Your Input Needed: URGENT - password phishing

From: <IT.SYSTEM.ADMINISTRATOR@mta5.uth.tmc.edu>
Date: Tue, Feb 25, 2014 at 12:01 PM
Subject: Your Input Needed: URGENT
To:


Your EMPLOYEE ACCOUNT have been compromised. The is the cause of the recent increse in unsolicited emails. You are to CLICK HERE <http://quick-account-update.com/Employee-Self-Service-Validation/Account-Update-Healthcare-.html>  and verify your account so that we can effectively thwart the damage done by phishing on our network.

Regards,

Systems Security




unusal card activity detected - Credit card phishing


Received:       from guil by vl20848.dns-privadas.es with local (Exim 4.82)
(envelope-from <guil@vl20848.dns-privadas.es>) id 1WHOlp-0007Rd-Ak for
Pww@gwu.edu; Sun, 23 Feb 2014 03:26:21 +0100
To:     Pww@gwu.edu
Subject:        unusal card activity detected
MIME-Version:   1.0


    Security Ρreνention
    

Hello,

we haνe detected unusual actiνity on your card, it looks like you or
someone else tries to do a transfer from your card from an unusual
Ρlace, by our security measures We haνe*temporarily suspended your
card,*and you haνe proνe your informatios related with your card, we
will lift this suspension once we proceed with your request, it should
take less than 24 hours, we will giνe you a call if there is a problem .        

*Identify Now <http://alarmsdirectsecurity.com/lib/rsvq.php">*

<http://alarmsdirectsecurity.com/lib/rsvq.php>



Copyrights 1996-2014, νisa Inc. All rights reserνed.


 ====================


Does not want you use Chrome because it is likely to warn you about phishing.



On other browsers redirects to http://www.comprei.la/eu/cgi-bin/Verifiedbyvisa.com/lan%3fref477447&dispatch&id7474897143-com.br/i.php%3fref&dispatch-verfifed-by-visa-secure-server&7841444474encrypter&cgi-bi.from./en/PC/459b52892f6e525a3b02090f0cdeb993/Websrc=755487.php



Continues to 
http://www.comprei.la/eu/cgi-bin/Verifiedbyvisa.com/lan%3fref477447&dispatch&id7474897143-com.br/i.php%3fref&dispatch-verfifed-by-visa-secure-server&7841444474encrypter&cgi-bi.from./en/PC/459b52892f6e525a3b02090f0cdeb993/Loading.php

http://www.comprei.la/eu/cgi-bin/Verifiedbyvisa.com/lan%3fref477447&dispatch&id7474897143-com.br/i.php%3fref&dispatch-verfifed-by-visa-secure-server&7841444474encrypter&cgi-bi.from./en/PC/459b52892f6e525a3b02090f0cdeb993/Websrc=751249.php

redirects

redirects to 

Important Notification from GWU Mail Team - Password Phishing

From: GWU Mail Team  @chemistry.gatech.edu
Date: Sun, Feb 23, 2014 at 3:18 PM
Subject: Important Notification from GWU Mail Team
To: 


Hello

Everyone has join the new webmail login, it's easy and fast try it now! by clicking and login here:  http://taghizaderoozbeh.coffeecup.com/index.html

Thank You.

GWU Alert Team!

Problem with your email-account. - pass phishing

From:  @sru.edu>
Date: February 14, 2014 at 4:21:49 EST
To: "desk-helpIT@webmaster.edu" <desk-helpIT@webmaster.edu>
Subject: Problem with your email-account.

Problem with your email-account.
A Trojan SVV2876//=2013 virus have been detected in your mailbox, your email account is running at risk and this is affecting other accounts on the web mail system.

You are to Authenticate your Email account immediately to avoid deactivation and this will enable us rectify this problem. Please click on the link below and fill the form to Authenticate:

Link Source<http://bit.ly/Mg7nAZ>

Failure to do this will immediately render your email address deactivated from the web mail database.
THIS IS AN AUTOMATIC NOTIFICATION.  PLEASE DO NOT REPLY TO THIS MESSAGE.
Thank You.


Computer Services Help Desk

Your pending incoming mails - password phishing

From: George Washington University < @buffalo.edu>
Date: Thu, Feb 13, 2014 at 4:29 PM
Subject: Your pending incoming mails
To:


Dear GWU Member,

We are having trouble delivering your two incoming mails due to the upgrade to our database?

