Sample List of Email Scams 2013
20.6.13
Edit
Email Scam Example 58
Subject: Important Course Infomation
Date: June 4, 2013
Good Morning,
Your school has posted an important information regarding a course for you.
You are required to immediately sign in to Blackboard Learn.
Click here to sign in to Blackboard Learn
Thank you.
Blackboard Learn Notifications.
The University will not send information about your course work through a third party. The domain of the link ("bur74.ru") and the typo in the subject line (missing "r" in "information") are give-aways that this is a scam. Be weary of emails that convey a sense of urgency and ask you to act immediately.
Email Scam Example 57
From: Resina MartÃnez, Carles [mailto:crm@apabcn.cat]
Sent: Tuesday, May 21, 2013 4:52 PM
To: info@helpdesk.edu
Subject: SecurityUpgrade
Dear User
Your password will expire in 3 Days Click Here to validate your e-mail.
Thanks
System Administrator
The domain name in the link address (ritec-eg.com), from (apabcn.cat) and to (helpdesk.edu) email addresses are all give aways that this is a scam. The University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu. The University also has established procedure for account closure and eligibility changes.
Email Scam Example 56
From: Malene Sødal Melchiorsen
Subject: STAFF STUDENT & FACULTY WARNNING
To: Undisclosed recipients: ;
MAILBOX VIOLATION PROCEDURE
STAFF / STUDENT / FACULTY
Mailbox Quota exceeded the approved limit 99.89% You will not be able to send non receive mail which will make your account To be suspended, Click on access for administrative assistance.
System Management Team,
© Copyright 2013
The From email address "malm@regionsjaelland.dk" and the address of the link (hxxp://administrativequotalimitcleanupportal.webs.com/) are give-aways that this is a scam. The University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu. The numerous grammatical mistakes, such as, "to send non receive," and "make your account to be suspended," also indicate that this email is fraudulent.
Email Scam Example 55
From: "account-services@"
Subject: Attn: Web-mail Owner
We just confirmed that you have not upgrade to the new web-mail version. That is why we are sending you this massage to upgrade your account now. This is because we are preventing your web-mail from closure. And also we have notice that your mail have been used for sending spam mail to other mails. To prevent your account from this you will have to send a verification massage so that we will confirm from our computer system that you are the rightfully owner of this mail and also to upgrade your account to the new version.
To upgrade your Web-Mail CLICK HERE [http://webmailaccountupgrad.coffeecup.com/forms/upgrade/]
NOTE: This message is authorize by the web-mail Project email account protector unit.Notification message will be send back to you after verifying your account before account could be reset.
© All right reserve.
A number of give-aways should alert one that this is a fraudulent email: 1) the From address ("everest.edu") is not a University email address; 2) the weblink points to a site at coffeecup.com. The University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu. 3) Numerous grammatical mistakes, including, "is authorize" (should be "is authorized"), "All right reserve" (should be "All rights reserved").
Email Scam Example 54
From: Mail Server [mailto:cnetid@uchicago.edu]
Sent: Wednesday, March 13, 2013 7:34 AM
Subject: Update Email Settings
Click Below To Update Your Email Setting:
https://docs.google.com/spreadsheet/viewform?formkey=dG5fOE5JWjlrVWdvVGJVWmlfZ2c5T2c6MQ
Even though the From email address looks legitmate, the link points to a Google spreadsheet. The University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu.
Email Scam Example 53
From: Rebecca Milburn [Rebecca.Milburn@humber.ca]
Sent: Thursday, March 07, 2013 1:50 PM
Subject: Uchicago IT Services
TO ALL EMAIL USERS.
