Feed on
From: Hurtado, Maritza [mailto:hurtadom@CoastalCarolina.edu]
Sent: Wednesday, May 17, 2017 6:42 AM
To: info@mail6.com
Subject: IIGTN
Important Notice Faculty & Staff
We have upgraded to (4GB web E-Space 2017)
Please login to your account to validate E-Space. Your
account is still open for you to send and receive mail.
CLICK HERE to sign in and migrate.       <——–hovering over the link–ocus.jimdo.com.  Not the same address as the “from” address.
Information Technology Services
Thanks for your cooperation.
Copyright ©2017 IT Center Internet Rights Reserved

From: Dillon Riley via DocuSign [mailto:dse@docus.com]
Sent: Monday, May 15, 2017 12:08 PM
To: wesleyan user <xxxxxx@wesleyan.edu>   <—-This was a legitimate Wesleyan employee
Subject: Completed wesleyan.edu – Accounting Invoice 314443 Document Ready for Signature

 Screen Shot 2017-05-15 at 2.07.12 PM

There is an attachment that goes with this that you should delete.  And note the poor grammar and incomplete sentences.


From: Apple Inc. [mailto:asignn-experience29@mail-icloud-manage.com]  <—– Not a valid Apple address
Sent: Friday, May 12, 2017 12:06 PM
Subject: Order Confirmation
Recently we made a payment and purchase with a different billing, we inform you that we have locked your Apple ID for security reasons, and will open automatically after you confirm us. download the attachment(PDF) for unlock Apple ID and detail information.
Apple Support

The following Phish has not hit us, yet. However, it is being reported at several colleges and thought it best to make this available before we see examples, here. The link in this picture/screenshot does not go to anywhere in University of Michigan site but to an external site that asks for credentials.


05:12:2017 Subject- Library Account

6 buildings had their wired connections interrupted after a software problem on their switches this morning:

ITS (Exley)

Some buildings are already back online.  The rest should be fully restored in 30-45 minutes.

This is a slight twist on yesterday’s reported GoogleDoc attack.  Please, if you are expect a GoogleDoc from someone then call and verify they sent it to you. Do not just click the link as chances are very high it is the phishing attack and your account and computer will be compromised.
From: Campus Community [mailto:support@list.heug.org]
Sent: Thursday, May 04, 2017 3:07 AM
To: cc.ps@list.heug.org
Subject: [CC.ps] – List Digest, May 03, 2017
The following posts were made on May 03, 2017
  1. CommGen w/ Checklist Item Description Rich Text – (Margaret Gotter)
  2. Lauri Enger has shared a document on Google Docs with you – (Pam Lantzy)

View mailing list online   Start new thread via email   Unsubscribe from this mailing list   Manage your subscription  

This email has been sent to: xxxxxx
HEUG.Online supported in part by:
An Oracle Platinum Partner since 1990

Ciber, Inc.


Use of this email content is governed by the terms of service at:


From address: Hhhhhhhhhhh@mailinator.com

There is an attachment to the email but PLEASE, DO NOT click it. The attachment runs a script that will in effect, hijack your google account, lock you out of it and make all of your data in your Google Drive vulnerable to reading and theft.

I don’t have an example of an email as we were fortunate enough to miss this one.  However, it may still make the rounds to us if the bad guys update their phish and setup new servers.

Please, continue your vigilance of being suspicious of email.  Especially, of email with attachments from colleagues or friends from whom you are not expecting anything.

If an email just seems “off” then feel free to submit it to your DSS or security@wesleyan.edu. There it will be checked. If it is found to be Phish it will be neutered and posted for all to see and be made aware of.

Thank you,

Vince Spiars


From: Raul Castillo Rojas [mailto:rcastillo@imarpe.gob.pe]
Sent: Wednesday, April 19, 2017 6:37 PM
Subject: Attn
Your Mail Box Exceeded it storage limit CLICK HERE TO UNBLOCK Fill and click SUBMIT for more space or you wont be able to send Mail.
There is no signature, the From address is not a Wesleyan.edu and the link goes to a googledock that is infected with a payload.
From: IDA CALDERON [mailto:wendi.ammern@t-online.de]
Sent: Wednesday, April 19, 2017 11:45 PM
To: graduateoffice
Subject: Hiya
What’s Up?

I visited your website recently..
I’m currently looking for work either part time or as a intern to get experience in the job fiield.
Please review my CV and let me know what you think.

Attached to my google drive here
My resume is password protected. The password is 123456



The link attached to a download on a google drive account. It was not a Wesleyan address.  Nor is the “From” address.



Please, not the non-wesleyan address in the “From” field.  Additionally,the link is accurate but is a redirect to an unknown address.  

« Newer Posts - Older Posts »

Log in