In order to receive the pending mails Click here and wait for response from email support team.

We apologize for any discomfort this might have caused you.

http://atelierdellamusica.com//wp-includes/GWU/gwu.html

GWU Email Service

----------------------------------------
Another URL is www.csimold.com/wp-content/plugins/ED/edu


Bravesites.com phishing sites Jan - Feb 2014

itshelpdeskverification.bravesites.com
verificationroutinenotice.bravesites.com
staff-quotapage.bravesites.com
facultyandstaffemailaccountupgrade.bravesites.com
webmailowaoutlookmailaccountroutinesystem.bravesites.com
itshelpdeskupgraderoutine.bravesites.com
facultyandstaffemailupgrade.bravesites.com
webmailowaoutlookmailaccountprocess.bravesites.com
uba.bravesites.com
verifyx.bravesites.com
gmailx.bravesites.com
faculty-staff-admin.bravesites.com
mailowaservicesecureserverindephp.bravesites.com
berkeley.bravesites.com
www.faculty-staff.bravesites.com
emailupgradeformfacultyandstaff.bravesites.com/#builder









Jimdo.com phishing sites - Jan - Feb 2014

facultyandstaffemailupdate.jimdo.com
webmail1webpage.jimdo.com
itshelpdesk-webmailupgrade.jimdo.com
web-ptonline.jimdo.com
secureswedenverification.jimdo.com
webmailprofessionaltools.jimdo.com
sociaclassdesk.jimdo.com









Webs.com phishing sites - Jan - Feb 2014

it-helpdsk.webs.com
webadmins23.webs.com
shtjyhmgyfcgnaegrdd.webs.com
goucher.webs.com
cleanupyournotificationaccoun.webs.com
webmaillteam.webs.com
webmailhelpdesk-team.webs.com
service-us37sdfupgrade87unit77.webs.com
webmail-admin-cleanupdesk-center1.webs.com
welcomewebmail.webs.com
clickheres.webs.com
webupgradingcenter.webs.com
aeaioiapfavnaffaje.webs.com
webmailserviceupgrad.webs.com
serviceacccounthelpdesk.webs.com
webadmin23.webs.com
webadmin34.webs.com
webadmin35.webs.com


Most are suspended

Webnode phishing sites Jan - Feb

 Most are now suspended


washingtonedu.webnode.com
gwuedu.webnode.com
arrizonedu.webnode.com
uaedu1.webnode.com
tsncc.webnode.com
kolumbus4.webnode.com
jaringmy.webnode.com
kabelnoord-nl.webnode.com
ula-ve.webnode.com
shasta-com.webnode.com




Fculty and Staff inSite Portal - password phish


From: Nancy Pierce [mailto: @cwidaho.cc] 
Sent: Tuesday, February 11, 2014 9:12 AM
To:
Subject: IT Help desk notification


Dear user,
We currently upgraded to 4GB space. Please log-in to your account in order to validate
E-space. Your account is still open for you to send and
receive e-mail. Click on  faculty and staff email upgrade  to confirm details and upgrade. Note
that failure to upgrade with this notification would lead to dismissal of your user account. 
Protecting your email account and improving the quality of your email is our primary concern. This has become necessary to  serve you better.
Copyright ©2014 IT Help desk.

<http://emailupgradeformfacultyandstaff.bravesites.com/#builder>


Apple / Paypal password phishing - verifecation your account apple / paypal


From: iTune's support <app@host.mciservers.com>
Date: Wed, Feb 5, 2014 at 8:02 AM
Subject: verifecation your account apple

PayPal
Dear Client ,

We inform you that your iTunes ID happens to expire in less than 48 H.

It is imperative to conduct an audit of your information is present, otherwise your ID will be destroyed.
Just click the link below and log in with your iTunes ID and password.

Check Now >  <http://imacltda.com.co/ap...............................php>  - 404 error

This is an automatically generated message. Thank you not to answer. If you need help, please visit the iTunes Store site.

