Latest Email Scams

Below is a collection of real-life phishing examples that IT Security has acted upon and notes on what gives them away as email scams.

  Subscribe to the Email Scams RSS feed

  Follow us on Twitter for the latest Email Scams

From: it.helpdesk@bulletmail.org
Date: Wed, 24 May 2017 23:16:17 +0000
Subject: Illegal Sign-in Alert

Body:

Attempt Sign-in Alert

We have noticed series of login attempt to your email account from an unrecognized device on 24th May 2017 at 05:32 am. Was this you? If so, you need to pass IT Help Desk second sign-in verification thereof.

To keep your e-mail account ACTIVE, reply this Email immediately with the below information.

1) Email Address.......................
2) Username..............................
3) Password..............................

This is a security alert and you will always receive this message whenever there is problem with your account.

Thank you.

Best Regards,
WebCT Helpdesk.

From: Microsoft <noreply@office365.net>
Date: Wed, 24 May 2017 14:10:25 +0000
Subject: Validate Your Business Email [cnetid@uchicago.edu]

Body:

Attention: your account incoming emails and outgoing emails are queued up,verify your details to restore.

Validate Your Account:cnetid@uchicago.edu

Your messages are now queued up and pending delivery because your email has not been verified,you are required to confirm your email account to restore normal email delivery.

Confirm cnetid@uchicago.edu <http://exchange-365.nut.cc/welcome.jsp/REL-5.8.5.621/2ndGen/base/index.php?email=cnetid@uchicago.edu>

Please note:
* When logging in IDs and passwords, be sure to do so in a safe and secure manner.
User Name: cnetid@uchicago.edu

Once Verified Your Email Delivery Would Be Working In Less Than 2 Hours.

Sincerely,

Support Team

This is a mandatory service communication for cnetid@uchicago.edu.

This message was sent from an unmonitored e-mail address. Please do not reply to this message.
Privacy | Legal

From: "Tsui, Margaret" <tsuim@mccc.edu>
Date: Tue, 23 May 2017 13:27:37 +0000
Subject: HELPDESK

Body:

Your e-mail will expire within 24hrs click here<http://secureddesk.zohosites.com/>; to validate your e-mail.

How you know this is a Phishing Scam:

Ask yourself, will my email expire in 24 hours? Not likely. Don't fall for this pressure tactic. The University will never require you to validate your email account in this fashion!

From: Drop_Box <mailto:thadfyyse@bwdist.com>
To: noreply@drop-box.com
Subject: View your pending dropbox file

Body:

DROPBOX

Dear user,

You have (1) Pending Document to view as at 22/05/2017.

You can preview your doc below.

Preview-Here<http://re.tc/zz4fn7rv> <http://zafinternational.ae/phd/Validation/login.php>

-Happy Drop-boxing !

Team.

How you know this is a Phishing Scam:

This phishing email is hoping that users of Dropbox do not take the time to read and just click blindly - it's not even pretending to be correctly formatted. This email is generic so that it can cast a wide net and get someone to bite. Don't let it be you! Take the time to read and analyze your emails and it'll save you from a lot of headaches in the future.

From: John West <John.West@brunel.ac.uk>
Date: Thu, 18 May 2017 00:22:30 +0000
Subject: To All Employees\Staff,

Body:

We wish to inform you The University of Chicago are Upgrading our uchicago.edu login page. To Upgrade to latest version Simply CLICK HERE (CLICK-HERE-TO-ACTIVATE http://webmailoutlook-upgrade.weebly.com<http://www.google.com/url?q=http%3A%2F%2Fwebmailoutlook-upgrade.weebly.com&sa=D&sntz=1&usg=AFQjCNGULDzOvpR8nvYM2YyrR7SdRmHj9Q>/) and get 32 gigabytes more space.

©2017 The University of Chicago

How you know this is a Phishing Scam:

This phish has a link that does not have a UChicago domain (i.e., uchicago.edu) associated with it.  This is huge red flag.  The email conveniently omits a signature with contact information, in the event you have questions. Phishers do not like questions.  Also, the sender of this email does not have a UChicago email address.  All are major clues that this email is up to no good and should be deleted.

From: "Allyn, Marisa" <allynmm25@mansfield.edu>
Date: Thu, 18 May 2017 18:43:24 +0000
Subject: Marisa Allyn From uchicago.edu has shared a document on Outlook with you

Body:

Marisa Allyn has invited you to view the following document: Open With Outlook Web Apphttp://bit.ly/2rw1d4c Marisa Allyn Nutrition Dietetics Major Psychology Minor Student Worker at TRiO President of Alpha Zeta Chapter of Kappa Phi

How you know this is a Phishing Scam:

A sketchy sharing invitation with a URL shortener... you never know where those will go! Thankfully, bit.ly already flags this link as suspicious. Don't trust random sharing invites from people you don't know - or unsolicited ones from people you DO know.

From: Frisch Vermon <frischvarmon@outlook.com>
Date: Tue, May 16, 2017 at 8:42 PM
Subject: Tutor

Body:

Hello,

How are you doing today? My name is Frisch Vermon. I came across your e-mail at the University of Chicago, Department of Mathematics under Graduate Student's portal. I seek for a private tutor for my Daughter. I would like to know if you would be available for the job and I would provide you with more details my daughter.
 