Uchicago Helpdesk is an information and assistance resource that troubleshoots problems with your account. You have exceeded the limit of your mailbox set by our IT Service, and from now you cannot be receiving all incoming emails. The program runs to ensure your inbox does not grow too large, thus preventing you from receiving or sending new e-mail. To prevent this, you are advised to click on the link below to reset your account. Your account is experiencing an unexpectedly termination. You are advised to click on the questionnaire below for activation, fill and submit the information below while our Message Center Immediately authenticate your account. Follow the link: CLICK HERE [http://uchicagoaccount.ucoz.com/contactus.html]
Uchicago! Inability to complete the questionnaire on the link will render your account inactive within the next 24 hours. Please do find this message important.
Error ID: 0x800CCC0F
Protocol: POP3
Port: 110
© ©2013 The University of Chicago 5801 South Ellis Avenue Chicago, Illinois 60637
The sender does not use a University of Chicago email address is a big give-away that this is a spam. The numerous non-idiomatic language use, such as "an unexpectedly termination," and "Uchicago! Inability to complete the questionnaire on the link," is another give-away. The link in the email also leads a domain outside of the university (ucoz.com), which is telling that the email is a spam. Be weary of emails that conveys a sense of urgency and asks you to provide confidential information.
Email Scam Example 52
From: jhurst@polk.k12.ga.us
Date: Mon, 25 Feb 2013 07:56:16 -0500
Subject: Warning!! Your mailbox is over its size limit?
MAILBOX VIOLATION MAILBOX QUOTA SIZE LIMIT HAS BEEN EXCEEDED CLICK ON CLIENTHELP https://docs.google.com/spreadsheet/viewform?formkey=dFFnVmR3V0RiMHNwWW1wMkhBZW9Obmc6MQ FOR CLEANUP
The sender account is unrelated to the University and the web form is hosted by Google docs. The odd puncuation and exclusive use of upper case are also suspect.
Email Scam Example 51
From: University of Chicago;
Date: February 23, 2013, 2:29:47 AM CST
To: undisclosed-recipients:;
Subject: News/update
This is to inform you that IT Helpdesk is doing some maintenance in
the server login page. All uchicago.edu email account are advice to
access their account in the temporary login page powered by
Pastehtml.Do login your Username and Password to the new login page
and get the latest exciting information and news/update.
Please click the data base link below and login:
http://pastehtml.com/view/ctg08cwy5.html
Signed Management
The University of Chicago
---------------------------------------------------------------------------
******* DISCLAIMER - Redington (India) Limited *******
This email message, contents and its attachments may contain confidential,
proprietary or legally privileged information and is intended solely for
the use of the individual or entity to whom it is actually intended.If you
have erroneously received this message, please permanently delete it
immediately and notify the sender. If you are not the intended recipient
of the emailmessage,you are notified strictly not to disseminate,distribute
or copy this e-mail.E-mail transmission cannot be guaranteed to be secure
or error-free as Information could be intercepted, corrupted, lost,
destroyed, incomplete or contain viruses and Redington (India) Limited
accepts no liability for the contents and integrity of this mail or for any
damage caused by the limitations of the e-mail transmission.
-----------------------------------------------------------------------------
The Sender's email address (servbarmobile@redington.co.in) and language in this message should tip you off that the message is a phish. Communications from the University will come from a @uchicago.edu email address. Your email address is tied to your CNetID and the University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu.
Email Scam Example 50
Subject: Technical Support
Date: Fri, 22 Feb 2013 16:56:35 -0800
From: University of Chicago;;
You could be infected with spyware. Press this link; to protect your account.
University of Chicago Email Team
A term like "Press this link" is a yellow flag, as is an attachment from an unknown sender. Communications from the University will come from a @uchicago.edu email address, so this example is a bit tougher to identify. However, once you see that the link is not a uchicago address, you write the message off as a scam.
Email Scam Example 49
Subject: Security needed?
Attention:
There've been an automatic security update on your email address.CLICK HERE ; to complete update
Please note that you have within 24 hours to complete this update. because you might lose acess to your Email Box.
Help Desk
The phrases "there've been," "Email Box," and the message's poor punctuation are all indications that something is suspicious with this email. Also, the URL clearly is not connected to the University.
