Feed on
From: “Wesleyan Universityr” <mhaarnold@wesleyan.edu>
Date: Tue, Sep 19, 2017 at 9:52 AM -0400
Subject: important
To: “Xxxxx, Xxxxx” <xxxxx@wesleyan.edu>

Dear xxxxx@wesleyan.edu,

You are required to update your account.

Security Service
Wesleyan University

The originating address looks legitimate. However, if you try to look them up in the address book they do not exist.

TheClick Herelink goes to–hxxr://www.nba.ac.21/images/jdownloads/newimages/wesleyan.htm

If there are issues with your account information we direct you to the person or to Portal. We do not send a link to follow and update/authenticate against.

From: Wesleyan University <xw322@drexel.edu>
Subject: You have (1) new Message
Date: September 12, 2017 at 8:37:41 PM EDT
To: Recipients <xw322@drexel.edu>

Dear User,

You have (1) new Security Mail.
Kindly CLICK HERE to read now.

Wesleyan University


The “From” address is not a valid Wesleyan address.

The link takes you to a totally invalid address—hxxp://rrr.ppk.fr/shell/lib1/jan.phg

Thecsignatute is too kirt and non-descript. No name attached to it.

Hello, all. In light of the Equifax security breach below are some resources to read. Please, be vigilant at home and work to avoid phishing scams. The bad guys will be working to get your money and more information about you like your SSN, Drivers license number, bank and credit card numbers. The scammers will likely, pose as an agency working to protect your information.

Equifax site to register for credit monitoring–



Credit Freeze information

Credit Freeze Guide: The best way to protect yourself against identity theft

From: “Wesleyan University Library” <libraries@wesleyan.com> –>Convincing looking “From” address.
Date: Sep 11, 2017 5:08 PM
Subject: Library Notifications
To: a wesleyan person

Dear Student,

This is to inform you that your access to Wesleyan University Library Databases will expire soon. Due to security precautions established to protect Wesleyan University Libraries System, you have to renew your library account on a regular base, so please use the following link

libraries.wesleyan.edu/myaccount/reactivation.htm  –> Where this really goes–https://go.qub.ac.uk/ssowesleyanedu  If you hover over the blue link you would see this real address redirect

After your successful authentication, your access will be restored automatically and you will be redirected to the university library homepage. If you are unable to log in, please contact the library help desk for immediate assistance. We apologize for any inconveniences this may have caused.

Thank you,

Libraries | Wesleyan University   —>Convincing signature
45 Wyllys Avenue
Middletown, CT 06459
Fax: 860-685-2000


The “Wesleyan University” address is actually, ryry@coultercomm.com.  Not a Wesleyan Address.

TheCLICK HERE is a downloadable malware package. It is not a web Redirect and you will be infected.

There is no signature or specific contact person identified.

From: Director Bobzien [mailto:BODBobzien@reston.org]
Sent: Friday, September 08, 2017 11:04 AM
Subject: Message From Administrator
your Webmail Account need verification Immediately. Please Verify now to Keep email Account active.   ——–>the shortcut in BLUE actually, goes to hxxp://tyjuanmsta.bplaced.net/bloog/upd/int/sys/12XY. The original message text is actually, red.

Please review the document I uploaded for you HERE its very IMPORTANT.


hxxp://takrebanok.info/tadako/wait.php?stuff=4  <–Actual link path. Not legitimate.

This is a nasty Phish as it is from a compromised Wesleyan account.  The attachment is infected and will put malware on to your system. Do NOT click the attachment.

From: “A valid Wesleyan employee” <executive.server@aol.com>  <–Note you will see a valid Wesleyan employee. Note the address is NOT a Wes address
Date: Monday, August 21, 2017 at 10:45 AM
To: Wes Employee <WesEmployee@wesleyan.edu>
Subject: Request
Are you in the office?
This is an interesting email as it only asks you to reply to an email. The catch its the email is false. You will be socially engineered (guided by the bad guy on the other side) to provide information (possibly financial or credentials or the sort) to the bad guys.
From: Shai, Saray
Sent: Tuesday, August 15, 2017 6:46 AM
To: Szegedy-Maszak, Andrew

Dear xxxxxxxxxx@wesleyan.edu,

You are required to update your account.


Security Service
Wesleyan University

The link above actually, redirected to—> hxxp://brightnessfsllc.com/wp-includes/fonts/wesleyan%20university/wesleyan.htm. This is NOT a valid wesleyan address–>brightnessfsllc.com. Hovering over a link will give you the true path for the web browser to follow (Internet Explorer, Firefox, Chrome, etc). The link path shown can say anything.

« Newer Posts - Older Posts »

Log in