I would also like the lessons to be at your location. Kindly let me know
your policy with regard to the fees, cancellations, location and make-up lessons. Also, get back to me with your area of specialization and any necessary information you think that might help.
 
Once you confirm your availability, I would provide you with more helping details.  The lessons can start by 24th of May.
 
Looking forward reading from you.
 
Best regards,
Frisch.
--
Doctoral Candidate in Mathematics,
The University of Chicago
 Chicago, IL 60637

How you know this is a Phishing Scam:

The George Washington University reported this scam in February, 2017. There are various flavors of this email that change names and positions, but this sample is targeting multiple UChicago Department of Mathematics graduate students using the same message and same sender. Please do not respond to this scam and delete immediately!

From: Varma, Sanjaya (CCI-Atlanta-CON) <Sanjaya.Varma@cox.com>
Date: Wednesday, May 17, 2017 7:55 AM
Subject: ITHelp Survey invitation

Body:

You have been invited to take a Satisfaction survey for a recent IT-Help ticket.

Click here to take your survey<http://www.8tsonobsl2klh1ayuflo9xaab3mqyfq78tsonobsl2klh1ayuf.citymax.com/outlook.html>

To view your survey queue at any time, sign in and navigate to Self-Service > My Assessments & Surveys.

Additional details about this Survey are:

Number #:  INC1798292

Short Description: HELP-DESK ALERT.

Description:

Resolved Date: 04-28-2017 14:48:36 EDT

Ref:MSG5211182

How you know this is a Phishing Scam:

This phish has gone out of its way to look legitimate by even adding a ticket number as a reference. After all, how likely are you to track ticket numbers from the previous month after the incident is resolved? If you look closely, the sender and the receiver are the same person and neither has a uchicago.edu email address. The link provided is full of random characters and does not use the uchicago.edu domain. 

From: Office Microsoft365 mailto:offcial365@updates.msnrule.com
Date: Tuesday, May 16, 2017 10:00 AM
Subject: Update Needed For Your Login Settings

Body:

Microsoft Office365

Dear <your CNet>

Your Microsoft Office365 Sign in details are outdated, We advise you to update your
account login settings as soon as possible so you don't get locked out: by checking below.

There will be a brief period before this request takes effect.
If these updates modifications were made without your consent, please log in to your account
by checking below.
UPDATE ACCOUNT SETTINGS <http://putany38.com/images/Lookk/index.php/?email=(your cnet)@uchicago.edu>

If you are unable to sign in to your account or if unauthorized changes have been made to your office365
account, please contact our customer support team for assistance: +1 (488) 345-1630

This message was sent from the email address which is not monitored. Do not reply to this message.
Privacy | legal notices

Microsoft Office
One Microsoft Way
Redmond, WA
98052-6399 USA

How you know this is a Phishing Scam:

The link is not tied to the University of Chicago in any way.  There is no contact information in the email.  It requests action "so you don't get locked out" -- a threat and appeal to urgency typical for scammers to make you click and not think about the veracity of the message.  Don't be fooled!  Delete this.

From: Whitney Fletcher <mailto:mike_harrigan1@baylor.edu>
Date: Monday, May 15, 2017 12:44 PM
Subject: Urgent Notice !!

Body:

Dear <cnetid>@uchicago.edu<mailto:<cnetid>@uchicago.edu>,

This was sent out to me from your mailbox and I have upload the documents via Adobe multi-function device just CLICK HERE<http://u.to/m43vDw> <http://jualbajaringan.co.id/m-ppp/office/office/index.html> and sign in with your email address to view documents.

Sincerely

Whitney Fletcher

How you know this is a Phishing Scam:

This phish is especially deceptive because it displays a ShortURL that can take you to a site that can be harmful.  Also, the signature does not give you a way to contact anyone with questions.  These types of emails should be discarded.

From: Mail Admin <info@sbg.vn>
Date: Sunday, May 14, 2017 1:23 PM
Subject: Incoming mails on pending.

Body:

Hi [cnetid]@uchicago.edu<mailto:[cnetid]@uchicago.edu>,

Most of your incoming mails are on pending due to subscription issues, please click here<https://www.estanciagrassfedbeef.com/update-your-details/mailbox/domain/index.php?email=[name here]@lists.uchicago.edu> to resolve this issue and upgrade.

Best Regards,
Mail Team (C) 2017

How you know this is a Phishing Scam:

You have to have fun with this one. This phish doesn't even try to mask its domain! Would you visit this link to update your email information or to learn more about grassfed beef? The lack of contact information for someone or a department within the University should also alert you that this email is up to no good.

From: jharr161@vols.utk.edu
Date: Friday, May 12, 2017
Subject: HelpDesk

Body:

Your account was LOGIN today by Unknown IP, click on the Administrator link below to validate your e-mail account or your account will be temporary block for sending more messages.

Click Below:
http://helpdestumwedu.sitey.me/

How you know this is a Phishing Scam:

Not only is this message littered with broken language, the link is not a University URL.  Instead the link is to a bogus help desk site hosted on sitey.me - a free hosting site that can be abused for phishes like this. IT Services will never ask you to "validate" your username and password, especially on a web form.