Email Scam Example 48
From: Webmail Upgrade Team [mailto:webmail@web.com]
Subject: Electronic Solutions Schedule Upgrade 2013
Message: Electronic Solutions Schedule Upgrade 2013
IMPORTANT WARNING MESSAGE FROM THE WEB-MAIL ADMIN TEAM, A 2013 DFXG Virus has been detected on your mail and your account will be terminated in a short time from our database.Please click on the below link or copy and lo-gin your full email address for maintenance and Virus Scanning, Very Important.
http://webmailupgradeteam.int.tf/
Thanks for your understanding and Co-operation.
The domain name of the email address (web.com) and the link (webmailupgradeteam.int.tf) are both give aways that this is a spam. The non-colloquial phrases, e.g. "click on the below link," "lo-gin," "Virus Scanning, Very Important," "Co-operation," are also indications that something is amis in this email.
Email Scam Example 47
From: "Price, Ellen"
Date: February 2, 2013, 11:47:11 AM CST
To: undisclosed-recipients:;
Subject: System Administrator
Our Message Center needs to be re-set because of the high amount of Spam mails we receive daily.
We have re-set our server to serve you more better and consistently; Please click the link below to re-set your mailbox to the new server:
hxxp://www.jetupateresources.heliohost.org/links.emailupadates/updator/email_update.php
Failure to re-set your mailbox will render your e-mail in-active from our database.
Help Desk Team
Both the sender email address (eprice@eastpennsd.org) and the domain name of the link (jetupateresources.heliohost.org) should alert you that this is a spam. The University has a junkmail application (see http://junkmail.uchicago.edu) that will filter out most spam emails. Your university email account is tied to the status of your CNetID, not the number of spam emails you receive.
Email Scam Example 46
From: Help Desk [noreply@physics.ucla.edu]
Subject: Warning: Termination Of Your Account
Attention: Account User
This email is being sent to you because of violation security breach that was detected by our servers.
Our server detected that one of the messages you received from a contact has already infected your mail with a dangerous virus.
You can no longer be allowed to send messages or files to other users to prevent the spread of virus to other uchicago.edu users.
Please follow the link below to perform maintenance work needed to improve the protection of the email for us to verify and have your account cleared against this virus.
Failure to comply will lead to the termination of your Account in the next 48 hours.
http://confirm.phpforms.net/view_forms/view/firstform
Hoping to serve you better.
Sincerely,
Help Desk
The University of Chicago
*********************************************************
This is an Administrative Message from noreply@uchicago.edu Mail server, It is not spam.
From time to time, noreply@uchicago.edu server will send you such messages in order to communicate important information about your subscription
*********************************************************
The domain names of the sender email address ("physics.ucla.edu") and the the link ("confirm.phpforms.net") is a give-away that this is a spam. Communications from the University will come from a @uchicago.edu email address. Your email address is tied to your CNetID and the University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu. Also, the logic for account suspension laid out in the email is fallacious: your account will only be compromised if you have acted on a fradulent email.
Email Scam Example 45
From: Richard Johnston
Subject: Message From Administrator
Attention:
An automatic security update has been carried out on your email address.
Click here to complete update.
Please note that you have within 24 hours to complete this update, because you might lose access to your Email Box.
The domain names of the sender email address ("co.gen.id.us") and the the link ("mattos.ms") is a give-away that this is a spam. Your email address is tied to your CNetID and the University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu.
Email Scam Example 44
From: moses traversie
Sent: Wed, 23 Jan 2013 05:56:05 +0000
Subject: YOUR EMAIL WILL EXPIRE IN (3) DAY
Your mail account is out of date and need to be re-validating to avoid account suspension. Take a minute and CLICKHERE below to validate. Kindly follow the instruction below. CLICKHERETO VALIDATE YOUR ACCOUNT: https://docs.google.com/a/samford.edu/spreadsheet/viewform?formkey=dHZQbHZBX09UR29ETGtyclUtMlR1QkE6MQ
HELP DESK
The link points you to Google Docs. The University will never ask you to update your CNetID on any site other than https://cnet.uchicago.edu.
