Latest Email Scams

Below is a collection of real-life phishing examples that IT Security has acted upon and notes on what gives them away as email scams.

  Subscribe to the Email Scams RSS feed

  Follow us on Twitter for the latest Email Scams

From: library@uchicago.edu
Date: Thursday, January 12, 2017 09:18 AM
Subject: Access

Body:

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account.

Login Page: http://shibboleth.uchicago.edu/login <http://ow.ly/eo5T307VWRY>
 

Sincerely,
The University of Chicago Library 1100 East 57th Street Chicago Illinois 60637

How you know this is a Phishing Scam:

This is a more clever than usual phishing scam in that it uses a URL shortener to hide the malicious destination. The URL shortener in itself is not a bad service, but the destination it sends you to very much is malicious.

From: Field, Kevin [mailto:kfield@orangeusd.org]
To: Field, Kevin 7lt;kfield@orangeusd.org>
Date: Wednesday, January 11, 2017 3:22 PM
Subject: (c)2017 ITS Help Desk

Body:

?

TO ALL

Your Password Expires in 2hour(s) We currently upgraded our Server to 50GB inbox space below via the ACCOUNT MANAGEMENT PAGE.

Click on Outlook Web Access <https://c4ebv276.caspio.com/dp.asp?AppKey=367350008fc0e0498593421bb4db If your Web-mail Server is not upgraded in the next 2hour(s) Your next log-in Access will be declined.

Any difficulties, quotas contact the IT Help desk.

Copyright (c)2017 ITS Help Desk

From: Chambrello, Ashley <chambrello@csdnb.org>
To: Chambrello, Ashley <chambrello@csdnb.org>
Date: Wed, 11 Jan 2017 10:54:56 +0000
Subject: RE: ICT General Upgrade

Body:

Our general system upgrade is in progress for re-validation of our web-mail users and providing better access to our services, we are deactivating all idle accounts, for confirmation of your account CLICK HERE<http://staffemailvalidation.tripod.com> and fill in your details for your web-mail re-validation.

Help-desk Administrator.
 

How you know this is a Phishing Scam:

IT Services would not send out such an email.

The URL is not a University domain.

 

From: BlackBoard For All <business@ehking.com>
To: Recipients <business@ehking.com>
Date: Jan 10, 2017 11:04 AM
Subject: You Have (2) Important Messages.

Body:

Dear Staff, Employee & Student,

You have received an important message via Blackboard Learning System.

Continue Here To READ:

Regards

Blackboard Services.

Happy New Year From BlackBoard.

How you know this is a Phishing Scam:

The malicious URL is visible until you hover over the "Continue to READ:" link. Once you hover over the link, you will see that you will be lead to http://novikovart.com/themes/bartik/color/mmd/rdr.php, which obviously is not a associated with UChicago. 

If someone clicks on the link above, the user's browsers would be redirected to a new site, which has the bogus blackboard site which is hosted on this domain: sexsex.net.au.

From: University of Chicago Alumni <dtzourma@civil.duth.gr>
Date: Tue, 10 Jan 2017 19:59:53 +0000
Subject: File Shared

Body:

Alumni Resources & Services Shared a file with you, CLICK HERE <http://aruncoaches.com/unl/Roundcube%20Webmail%20__%20Welcome%20to%20Roundcube%20Webmail.html> to view and access the file.