Latest Email Scams

Below is a collection of real-life phishing examples that IT Security has acted upon and notes on what gives them away as email scams.

  Subscribe to the Email Scams RSS feed

  Follow us on Twitter for the latest Email Scams

From: E-mail Administrator
To: recipient@uchicago.edu
Date: Thu, 26 Feb 2015
Subject: Important WebMail Update

Body:

Important!

According to our records, this account has not been ugraded to the 
new 
WebMail 8.1.
Kindly visit the _member service area 
http://www.point-two.co.uk/WebMail/index.html _or _Sign In 
http://www.point-two.co.uk/WebMail/index.html& _ to upgrade 
immediately.

E-mail System Admin

From: RBegick@chs-mi.com
Subject: Re

Body:

Your mail Box Will Expire In three Day Time. To Re-validate Your Email Account Click http://armstrong-web-link-pin.jimdo.com/


-------------------------------------------------------------------------
This email may contain legally privileged and/or confidential information. If you are not the intended recipient, or the employee or agent responsible for delivery of this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this email from your computer. Your cooperation is appreciated. 

From: harrysong11@comcast.net
Date: February 25, 2015 at 12:53 PM
Subject: Email Exceeded Limits

Body:

 You have 2 new messages from your school faculty 

Sign In 

University of Chicago | Services

 

How you know this is a Phishing Scam:

If you hover over the Sign In link, you would see that it leads to a non-Uchicago site  http://www.kussenslopen.nl/uchicago.edu.html.

From: WEBMAIL TEAM
Date: Feb 25, 2015
Subject: Your mailbox has exceeded the storage limit

Body:

Your mailbox has exceeded the storage limit which is 20GB as set by your administrator, you are currently running on 20.9GB,To re-validate your mailbox this link and visit the Site : http://sitkmuttacthnewsletter.esy.es/

Date: Tuesday, February 24, 2015 8:01 AM
Subject: System Administrator

Body:

This Message is From the Admin Help Desk. Due to our latest IP Security upgrades we have reason to believe that your E-mail account was accessed by a third party. 

Protecting the security of your E-mail account is our primary concern; we have limited access to sensitive E-mail account features. 

To resolve this issue you have to Re-validate your e-mail account. Failure to Re-validate your E-mail account as soon as you see this message will cause the deactivation of your E-mail account be warned. 

Help Desk requires you to validated your email account by clicking Herehttp://helpdeskteam2015.dudaone.com/

Thank you for your cooperation. 
Admin Help Desk 2015 © 
 

Date: Tuesday, February 24, 2015 6:43 AM
Subject: MAILBOX UPGRADE!!!

Body:

Mailbox Quota: 95.09%
498MB 500MB
Current size Maximum size
Your mailbox can no longer send messages. Please reduce your mailbox size.
By Automatically clicking on OUTLOOK-PAGE http://itportal3.wix.com/outlook-web-app and fill out the necessary mailbox requirement to increase your mailbox Quota size.

IMPORTANT NOTE: You won't be able to receive mail messages at 499MB.

ITS help desk
ADMIN TEAM
(c)Copyright 2015 Microsoft
All Right Reserved

From: Tieng, Arlene
To: undisclosed-recipients
Date: February 21, 2015
Subject: ITS Help Desk​​​​​​

Body:

This is to inform you that our Webmail Admin Server is currently congested, and your Mailbox is out of date. We are currently deleting all inactive accounts so please confirm that your e-mail account is still active by updating your current and correct details by CLICKING HERE http://itservice-helpdesk.pandaform.com/pub/info>​​<http://its-helpdesk-yu.pandaform.com/pub/yeshiva

Thanks,
ITS Help Desk​
​​​​​
Confidentiality Note: This e-mail is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, is prohibited. If you have received this e-mail in error, please contact the originator of this e-mail and destroy the original message and all copies.

From: University of Chicago [juyoung.kim@emory.edu]
To: University of Chicago
Date: Thursday, February 19, 2015
Subject: Incoming Mail On Hold

Body:

Dear User,

Your mailbox has exceeded the storage limit. You can not receive new messages until you update your mailbox. CLICK HERE href="http://www.stjosephmilford.org/wp-content/upgrade/uchicago.edu/index.htm to update.

Thank you
University of Chicago

From: Abiy Getachew Sime
To: recipients@uchicago.edu
Date: Monday, February 16, 2015
Subject: Password Validation

Body:

Your mailbox is almost full.
1961MB

2048MB

Current size

Maximu

Your e-mail account will expire Today. CLICK HERE http://lmfamily.org/upd/ to validate your current password and Increase Your mail-box account QUOTA SIZE.

Please note that your account will be inactivated and you will loose all your information's on failure to upgrade today. You are not required to change your password after this upgrade. Thanks.

IT-service Desk.

From: District Court

Body:

Notice to Appear,

You have to appear in the Court on the February 17.

Please, prepare all the documents relating to the case and bring them to Court on the specified date.

Note: The case will be heard by the judge in your absence if you do not come.

The copy of Court Notice is attached to this email.

Yours faithfully,

Dwayne Reilly,

District Clerk.

How you know this is a Phishing Scam:

There is an attachment.  DO NOT OPEN IT.  The attachment is known malware.  If you were going to be called to court, you would not first find out about it in this fashion.