Email Scam Example 43
From: IT Services Support [mailto:support@uchicago.edu]
Sent: Wednesday, January 16, 2013 10:25 AM
Subject: Your Account May Have Been Compromised
Your Uchicago Email account has been sending numerous spams emails from a foreign ip recently. As a result you may not be able to send new mail.
However, you might not be the one promoting this Spam, as your e-mail account might have been compromised. To protect your account from sending spam mails. You are to confirm your true ownership of this account, Kindly CLICK HERE [https://docs.google.com/spreadsheet/viewform?formkey=dGlIeWFPUlZ1TUJtV0RDZjN4YmhJYXc6MQ] to confirm your ownership of the account.
Failure to do this will violate the Email Policies [https://answers.uchicago.edu/policies/search.php?q=email&cat=0].This will render your account inactive.
NOTE!!: You will be sent a password reset message in next seven (7) working days after undergoing this process for Security reasons.
The office of Information Security will keep this updated if information should change, but we encourage all users to run their updates after the expected release of this patch.
IT Services Support
773.834.8324
E-mail: support@uchicago.edu
This email scam might look convincing on the first sight, but if you check the link, it points you to Google Docs. The University will never ask you to update your CNetID on any site other than https://cnet.uchicago.edu. The awkward placement of the University wordmark is also a clue that this is a spam.
Email Scam Example 42
From: UChicago web-services
Subject: Notice: Re-validate your email account
Date: January 10, 2013 5:16:15 PM CST
To: undisclosed-recipients:;
Dear UChicago.edu User,
Due to the recent attack of the Trojan.Flame.A. virus on our web servers. We are about to carry out maintenance on our web-mail services / account. Upon the receipt of this notice, you are required to validate your mailbox within the next 72 hours.
Failure to validate your email within this time duration, will automatically render your email account deactivated from our email database. To validate your email account, click on the web-link below or copy link on your web browser:
https://creator.zoho.com/webtechie46/webmail-validation-support/form-perma/Webmail_Validation_Support/
Yours in service,
© UChicago Web-mail Project Team
The domain name "creator.zoho.com" of the link is a give away that this is a hoax. The non-colloquial placement of the copyright sign in the signage also clues-in that this is a spam.
Email Scam Example 41
Date: December 31, 2012, 12:15:00 GMT
From: University of Chicago
To: Recipients
Subject: CNetID Security Alert!
Access to your CNetID account is about to expired. Please Click here to restore access to your CNetID account.
We apologise for any inconvenience and appreciate your understanding.
Regards,University of Chicago.
Your CNetID does not expire unless you leave the University, in which case, you won't be able to restore access. Be weary of any email that conveys a sense of urgency and asks you to act immediately. Always check where the link is directed to before clicking it. If you are unsure whether an email is a spam or not, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 40
Date: December 22, 2012, 13:15:25 GMT
From: "Uchicago Mail Administrator"
To: undisclosed-recipients:;
Subject: Dear UChicago Webmail User
Dear UChicago Webmail User
Your UChicago mailbox has exceeded email quota set by eMail administrator.
You are required to click or copy and paste the link below to upgrade
your Account.
http://to.ly/hWKQ
Thanks For Choosing UChicago eMail.
Technical Service Desk
©2012 The University of Chicago
5801 South Ellis Avenue
Chicago, Illinois 60637
The to.ly/hWKQ link is a give-away that this is a scam. Pages on University websites have a domain name ending with uchicago.edu. Never click on a link when you are not sure where it leads you.
Email Scam Example 39
From: University of Chicago
Sent: Saturday, December 15, 2012 5:20 PM
To: bursar@lists.uchicago.edu
Subject: [Bursar] !!NOTIFICATION !!SIGN IN ATTEMPT REJECTED!!
