Examples of Phishing Scams

Here are a few examples of the kinds of emails you should find suspicious. If you have questions about an email you have received, you can check our Security team blog to review our phishing alerts, or contact the ITS Security team.

Email With a Suspicious Header

The address from which this email was sent is obviously not a University email address.

From: avoth@cogeco.ca [mailto:avoth@cogeco.ca] On Behalf Of Webmail.Uchicago.edu@cogeco.ca
Sent: Thursday, July 24, 2008 6:46 PM
Subject: Quoting Uchicago.edu, Member.Services@ Uchicago.edu

Dear Uchicago.edu, email account user,

We are currently verifying our subscribers email accounts in other to increase the efficiency of our webmail futures. During this course you are required to provide the verification desk with the following details so that your account could be verified;

CNetID::………………..
Password:…………..
Territory:……………….

Kindly send these details so as to avoid the cancelation of your email account.

Thanks, Uchicago.edu, Team


In the next email, the From address is not a government email address, and the link in the message body does not lead to the real IRS website. You should always verify the real locations for links in suspicious emails.

From: Internal Revenue Service [mailto:yourtaxrefund@InternalRevenueService.com]

Sent: Tuesday, July 22, 2008 9:47 AM
Subject: [SPAM:#] Get your tax refund now
Importance: High

After the last annual calculations of your account activity we have determined that
you are eligible to receive a tax refund of $479.30 .

Please submit the tax refund request and allow us 2-6 days in order to
process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here (http://e-dlogs.rta.mi.th:84/www.irs.gov/)

Note: Deliberate wrong inputs will be prosecuted by law.

Regards,

Internal Revenue Service


This email seems to come from a fake, non-University email address given for the UCHICAGO Webmail Account Team. Emails like this one might seem to be sent directly to your personal email address, rather than to a generic recipient such as “undisclosed recipients.” It is still a scam, and you should be aware of the other warning signs that reveal the email as fake. For example, note the numerous typos and the unprofessional tone of the message.

From: “Confirm Your UCHICAGO Webmail Account”
Subject: Confirm Your UCHICAGO Webmail Account
To: info@uchicago.edu

Dear UCHICAGO Subscriber,

This message is fromh ttps://webmail.uchicago.edu
messaging center to all email account owners.We are
currently upgrading our data base and e-mailaccount.
We are deleting all unused https://webmail.uchicago.edu
email account to create more space for new accounts.

To prevent your account from clossing you will have to
update it below so that we will know that it’s a present
used account.We are upgrading our systems to improve the
way we interact with you and to provide you with an
enhanced level of customer service.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username : ………. …..
EMAIL Password : …………….
Date of Birth : ……………..
Country or Territory : ……….

Warning!!! Account owner that refuses to update his or her
account within Seven days of receiving this warning will lose
his or her account permanently.

Thank you for using [https://webmail.uchicago.edu]!

Warning Code:VX2G99AAJ.
The UCHICAGO Webmail Account Team
account-teamdept@live.com


Although this email could be convincing because of the lack of obvious typos and the email address domain, the link is not to a University of Chicago website.

From: The uchicago.edu Support Team [noreply@uchicago.edu] Sent: Tuesday, November 4, 2008 1:56 PM
Subject: Uchicago.edu Account Update
Reply-To: noreply@uchicago.edu

Dear Subscriber,

We are currently upgrading your uchicago.edu email accounts with the
following features:

Spam Protection,
Unlimited storage
Offline access with POP
Filters
Live Customer Care
Mail Forwarding
Address Guard / Disposable addressees.
Unlimited Web2sms

All uchicago.edu users must visit this link: http://webmail-uchicago-update.tk
and login their email account via uchicago.edu secure channel for
high
security account protection.

Regards
The uchicago.edu help centre.


This email includes numerous typos and grammatical mistakes, indicating it is a scam. Senators are not known to give away ATM cards over email. The reply email addresses are most likely fake.

From: Senator David Mark [mailto:info@atm.com] Sent: Tuesday, April 14, 2009 9:49 PM
Subject: OUR REF:FRN/ATM/882

OUR REF:FRN/ATM/882
YOUR REF:CLAIMS/ATM/882

This is to officially inform you that(ATM Card Number;(5179123456789120) has been accredited in your favor.Your Personal Identification Number is 882. The ATM Card Value is $6.8 MILLION USD.You are advice to contact Mr Jeffery Simpson via Email(firstflightservice@yahoo.com.hk) with the following information’s;

Full Name:
Delivery Address:
Phone Number:
Country:
OCCUPATION:
SEX:
Age:

Please Note that you are to pay the sum of $85 USD for the delivery of your ATM Card by FedEx Courier Express

Best Regards,
Senator David Mark.


IT Services will never ask you to verify your password over email. Also note that the numerous typos and grammatical mistakes, such as “carrying-out” and “mantainace,” give it away as a scam.

From: University of Chicago Technical Support Team [web-upgrade@uchicago.edu] Sent: Wednesday, April 15, 2009 4:22 AM
Subject: Dear Valid Customer

Dear University of Chicago Webmail Subscriber,

We are currently carrying-out a mantainace process to your uchicago.edu account, to complete this, you must reply to this mail immediately, and enter your User Name here (…………..) And Password here(…………..) if you are the rightful owner of this account.

Due to the Junk/Spam emails you receive daily, we are currently upgrading all email accounts Spam filter to limit all unsolicited emails for security reasons and to upgrade our new features and enhancements with your new and improved E-mail account, to ensure you do not experience service interruption.

This process we help us to fight against spam mails. Failure to summit your password, will render your email address in-active from our database.

NOTE: If your have done this before, you may ignore this mail. You will be send a password reset message in next three (3) working days after undergoing this process for security reasons.

Thank you for Using uchicago.edu.


The usc.edu domain in the From address is a give away that this is a phishing scam. Also the link to the Capital One website is most likely fake.

From: mansion@usc.edu [mailto:mansion@usc.edu] On Behalf Of Capital One
Sent: Wednesday, November 26, 2008 8:42 AM
Subject: Customer Alert

Dear Capital One Cardholder,

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error regarding your Capital One Card(s).

This might be due to one of the following reasons:

1. A recent change in your personal information (i.e. address changing) 2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your account.
3. An inability to accurately verify your selected option of payment due to an internal error within our system.

Please update and verify your information by clicking the following link:

http:// servicing.capitalone-iv.com /c1/ login.aspx

Note: You must verify your information before you can continue using your card.

Thank you,
Capital One.