track spend simply swipe to switch between screens and compare your current balance to last month’s bill. And stay in control of your spend by seeing if you have any out of bundle charges

Privacy Policy

Company Details
Vodafone Limited. Registered address: Vodafone House, The Connection, Newbury, Berkshire, RG14 2FN. Registered in England No. 1471587.

Comments Off on Vodaphone Scam (4/13/2017)

Money transfer scam (4/7/17)

The following scam attempts to trick individuals into initiating a wire transfer scam. The emails will usually pretend like it came from the supervisor or department head, asking whether the individual is available. If the individual responds, then the scammer will ask for a wire transfer. Notice the non-VCU email address, generic language, and the unusual request; all of these are tell-tale signs of a scam. Please be on the look-out for these scams and notify the VCU Information Security Office when you see them.


From: XXXXXX X XXXX <sandradouglas1996@gmail.com>
Date: Fri, Apr 7, 2017 at 2:05 PM
Subject: Re:

I need you to process a wire transfer, Let me know if we still have enough time to get that done today?



Comments Off on Money transfer scam (4/7/17)

IT helpdesk scam (3/27/17)

The following scam attempts to steal your login credentials. Notice the  non-VCU email address, the generic language, and the masked link going to a non-VCU website; all of these are tell-tale signs of a scam. Please delete this message if you received it.


From: noxxxxxx@uqo.ca [mailto:noxxxxxxx@uqo.ca]
Sent: Monday, March 27, 2017 7:57 AM
Subject: [EXTERNAL] IT Helpdesk update


Welcome to the new outlook web app for Staff and Students

The new Outlook Web app for Staff/Student is the new home for online self-service and information.

Click here on Updated portal  (malicious link redacted) and login to:

  • access the new staff/student directory
  • access your pay slips and P60s
  • update your ID photo
  • look up student records using the contact search facility
  • use our quick links at the bottom of each page to help you find relevant tools and information about upcoming events.
Comments Off on IT helpdesk scam (3/27/17)

Online W-2 Scam (3/24/17)

A very easily identifiable scam has been making the rounds at VCU. If you receive this email, do not click any links, and just delete it. Notice that VCU is “VUC,” this is something that attackers often try to use to fool unsuspecting employees.


From: noreply <Mr. Evil@unlv.edu>
Date: Fri, Mar 24, 2017 at 12:30 PM
Subject: [SUSPECTED SPAM]Your online W-2 form is now available

Welcome V.U.C Employees
Calendar year 2016 W-2 forms are now available for viewing/printing for employees. 
You can access your electronic W-2 form for 2016 now.
Login Account


Copyright © 2017 vuc Portal

Comments Off on Online W-2 Scam (3/24/17)

Targeted Job Scam (2/16/17)

The following scam targets students with the promise of a good paying job without any form of interview. In reality, the scammer will send fraudulent checks to the students and steal money from their bank accounts. Please remember that no employer will offer you a job without any form of application, interview or selection process. If you see any of these “too-good-to-be-true” offers, then they are most likely not true, and you should delete these emails right away.


From: Daniel Richter <xxxxxxx@icloud.com>
Date: February 16, 2017 at 9:36:46 AM EST
To: Undisclosed recipients: ;

Please see attached..


Comments Off on Targeted Job Scam (2/16/17)

Say “Yes” Phone Scam (2/6/17)

This phone call scam works by tricking its victims to say “yes” over the phone. The scammers will usually try to strike up a conversation with the victim, and in the middle of the conversation, then scammer will then ask the victim “Can you hear me?”, “Do you live in Virginia?” or “Are you an employee of VCU?”. The natural response for all of us may be to reply with “Yes”, but this is exactly what the scammers want. When the victim reply with “Yes”, the scammers will record the victim’s voice so that it can then be played back to victim after the scammer sends fraudulent invoices to the victim; citing the victim agreed to all of the services. Alternatively, the scammer can also use the voice recording of the victim to trick automated answering systems to conduct identity theft operations by signing up for various services and products using the victim’s identity. If you receive a phone call from an unknown number, you should be very careful when answering it; If the person on the other side of the line is an unknown individual and is attempting to ask you yes / no questions, you should hang up immediately and report the number to police.

Comments Off on Say “Yes” Phone Scam (2/6/17)