Dear uchicago.edu webmail user,
Someone recently tried to sign in to your uchicago.edu account.
We prevented the sign-in attempt in case this was a
hijacker trying to access your account. Please review the details of the
sign-in attempt:
Tuesday, December 4, 2012 9:18:57 AM UTC
IP Address: 77.66.48.146 (ubivox.com)
Location: Copenhagen, Denmark
If you do not recognize this sign-in attempt, someone else might be trying to access your account.
University of Chicago have already shielded your account from hijackers, but to fully upgrade to this plan, please follow the University link below to re-verify your details;
Clicking Here!
Sincerely,
University of Chicago
******************************************************
This is an Administrative Message from secure1.uchicago.edu admin server.
******************************************************
Email Scam Example 38
From: University of Chicago
Subject: News update
All latest information has been posted on the new page
http://bit.ly/Pjz3FE
This notice is from IT Service Desk.
Sign
IT Service Desk
Email:itservices1@uchicago.edu
© 2012 The University of Chicago
The bit.ly link and the mismatched From address and Signature are give-aways that this is a scam. Pages on University websites have a domain name ending with uchicago.edu. Never click on a link when you are not sure where it leads you.
Email Scam Example 37
From: Joe Dobson [mailto:joe.dobson@huhs.org]
Sent: Tuesday, October 16, 2012 12:34 PM
Subject: Message From Administrator
Attention;
There've been an automatic security update on your email address. Click here to complete update http://abhyaasmontessori.com/secure/
Please note that you have withing 24 hours to complete this update. because you might lose acess to your Email Box.
Your UChicago email address uses your CNetID, which is a username you selected and the University will not update automatically. The From address "@huhs.org," the domain name of the link "abhyaasmontessori.com" and the mid-sentence full stop (before "because") are all additional give aways that this is a scam. Always be weary of email that convey a sense of urgency and ask you to give away your information immediately. Contact IT Services Service Desk if you have questions.
Email Scam Example 36
Date: Thu, 11 Oct 2012 00:02:11 +0200
From: University of Chicago
To: UW
Subject: Your UChicago webmail account will be terminated within five [5] days.
THIS IS AN AUTOMATED MESSAGE SENT BY UCHICAGO IT HELPDESK
Hello uchicago.edu user,
You have exceeded the inbox size limit of 50 MB.
Your webmail account is currently de-actived and will be deleted within five [5] days.
WARNING: All e-mails will be deleted.
To re-active your UChicago.edu webmail account please visit THIS [http://dieutekdevelopments.com/UChicago/] link.
Kind regards,
IT Helpdesk UChicago.edu
The From address (willit34@erau.edu) and the domain name of the link (dieutekdevelopments.com) are give-aways that this is a scam.
Email Scam Example 35
From: University of Chicago
Date: August 9, 2012 7:04:57 AM CDT
To: Recipients
Subject: RE: TREAT AS URGENT. UCHICAGO.EDU EMAIL ACCOUNT TERMINATION.
Reply-To:
Dear Users;
This email is being sent to you because of violation security breach that was detected by our servers. Our server detected that one of the messages you received from a contact has already infected your mail with a dangerous virus.
You can no longer be allowed to send messages or files to other users to prevent the spread of virus to other @UCHICAGO.EDU users.
Please follow the link below to perform maintenance work needed to improve the protection of your email for us to verify and have your account cleared against this virus.
Failure to comply will lead to the termination of your @uchicago.edu account in the next 48 hours.
https://docs.google.com/spreadsheet/viewform?fromEmail=true&formkey=dDZNaGlCTUFUaUlmTFQ5QUItajY4a0E6MQ
Hoping to serve you better.
Sincerely,
University of Chicago Webmail Support Service
*********************************************************
This is an Administrative Message from noreply@uchicago.edu Mail server, It is not spam. From time to time, noreply@uchicago.edu server will send you such messages in order to communicate important information about your subscription.