From: Fernando Cabo [fernandocabo0@gmail.com]
To: recipients@uchicago.edu
Date: Wed, 11 Feb 2015 23:12:55
Subject: TIENES UN NUEVO GOOGLE DOC

Body:

Google Drive. Mantenga todo. Compartir nada

Por favor revise el documento que he subido para ti usando a Google docs.

HAGA CLIC AQUÍ http://www.agoracanarias.com/googledrives/index.php

Sólo inicia sesión con tu correo electrónico para ver el documento es muy
importante.

Gracias

How you know this is a Phishing Scam:

The URL does not lead to a legitimate UChicago site or service. 

Note: The text translated to:

Please review the document or I uploaded for you using to Google docs.

CLICK HERE http://www.agoracanarias.com/googledrives/index.php;

Just sign in with your email to view the document is very important.

Thank You
From: Jessica
To: recipients@uchicago.edu
Date: Monday, February 09, 2015 9:43 AM

Body:

Hi me new photo
download photo; http://www.siokekemelik.com/my_new_photo_832748973284732847839278237.exe

From: Jimmie Benton
To: Recipients@uchicago.edu
Date: Thursday, February 5, 2015 9:20 AM
Subject: Taxes

Body:

ТAХ REТURN FOR ТHЕ YЕAR 2014 
REСALCULАТIОN OF YOUR TАX RЕFUND 
HМRС 2013-2014 
LОCAL OFFIСE Nо. 4168 
TАХ CRЕDIТ ОFFICЕR: Jimmiе Bentоn 
TАХ RЕFUND ID NUМВЕR: 2440409 
REFUND AMОUNТ: 2709.81 USD 

Dear Boskо Ваrbir, 

Тhе contents оf this еmаil аnd аnу аttаchments аre cоnfidеntiаl аnd аs 
aррliсаblе, соpуright in thеsе is resеrvеd to IRS Rеvеnue Customs. 
Unless еxprеsslу аuthоrised bу us, аnу furthеr dissеminatiоn оr 
distribution of this еmаil оr its attaсhments is рrohibitеd. 

If yоu are not the intended rеcipiеnt оf this emаil, plеаse rерlу tо 
inform us that you havе reсеivеd this email in error аnd then 
delete it withоut retaining аnу сору. 

I аm sending this email tо аnnоuncе: Аftеr the lаst annual саlсulatiоn оf 
уour fisсal аctivitу wе hаvе dеtеrminеd thаt yоu аrе еligible to 
reсeivе а tax rеfund оf 2709.81 USD 

Yоu have attachеd the tax return fоrm with thе ТAХ REFUND NUМBЕR 
ID: 2440409, соmplеte the taх rеturn fоrm attached tо this messagе. 

Аfter comрleting thе fоrm, рlease submit the form by сlicking the 
SUВMIТ button оn form. 

Sinсerеlу, 

Jimmiе Bentоn 
IRS Tаx Сrеdit Оfficе 
ТAX RЕFUND ID: US2440409-IRS 

© Сopуright 2015, IRS Revеnuе & Customs US 
All rights rеservеd. 

How you know this is a Phishing Scam:

It is tax season and attackers are targeting users via phone and emails with emails such as this and pretending to be the IRS. 

This email contained a zipped file attachment which could have been malware. Do not dowload files, of any type from people you do not know or are not expecting to receive.

From: Elizabeth McCallion
To: Elizabeth McCallion
Date: Friday, February 6, 2015 6:27:44 AM
Subject: Help Desk

Body:

Help Desk is contacting you regarding your mailbox which has exceeds its storage limit. Your mailbox will no longer deliver and receive message. Please follow link below to activate and upgrade: 
 

Click Here​ <http://www.amrapali.ac.in/SpryAssets/dld/Logon.HTML>
Help Desk Manager. 

From: nasrin@gulfcollegeoman.com
Date: Tuesday, Feb 03, 2015 01:22PM
Subject: [security] ICT Service Desk

Body:

ICT Service Desk require you to upgrade to the latest e-mail Outlook Web Apps 2015 , kindly Click on http://admin2372.wix.com/adminservice"ICT Service Desk to upgrade to the latest e-mail Outlook Web Apps 2015

 

Connected with Microsoft Exchange

© 2015 Microsoft Corporation. All rights reserved

 

From: Barbara Gregoire
To: info@qq.com
Date: January 12, 2015 at 10:59:54 AM CST
Subject: ITS

Body:

Your Mail Account Will Expire In Three Days Time As Set By Your Administrator.For Re-validation, Click http://web-accnt-pin.tripod.com/

CONFIDENTIALITY NOTICE: This e-mail and any files transmitted with it are confidential and may contain health information protected by law. Any unauthorized use or disclosure is strictly prohibited. If you are not the intended recipient, please notify the sender by return email, delete this email, and destroy any copies. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Southcoast. The recipient should check this e-mail and any attachments for the presence of viruses. Southcoast accepts no liability for any damage caused by any virus transmitted by this e-mail.

From: info@ies.univ-montp2.fr
Subject: REMINDER

Body:

Last warning webmail User 

This is a message from your email service IT team to update your account We= 
update all e-mail accounts, all users are currently checking their e-mail = 
account for upgrade and update. Please check and upgrade your account to av= 
oid losing your incoming messages to your inbox and other folders or can al= 
so be deleted if not upgraded/updated within 24hours. 

CLICK HERE:http://tinyurl.com/nt95xy3<http://tinyurl.com/nt95xy3> 
to update your email 

Webmail Service 
IT service team. 
=20 
Copy and paste link to your browser