Examples of Phishing Scams
Email With a Suspicious Header
The address from which this email was sent is obviously not a University email address.
firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Webmail.Uchicago.firstname.lastname@example.org
Sent: Thursday, July 24, 2008 6:46 PM
Subject: Quoting Uchicago.edu,
Dear Uchicago.edu, email account user,
We are currently verifying our subscribers email accounts in other to increase the efficiency of our webmail futures. During this course you are required to provide the verification desk with the following details so that your account could be verified;
Kindly send these details so as to avoid the cancelation of your email account.
Thanks, Uchicago.edu, Team
In the next email, the From address is not a government email address, and the link in the message body does not lead to the real IRS website. You should always verify the real locations for links in suspicious emails.
From: Internal Revenue Service [
Sent: Tuesday, July 22, 2008 9:47 AM
Subject: [SPAM:#] Get your tax refund now
After the last annual calculations of your account activity we have determined that
you are eligible to receive a tax refund of $479.30 .
Please submit the tax refund request and allow us 2-6 days in order to
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here (
Note: Deliberate wrong inputs will be prosecuted by law.
Internal Revenue Service
This email seems to come from a fake, non-University email address given for the UCHICAGO Webmail Account Team. Emails like this one might seem to be sent directly to your personal email address, rather than to a generic recipient such as “undisclosed recipients.” It is still a scam, and you should be aware of the other warning signs that reveal the email as fake. For example, note the numerous typos and the unprofessional tone of the message.
From: “Confirm Your UCHICAGO Webmail Account”
Subject: Confirm Your UCHICAGO Webmail Account
Dear UCHICAGO Subscriber,
This message is fromh
messaging center to all email account owners.We are
currently upgrading our data base and e-mailaccount.
We are deleting all unused
email account to create more space for new accounts.
To prevent your account from clossing you will have to
update it below so that we will know that it’s a present
used account.We are upgrading our systems to improve the
way we interact with you and to provide you with an
enhanced level of customer service.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : ………. …..
EMAIL Password : …………….
Date of Birth : ……………..
Country or Territory : ……….
Warning!!! Account owner that refuses to update his or her
account within Seven days of receiving this warning will lose
his or her account permanently.
Thank you for using
The UCHICAGO Webmail Account Team
Although this email could be convincing because of the lack of obvious typos and the email address domain, the link is not to a University of Chicago website.
From: The uchicago.edu Support Team [
email@example.com] Sent: Tuesday, November 4, 2008 1:56 PM
Subject: Uchicago.edu Account Update
We are currently upgrading your uchicago.edu email accounts with the
Offline access with POP
Live Customer Care
Address Guard / Disposable addressees.
All uchicago.edu users must visit this link:
and login their email account via uchicago.edu secure channel for
security account protection.
The uchicago.edu help centre.
This email includes numerous typos and grammatical mistakes, indicating it is a scam. Senators are not known to give away ATM cards over email. The reply email addresses are most likely fake.
From: Senator David Mark [
mailto:firstname.lastname@example.org] Sent: Tuesday, April 14, 2009 9:49 PM
Subject: OUR REF:FRN/ATM/882
This is to officially inform you that(ATM Card Number;(5179123456789120) has been accredited in your favor.Your Personal Identification Number is 882. The ATM Card Value is $6.8 MILLION USD.You are advice to contact Mr Jeffery Simpson via Email(
email@example.com) with the following information’s;
Please Note that you are to pay the sum of $85 USD for the delivery of your ATM Card by FedEx Courier Express
Senator David Mark.
IT Services will never ask you to verify your password over email. Also note that the numerous typos and grammatical mistakes, such as “carrying-out” and “mantainace,” give it away as a scam.
From: University of Chicago Technical Support Team [
firstname.lastname@example.org] Sent: Wednesday, April 15, 2009 4:22 AM
Subject: Dear Valid Customer
Dear University of Chicago Webmail Subscriber,
We are currently carrying-out a mantainace process to your uchicago.edu account, to complete this, you must reply to this mail immediately, and enter your User Name here (…………..) And Password here(…………..) if you are the rightful owner of this account.
Due to the Junk/Spam emails you receive daily, we are currently upgrading all email accounts Spam filter to limit all unsolicited emails for security reasons and to upgrade our new features and enhancements with your new and improved E-mail account, to ensure you do not experience service interruption.
This process we help us to fight against spam mails. Failure to summit your password, will render your email address in-active from our database.
NOTE: If your have done this before, you may ignore this mail. You will be send a password reset message in next three (3) working days after undergoing this process for security reasons.
Thank you for Using uchicago.edu.
The usc.edu domain in the From address is a give away that this is a phishing scam. Also the link to the Capital One website is most likely fake.
From: email@example.com [
mailto:firstname.lastname@example.org] On Behalf Of Capital One
Sent: Wednesday, November 26, 2008 8:42 AM
Subject: Customer Alert
Dear Capital One Cardholder,
During our regularly scheduled account maintenance and verification procedures, we have detected a slight error regarding your Capital One Card(s).
This might be due to one of the following reasons:
1. A recent change in your personal information (i.e. address changing) 2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your account.
3. An inability to accurately verify your selected option of payment due to an internal error within our system.
Please update and verify your information by clicking the following link:http:// servicing.capitalone-iv.com /c1/ login.aspx
Note: You must verify your information before you can continue using your card.