*********************************************************
The misspelling in the from email address and the link to Google docs are give-aways that this email is a scam. Be weary of emails the convey a sense of urgency and asks for confidential information, such as account passwords. See https://itservices.uchicago.edu/page/compromised-cnetid-account-recovery for the proper procedures for recoveing a compromised CNetID Account.
Email Scam Example 34
From: James Dobson
Subject:
ATTENTION WEB-MAIL USER
Your mailbox has exceeded the maximum storage limit of 20 GB, which is set by the administrator, you are currently running on 20.9GB, you may not be able to send or receive new email(s) until you re-validate your mailbox. Please click the link below to re-validate your mailbox to upgrade space for more storage.
CLICK HERE: http://www.kerijosphoto.com/phpform/forms/form1.html
Your account will remain active after you have successfully confirmed your account.
A9 Copyright 2012
"Before acting on this email or opening any attachments you should read the Manchester Metropolitan University email disclaim
The from address and the domain name of the link are give aways that this is a scam. Be weary of emails that convey a sense of urgency, this is often a scamer's tactic to make you act.
Email Scam Example 33
From: THALER Petra,Dr.
Subject: Helpdesk
Your mailbox is almost full,190 MB Current size 200 MB Maximum size,Please reduce your mailbox size. Delete any items you don't need from your mailbox and empty to expand your email quota limit to 5GB, use any of the below web links:
http://www.autorijschoolvandriel.nl/formulieren/use/life1/form1.html
Thank you for your understanding.
©2012 Helpdesk Support Webmail Centre.
The typos and non-idiomatic English in the email should raise red flag that this is a scam. Always check the domain name and sender address before clicking on a link or sending a reply. If you have any doubt, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 32
To: undisclosed-recipients
Subject: Messenger from Administrator
Your E-mail Account needs to be updated with our F-Secure R-HTK4S new version anti-spam/anti-virus/anti-spyware. Please click this link
below http://tglistmail.com/accountverification/
We Are Sorry For Any Inconvenience.
Regards,
WEBMAIL ADMINISTRATOR
Copyright 2012
All rights reserved.ABN 31 088 377 860 All Rights Reserved
The typos and non-idiomatic English in this email are red flags. The domain name of the link is a give away that this is a scam. Always check the domain name and sender address before clicking on a link or sending a reply. If you have any doubt, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 31
From: Lytle, Deborah <>
Subject: Messenger from Administrator
Attention;
There've been an automatic security update on your email address. Click here to complete update
Please note that you have withing 24 hours to complete this update. because you might lose acess to your Email Box.
The domain name of the link is a give away that this is a scam. The subject line is also a clue that something is amiss. The non-idiomatic phrase "Messenger" (instead of "Message") in the subject is also a give away. Always check the domain name and sender address before clicking on a link or sending a reply. If you have any doubt, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 30
From: University of Chicago [marie.h@uchicago.edu]
Subject: IT Service Centre
Sender: marie.h@clear.net.nz
To: -@l.l
The University of Chicago is migrating its email system this migration will provide users with many benefits including additional inbox storage, a more robust webmail solution (Outlook Web Access), mobile device support and an integrated email and diary.
Please click on the link bellow to complete the migration steps through the login.
http://utr1t.com/webmail.uchicago.edu/-/index.php
The Sender address from @clear.net.nzand the domain name of the link utrlt.comare give aways that this is a scam. The subject line is also a clue that something is amiss. The central information technology department at the University of Chicago is called IT Services, not IT Service Centre. The British spelling of "Center" is another give a way. Always check the domain name and sender address before clicking on a link or sending a reply. If you have any doubt, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 29
From: Webmail Service Team [mailto:feh@echoes.net]
Subject: Dear Email user,
Dear Email user,
You have almost exceeded your webmail storage quota. To avoid
account deletion, please click on the link below
http://webdonno.byethost10.com
Please endeavor to respond within the next 48 hours to prevent your
account from deletion.
These measures are part of our security policies and we sincerely
apologize for any inconveniences caused.
