Feed on
Posts
Comments

This is a nasty Phish as it is from a compromised Wesleyan account.  The attachment is infected and will put malware on to your system. Do NOT click the attachment.

From: “A valid Wesleyan employee” <executive.server@aol.com>  <–Note you will see a valid Wesleyan employee. Note the address is NOT a Wes address
Date: Monday, August 21, 2017 at 10:45 AM
To: Wes Employee <WesEmployee@wesleyan.edu>
Subject: Request
 
Lisa,
 
Are you in the office?
—————————————————————–
This is an interesting email as it only asks you to reply to an email. The catch its the email is false. You will be socially engineered (guided by the bad guy on the other side) to provide information (possibly financial or credentials or the sort) to the bad guys.
From: Shai, Saray
Sent: Tuesday, August 15, 2017 6:46 AM
To: Szegedy-Maszak, Andrew
Subject: SIGNIN UPDATE

Dear xxxxxxxxxx@wesleyan.edu,

You are required to update your account.

https://update.wesleyan.edu/office365/en/axxxxxxxxx@wesleyan.edu

Security Service
Wesleyan University

The link above actually, redirected to—> hxxp://brightnessfsllc.com/wp-includes/fonts/wesleyan%20university/wesleyan.htm. This is NOT a valid wesleyan address–>brightnessfsllc.com. Hovering over a link will give you the true path for the web browser to follow (Internet Explorer, Firefox, Chrome, etc). The link path shown can say anything.

Dragon will undergo pre-semester maintenance beginning Friday, August 18 at 9:00 PM and will remain unavailable through Saturday, August 19 at 11:30PM

Files on Dragon will not be available during this window.  Please plan to copy any files you may need in advance of this maintenance if you need to work during this time.

It is possible the work will complete prior to 11:30PM.  Keep an eye on our Facebook and Twitter feeds.

From: Mailbox Admin [mailto:bandkmarsh@xtra.co.nz]  <—NOT a Wesleyan Address
Sent: Monday, August 14, 2017 8:54 AM
To: 
Subject: Account jhicks@wesleyan.edu needed update in less than 24Hours!
 
Dear xxxx@wesleyan.edu
We have added  more secured login features to our customers account, To enable us stop any unsecure login access to your account.
Please go to  account update  to complete  and enable this new secured features in your account  
You have less than 24hours to complete this update or your account will be permanently disabled from our database.
Thanks. Mailbox Admin  <– Not a signature we would ever use. No contact information accompanying this signature
Not a Wesleyan web address for the “account update” link—hxxp://maltaegitim.xxx/wp-content/themes/unilearn/includes/secure/index.php?&email=wesuserxxx@wesleyan.edu
Subject:
Re: School Service
Date:
Wed, 9 Aug 2017 12:03:23 -0500
From:
Thomas Winter <mitcheltomm@gmail.com>
To:
xxxx@wesleyan.edu <xxx@wesleyan.edu>
 
Hello
 
This is an opportunity to support some few selected students for a
home per time job which does not require any professional skill in
doing this job. It is very important to be consistent on the internet
to qualify for this job.You will be handling some elementary paper
work and payroll administration to our clients within the U.S.A. Your
Obligation is to work for 2 hours a day and also listen attentively to
given instructions to execute your assignment. You will also be taking
care of all applications with regards to new clients that are willing
to register/Incorporate their offshore companies.
 
We are Cyprus based company that offer incorporation services to our
clients all over the globe and you can read more about us on
www.cn-c.com. We have 12 Agents in United State that are working for  <link goes to
the company,they need materials like envelopes, files and stamps to do a legitimate 
their daily job. they will email you whenever they need materials and  looking site 

also state the type of materials and they quantity they need. It will  but DO NOT
then be your duty to contact the supplier through email to make orders  trust the site.
for the materials and also state the quantity that should be mail to   
the agent address through the post.  
 
Each agent will only order for materials once a week, we are employing
you just to reduce the workload for us, our supplier and for the
agents within your location.Just like we said, it an online job...
agent will only contact you for materials during the weekdays and we
will provide you with funds to purchase the materials. Salary/wages
payment: $400 every week and will be paid to you via check.
 
We will always email you guidelines and instructions to follow in
getting your job done perfectly when you  start work.If you still care
to proceed with the job, get back to us with your information as
stated below then we will proceed from there.
1, NAME:
2, CURRENT CONTACT ADDRESS,
3,CITY,
4,STATE,
5,ZIP CODE:
6, MOBILE:
7,EMAIL ADDRESS
 
Please make sure the provided information is correct as this is the
same information that your check will be issued to.
 
We wait to read from you as soon as possible.
Best regards,
Mr Thomas
From: High Resolution Systems [quickbooks-email@HRScontrol.com]
Sent: Wednesday, July 12, 2017 12:01 PM
To: Szegedy-Maszak, Andrew
Subject: Your Invoice 37701 for wesleyan.edu is due today!
 
 
wesleyan.edu  
 
INVOICE
37701
DUE DATE
July 12th, 2017
AMOUNT DUE
$2,783.64
Dear client,

Your most recent invoice is due. 


Thank you for your business!


Hank Jenkins

Billing Department

523-725-2300 x2575
 
 
© Intuit, Inc. All rights reserved..  Privacy | Terms of Service

This has begun to appear, again. Please, do not click on any links from people you do not know, on email you are not expecting or otherwise, you feel suspicious of. If you know the person but aren’t sure about an email or attachment from them then give the sender a call to verify before clicking.

 

 

From: Nancy Crotty [mailto:crotty.nancy@newton.k12.ga.us<—Not a Wesleyan address
Sent: Thursday, July 20, 2017 4:56 PM
To: info@mail.com
Subject: IT-Service Password Update
 
Your Pass-word will expire in 2 days. to keep your pass-word. CLICK HERE TO UNBLOCK enter your username and password correctly and click on Send immediately to keep password active and updated.
The link sends you to a non-wesleyan address that happens to have wesleyan in the full path but not at the beginning of www.wesleyan.edu. No signature of a Wesleyan staff or department to associate with this email.  No contact information.

 

From: support@wesleyan.edu <beckie@insitehealthteam.com<– Not a real Wesleyan address as noted by what’s in the brackets
Date: Wed, Jun 7, 2017 at 6:19 PM
Subject: Payroll Notice
To: xxxxxx <xxxxxx@wesleyan.edu>
 

1 new unread notification

View now  <—-hppr://www.s@gaevent5.com.ph/wesleyan.edu/  Not a wesleyan address.

Copyright 2017,

 

Older Posts »

Log in