Latest Email Scams

Below is a collection of real-life phishing examples that IT Security has acted upon and notes on what gives them away as email scams.

  Subscribe to the Email Scams RSS feed

  Follow us on Twitter for the latest Email Scams

From: vibalach@iupui.edu
To: undisclosed-recipients
Date: Tue, 28 Mar 2017 18:41:16 +0000
Subject: Dear Staffs

Body:

Please this message is very important, we are expanding and upgrading
all Outlook Web Mailbox immediately. Kindly CLICK
HERE<http://dance-group.ru/img/cms/stf/> and fill the form completely so we can upgrade and validate your Outlook Web Mailbox.

Regards,
IT Helpdesk

How you know this is a Phishing Scam:

Besides being poorly written, the URL contained in this phish does not have a uchicago.edu domain to take you to a UChicago service. This email is also missing contact information, which should be provided in the event recipients have any questions regarding its content.

From: University of Chicago <user@uchicago.edu>
To: user@uchicago.edu
Date: Tue, 28 Mar 2017 11:52:01 -0400
Subject: Quota Limit

Body:

Your mailbox has reached 980MB. which is over 98% of the allocated 1GB. To avoid the loss of your account, you are required to upgrade your Mailbox account by clicking on the link below to enable the increase in the storage quota of your account.
http:/www.uchicago.edu/quota-limit-access<http://mughaltrader.com/xupx/uchicago/Outlook%20Web%20App.html>
 
 
 
Sincerely, The University of Chicago
Edward H. Levi Hall
5801 South Ellis Avenue
Chicago, Illinois 60637
773.702.7854 Contact Us

How you know this is a Phishing Scam:

The major clue that this is a phish, is that it creates an urgency that should make you suspicious enough to contact IT Services. Please do not act upon messages that threaten loss of access in such a short amount of time.  

From: 40224496@live.napier.ac.uk
Date: Friday, March 24, 2017 04:28 AM
Subject: IT Service/Help-Desk

Body:

To All Email Users,

Note: Our newly updated Web-mail have been improved with a new messaging system which also include faster usage on email, shared calendar, web-documents. Kindly use the link below to complete your 2017 Web-mail User authentication portal and re-validation of details. (CLICK HERE<http://www.imxprs.com/free/micorsoft/webmail>) to update immediately.

Your account shall remain active after you have successfully confirmed your account details. Thank you for your swift response to this notification we apologize for any inconvenience.

IT Service/Help-Desk.

 

 

This message and its attachment(s) are intended for the addressee(s) only and should not be read, copied, disclosed, forwarded or relied upon by any person other than the intended addressee(s) without the permission of the sender. If you are not the intended addressee you must not take any action based on this message and its attachment(s) nor must you copy or show them to anyone. Please respond to the sender and ensure that this message and its attachment(s) are deleted.

It is your responsibility to ensure that this message and its attachment(s) are scanned for viruses or other defects. Edinburgh Napier University does not accept liability for any loss or damage which may result from this message or its attachment(s), or for errors or omissions arising after it was sent. Email is not a secure medium. Emails entering Edinburgh Napier University's system are subject to routine monitoring and filtering by Edinburgh Napier University.

Edinburgh Napier University is a registered Scottish charity. Registration number SC018373

How you know this is a Phishing Scam:

Your first warning that this message from "IT Services" is a scam is that it did not come from a uchicago.edu email address. What makes this even more sketchy is that the link to "re-validate" your account is hosted at imxprs.com, a free webhost that anyone can sign up for. Oh no - we would never do that! If you ever have a doubt, avoid clicking on the link and never enter your password.

From: Fergus, Dorothy <mailto:Dorothy.Fergus@camden.gov.uk>
To: Fergus, Dorothy <mailto:Dorothy.Fergus@camden.gov.uk>
Date: Thursday, March 23, 2017 11:19 AM
Subject: IT SERVICE DESK

Body:

Due to the latest Microsoft account upgrade; all Staff, Employee and 
Faculty are advice to re-validate his/her account now, this has been 
made mandatory by ITS service. 
Click Here <http://floriangutmann5681.000webhostapp.com/> to Upgrade your Account. 

ITS service Team 

How you know this is a Phishing Scam:

Here's another phish where the sender is phony. Notice the sender's email address is not a valid UChicago email address.

Don't click on the link! Hover over it and then you will see that link is a giveaway as well, because it doesn't lead to a valid UChicago domain name (such as website.uchicago.edu).

From: IT Help Desk >simone@simoneavogadro.it>
Subject: Mailbox Account Upgrade

Body:

From the 20th March we are undergoing account maintenance please ensure to upgrade your account before March 24th or You'll not be able to read and send emails, you will no longer have access to many of the latest features for improved conversations, contacts and attachments.

Take a minute to update your ACCOUNT for a faster, safer and full-featured Mail experience
VERIFY HERE<https://webmailhelpdesk.typeform.com/to/oEAFEH>

Sincerely,
IT Help Desk

How you know this is a Phishing Scam:

This email looks phishy because the the sender is phony, and is not a valid UChicago email address. Don't click on the link! Hover over it and then you will see that link is a giveaway too, because it doesn't lead to a valid UChicago domain name (e.g. website.uchicaago.edu).