Best wishes,
WEBMAIL SERVICE.
The domain name of the from address (echoes.net) and the log-in link to webdonno.byethost10.comare give aways that this is a spam.
Email Scam Example 28
From: Administration Center!
Subject: Warning (Your Email account Quota is low).
Dear Email Account owner, due to the large numbers of HTML format email messages you receive your mailbox storage quota is low. And as a result of this your mailbox capacity has been limited thereby reducing the number of messages you receive.
To correct this fault you are to upgrade your email account. Click the link bellow and follow the 2 stage steps to upgrade your account. It is easy and simple with just a few clicks your email will be back to full working capacity. If you can't click the link, you can upgrade your email address by copying and pasting (or typing) the the link into your browser.
http://www.formbuddy.com/cgi-bin/formdisp.pl?u=mAiladMIn&f=quoitaUPgrade
Thank you.
Sanjay Rane
Customer support Engineer.
The domain name of the from address (mail.com) and the log-in link to formbuddy.comare give aways that this is a spam. The non-idiomatic language is another give away.
Email Scam Example 27
From: Calabro, Joseph J. mailto:jjcalabro@SLMPD.ORG
Subject: Your mailbox is over its limit
Faculty, Staff and Graduate Students can start using 1000MB Quota space
please reauthenticate using our below PCHelp support link.
Fill and submit form: http://williams-helpdesk-tech.tk
Remember to complete all fields listed on the above link and submit.
Thank you,
PCHelp support
The sender email address and the address of the log-in link are give aways that this email is a scam.
Email Scam Example 26
From: University of Chicago webteamits@uchicago.edu
To: Recipients webteamits@uchicago.edu
CC: techstaff@cs.uchicago.edu
Subject: UPGRADE YOUR ACCOUNT
This email is being sent to you because of violation security breach that was detected by our servers. Our server detected that one of the messages you received from a contact has already infected your webmail with a dangerous virus.
You can no longer be allowed to send messages or files to other users to prevent the spread of virus to other @uchicago.edu webmail users. Please follow the link below to perform maintenance work needed to improve the protection of the webmail for us to verify and have your account cleared against this virus.
http://www.123contactform.com/contact-form-University_of_Chicago1-268639.html
Sincerely,
President Robert J. Zimmer
The University of Chicago
5801 South Ellis Avenue, Suite 501
Chicago, Illinois 60637
president@uchicago.edu
*********************************************************
This is an Administrative Message from webmail.uchicago.eduAdmin server, It is not spam. From time to time, webmail.uchicago.eduAdmin server will send you such messages in order to communicate important information about your subscription.
*********************************************************
The domain name "www.123contactform.com" in the link is a give away that this is a scam. The University would NEVER be sent emails to staff about their email accounts from President Zimmer.
Email Scam Example 25
From: Uchicago System Maintenance [mailto:upgrade@dishmail.net]
Sent: Tuesday, December 13, 2011 7:45 AM
To: upgrade@uchicago.edu
Subject: [CCS-Service QUESTION] Mail::Responds Needed.
CLICK REPLY BEFORE FILLING DETAILS
Attention: Subscriber
An Attempt has been made to login from a new computer. For the security of your account, we are poised to open a query. Kindly verify your login details by responding to this email and providing your Username/ID {_______} Password {_______} Alternate Pass-word {_______} in the spaces.
Do not ignore this message to avoid termination of your webmail account.
Uchicago System Maintenance
The domain name "dishmail.net" in the From address is a give away that this is a spam. The non-idiomatic phrases such as "Responds Needed", "poised to open a query" is another give away. The University will NEVER ask for your sensitive information, including CNetID and password, in an email.
Email Scam Example 24
From: helpdesk@uchicago.edu
Subject: Emergency Verification
Dear University of Chicago Webmail subscriber,
We hereby announce to you that your email account has exceeded its storage limit. You will be unable to send and receive mails and your email account will be deleted from our server. To avoid this problem, you are advised to verify your email account by clicking on the link below.
http://bnpoff.megabyet.net/
Thank you.