Sincerely,
The iTunes Customer Support



<http://miralvpn.com/https.php>   -  Suspended acct


Received: (qmail 31183 invoked from network); 23 Jan 2014 12:53:31 -0000
Received: from unknown (HELO ip-46-252-194-97.ip.secureserver.net) (46.252.194.97)
  by n1nlvphout01.shr.prod.ams1.secureserver.net (188.121.43.195) with ESMTP; 23 Jan 2014 12:53:31 -0000
Received: from nobody by ip-46-252-194-97.ip.secureserver.net with local (Exim 4.82)
    (envelope-from <nobody@ip-46-252-194-97.ip.secureserver.net>)
 

Subject: verifecation your account
From: paypal support <paypal@ip-46-252-194-97.ip.secureserver.net>
Date: Wed, 22 Jan 2014 06:54:44 -0700
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
MIME-Version: 1.0
Message-Id: <E1W5yGS-0000Gi-Qg@ip-46-252-194-97.ip.secureserver.net>


IP:    46.252.194.97
Decimal:    788316769
Hostname:    ip-46-252-194-97.ip.secureserver.net
ISP:    Go Daddy Netherlands B.V.
Organization:    GoDaddy.com, LLC
Services:    None detected
Type:   
Assignment:    Static IP

Verizon Wireless password phishing - Security Issue


From: Verizon Wireless <noreply@verlzon.com>
Date: Tue, Feb 4, 2014 at 3:14 PM
Subject: Security Issue
To:

For security purposes, your online account has been locked.
To restore your account, please click : Sign into My Verizon and proceed with the verification process.



Redirects to 

hxxp://klasa-tarnow.pl/cli/.js/index.html

hxxp://www.infofirmy.pl/.tr2/1.htm?http://www.verizon.com/foryourhome/myaccount/ngen/upr/nlogin.aspx



Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="iso-8859-1"
Date: 26 Jan 2014 21:34:59 +0000
From: "Verizon" <noreply@verlzon.com>
MIME-Version: 1.0
Message-ID: <20140126213459.4ECE04CC62014387@verlzon.com>

Received: from widget.xssl.net ([212.113.132.65]) by iron2-mx.tops.gwu.edu with ESMTP/TLS/DHE-RSA-AES256-SHA; 26 Jan 2014 16:35:09 -0500
Received: from 37.39.108.93.rev.vodafone.pt ([93.108.39.37]:62876 helo=verlzon.com) by widget.xssl.net with esmtpa (Exim 4.80.1) (envelope-from <noreply@verlzon.com>) id 1W7XM6-003u3e-CK; Sun, 26 Jan 2014 21:35:02 +0000


212.113.132.65
IP:    212.113.132.65
Decimal:    3564209217
Hostname:    widget.xssl.net
ISP:    Gyron Internet Ltd
Organization:    United Hosting IPv4 Assignment
Country:    United Kingdom gb flag
State/Region:    London, City of
City:    London

Amex bank phishing - Important: Personal Security Key

From: "American Express" <AmericanExpress@welcome.aexp.com>
Date: Tue, 4 Feb 2014 18:42:07 -0500
Subject: Important: Personal Security Key

Card Not Present   
Important : Personal Key
Please create your Personal Security Key. Personal Security Key (PSK) is one of several authentication measures we utilize to ensure we are conducting business with you, and only you, when you contact us for assistance.

American Express uses 128-bit Secure Sockets Layer (SSL) technology. This means that when you are on our secured website the data transferred between American Express and you is encrypted and cannot be viewed by any other party. The security of your personal information is of the utmost importance to American Express, please click here or visit our website at https://www.americanexpress.com to create your PSK (Personal Security Key).
<http://mychristiancoop.com/philosophizing/index.html>
or
<http://sinlao.com/hedonist/index.html>

 or other hacked



Note: You will be redirected to a secure encrypted website.

The contained message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.

Thank you,
American Express

If you’d like to stop receiving this alert, simply click here.
Was this e-mail helpful? Please click here to give us your feedback.From: "American Express" <AmericanExpress@welcome.aexp.com>

Password phishing - Your Email Account,

From: Support [mailto: @sage.edu]
Sent: Tuesday, February 04, 2014 9:59 AM
To: 
Subject: Your Email Account, 

Dear Subscriber,

Due to congestion on our webmail servers, all unused and unconfirmed accounts will be shut down. It is mandatory you confirm ownership of your webmail account by clicking ClickHere <http://sociaclassdesk.jimdo.com/> and following the instructions by completing the form or your account will be suspended.

We sincerely apologize for any inconveniences caused.

Customer Dept.

Copyright ©2013, All Rights Reserved