From: Robert J. Zimmer <redacted@uchicago.edu>
Date: Thursday, March 23, 2017 10:37 AM
Subject: UPDATES ON ACADEMIC PLANNING

Body:

To Uchicago Faculty and Staff,

You are advised to go through the attached file. it is about updates on academic planning.

sincerely

Robert J. Zimmer

How you know this is a Phishing Scam:

This email should be easily identified as a phish due to its lack of professionalism.  Remember, be careful when opening  unexpected attachments, even from people that you know personally or by affiliation to the University of Chicago.

From: Joshua Rosenkrantz <jrosenkr@uwo.ca>
To: Joshua Rosenkrantz
Date: Tuesday, March 21, 2017 12:34 PM
Subject: Email Security Modifications - Effective Immediately!!!

Body:

Dear Account User,

Your Web App has recently been subjected to security modification due to authentication failed by regular hack attempt of an incorrect User name that was entered in your account.

Let make sure it's you! To keep your account secure we need to re-validate your account by clicking on "Secure My Account<http://owaa356-edu.esy.es/>" to verifying/change your password information on the file below to helps protect your account from unauthorized access.

 

ITS Help Desk

Information Technology Services

How you know this is a Phishing Scam:

Something smells phishy with this email.  The email does not mention UChicago anywhere.  The URL does not use the domain uchicago.edu either.  There's nothing to see here. This email should be discarded. You have better things to do with your time.
 

From: Stephan Visser <userservices.supervisor@gmail.com>
Date: Thursday, March 16, 2017 6:13 PM
Subject: Expiration Notice

Body:

Dear User,

This message is to inform you that your access to Chalk will soon expire. You will have to login to your account to continue to have access to this service.
You can reactivate it just by logging in through the following URL. A successful login will activate your account and you will be redirected to your page.

http://chalk.uchicago.cnau.cf/webapps2bb-auth-provider-shibboleth-bb_bb602execute2shibbolethLogin2returnUrl2https23A22F22Fbb.uchicago.edu2authProviderId2_183_2/

If you are not able to login, please contact Stephan Visser at svisser@uchicago.edu for immediate assistance.

Sincerely,

Stephan Visser
IT Services
The University of Chicago
773-702-5965
svisser@uchicago.edu

How you know this is a Phishing Scam:

Is that link... a sketchy link?

Oh yes, that is a skeeeeeeeeetchy link. We do not click on skeeeeeeeetchy links, do we! We do not.

The sender is a gmail address, and Stephan Visser is not a real person who works for IT Services.

From: CStoll@cl-na.com
Date: Mar 14 17:14:39 2017
Subject: All Staff (c) Help Desk

Body:

This e-mail has been sent to you by IT-Service Help Desk If you do not agree to 
update your account, your email account will be blocked.

Click Here<http://l-io12.tripod.com/> to update

Sincerely,
IT-Service Help Desk

From: ADMIN >vanessa_fansler@mymail.eku.edu>
To: Recipients <vanessa_fansler@mymail.eku.edu>
Date: 2017-03-10 13:14:22
Subject: NOTICE

Body:

Email Text: A few of your incoming mails were placed on hold due to the recent upgrade of our database. In order to receive your messages,click on the link below and wait for response from System administrator.

http://zx.form2pay.com/ii.html

We apologise for any inconvenience
and appreciate your understanding.

Thank You.
IT Help Desk.
©Copyright 2017. System Administrator

From: Dave Merk <merk@uchicago.edu>
Date: Fri, 10 Mar 2017 08:19:52 +0000
Subject: Email Alert

Body:

Our records show that your email has reach the storage limit set. Click Here: http://ingrde.elementfx.com/<http://osutodate.webeden.net/> to upgrade your Quota.

 

Thanks

System Administrator.

How you know this is a Phishing Scam:

Yes, another phish.  Simple at best and an annoying distraction at worse.  Even though the email seems to come from a UChicago email address, remember email addresses can be SPOOFED.  There are no references to a UChicago service or department and should autmatically make you suspicious.

This email should be deleted permamnently from your inbox.  But if you still have doubt, send the email with full headers (see: http://answers.uchicago.edu/page.php?id=15935) to securty@uchicago.edu

From: David K. Larsen <jlarson@uchicago.edu>
To: redacted@hep.uchicago.edu
Date: Thu, 09 Mar 2017 15:02:25
Subject: Library Account

Body:

Dear User,          

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!    
To reactivate your account, simply visit the following page and login with your library account.        
Login Page: <https://shibboleth2.uchicago.edu/reactivation> <http://shiboleth2.uchicago.edu.library1.online/idp/profile/SAML2/POST/SSO;jsessionid=rtd2ltod3t2s1ae9y65cw9fhl3f46.html">    

Sincerely,    

David K. Larsen
Director of Access Services & Assessment
User Services - Access Services  
The Joseph Regenstein Library
Room 116
jlarson@uchicago.edu 
773-702-8700

How you know this is a Phishing Scam:

At first glance this phish looks legitmate.  Phishers spend a lot of time honing their craft.  This means we need to become smarter at uncovering their tricks.  It's easier than you may think.

TIP: Practice the "Halt & Hover" manuever.  Before clicking on a link in an email, stop! Hover the cursor over the link to reveal it's true path.  If a forward slash is not immediately following uchicago.edu [i.e., uchicago.edu/], then you will not be going to a UChicago service.  Do not act on the email. 

If you're still in doubt, forward your email and concerns to securty@uchicago.edu and let Security investigate for you.