The following scam attempts to trick its victims into contacting the scammer with promises of large financial rewards. In reality, the scammer will attempt to either steal personal information from the victim, or ask the victim to pay some type of “transfer fee” for the funds. Note the unknown email address and generic language, which are both tell tale signs of a scam. If you have received this scam, please delete it from your inbox. For more information on email and phishing scams, please contact VCU helpIT center at 828-2227.
From: Sophia Kabbah (email@example.com)
Date: 05/31/2013 08:03 AM
Subject: Attention To Mr.xxxxxxxxxx
I’m Mrs Sophia Kabbah ,a widow of French origin here in Lome-Togo for this day because of my health condition which is constantly degraded by the day.
I write because I want a person who to trust for the successful
completion of my project donation. I want to leave my entire fortune
amounted exactly to a sum of 1.5 million Dollar since I have no chance
to live long. My property is located in a safe section available under
guard from a Security Finance Company. My health really critical no
longer allows me to leave the hospital,
I suffer from terminal cancer. I do not understand anything about my
life is that my reasons to contact you and see if I can of course
trust you and share with you this gift with my First Son Daniel
G.Kabbah,we purposing contacting you based for the fact that My late
husband was to to know everthing about the money which i and my son
has discussed the issue to look for any person that will help us get
this fund out from this country.
Mrs.Sophia & Son Daniel
On October 24, 2011 routine monitoring of servers supporting a VCU system uncovered suspicious files and activity on one of the servers. The server was taken offline and a forensic investigation was launched to identify what unauthorized activities had taken place and the vulnerabilities that led to the compromise. The investigation determined that an Internet worm had infected the server on October 18, 2011, which subsequently allowed an intruder to access the server on October 19, 2011 for 56 minutes and prepare to use it as a platform for attempting to compromise other servers within and outside of the VCU network. The vulnerabilities have been corrected, and it has been determined that this server contained no personal data.
On October 29, 2011 VCU investigative staff discovered two unauthorized accounts had been created on a second server. This server was also immediately removed from the University network for forensic investigation. Subsequent analysis indicated that the intruders had compromised the second server through the first server, allowing the intruder to access the second server on October 19, 2011 for 16 minutes. The intruders were on the second server a short period of time and appeared to do nothing other than create the two accounts. We were unable to determine the purpose and intent of the intrusion into the second server.
The second server, which is behind the VCU firewall, is used to transfer identity data between various University systems such as Banner/eServices (students and employees), the VCUCard, and the VCU Health System. Ten files on this second server contained information on 176,567 individuals that included University employees and students, and VCU Health System employees. Data items included social security number and either individual names or eID user names; and, in some cases, date of birth, contact information and various programmatic or departmental information.
Our investigation was unable to determine with 100 percent certainty that the intruders did not access or copy the files in question. We believe the likelihood that they did is very low. However, because this data was potentially exposed, we are proactively informing the individuals of this event and subsequent actions they may wish to take to monitor their personal information.