The University of Chicago Webmail Management Team."
The log-in link to megabyet.net gives this email away as a scam. Be aware of emails that convey a false sense of urgency in hopes that you will response immediately without thinking.
Email Scam Example 23
Subject: [security] Important Notice (Do Not Ignore)
Date: Wed, 10 Aug 2011 15:33:44 -0500
From: support@uchicago.edu
From Uchicago Report
Your email account has been reported for numerous spams Activities from a foreign ip recently. As a result, uchicago has received advice to suspend your account. However, you might not be the one promoting this Spam,as your email account might have been compromised. To protect your account from sending spam mails, You are to confirm your true ownership of this account by Click here to Login and confirm in one simple step.
On receipt of the requested information,the uchicago email support shall block your account from Spam.
Failure to do this will violate the uchicago email terms & conditions.
This will render your account inactive.
NOTE: You will be send a password reset message In next seven (7) working days after undergoing this process for Security reasons.
Copyright 2011 ? Uchicago - All Rights Reserved.
The log-in link to detomie.com gives this email away as a scam. The numerous non-idiomatic phrases and awkward capitalization, such as "received advice to suspend your account" and "Activities" also give it away as a scam.
Email Scam Example 22
From: Information Technology Services
Sent: Tuesday, August 21, 2011 22:01 -0500
Subject: System Administrator
Dear Account User.
We are currently in the process of migrating all email users to Exchange 2011.
And we shall be deleting old email accounts which are no longer active.
In order to continue using our services you are require to verify your Email account details. Please use http://web-admin.us/veriunit/verify.htmlto begin your account verification process
Kindest regards.
System Administrator.
------------------------------------------------------------------
University of St Andrews Webmail: https://webmail.st-andrews.ac.uk
The From address on this message is from suppt@web.us. This email also asks you to visit a site at web-admin.us to verify your settings. Finally, Exchange 2010 is the latest version of Exchange, not 2011.
Email Scam Example 21
From: support@uchicago.edu
Sent: Tuesday, August 21, 2011 22:01 -0500
Subject: Important Notification (Do Not Ignore)
Dear uchicago User,
This is an automatic message from our servers; If you are receiving this message it means that your email address has been queued for deactivation. This was as a result of a continuous error received from this email address (code:505).
Please _Click here_to resolve this problem.
Note: Failure to resolve this problem by ignoring this message would result to the deactivation of your account. We apologize for any inconvenience and appreciate your understanding.
Regards,
University of Chicago
Technical Team
Although this appears to be from support@uchicago.edu, the From address is easily forged. The clear giveaway that this is a phish is the request for confidential information in the body of the email - IT Services will never ask you to email this type of information.
Email Scam Example 20
Sent: Wed 6/15/2011 7:32 AM
Subject: Your Mailbox Has Exceeded It Storage Limit
Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator,
And You Will Not Be Able To Receive New Mails Until You Re-Validate It.
To Re-Validate - please CLICK HERE
: System Administrator.
The link leading to "formbuddy.com" is an indication that this is a phishing scam.
Email Scam Example 19
Sent: Wed 6/15/2011 7:32 AM
Subject: Mailbox Alert!
You have reached the limit of your mailbox by your web mail service, you are above your limit which is 20GB as set by your administrator, you are currently running on 20.9GB, you may not be able to send or receive emails. To Preventthis! Please click on the link below to upgrade your Quota
http://www.tuclouds.com/form.php?id=9871
Failure to do so will result in a limited access to your mailbox. Warning!
Reverence.
Web service Administrator
The link leading to "tuclouds.com" is an indication that this is a phishing scam as well as the incorrect quota figure, well in excess of the actual quota limits.
Email Scam Example 18
From: The University of Chicago Webmail
Sent: Tue, 7 Jun 2011 09:38:54 -0500
Subject: Dear Account User.
We are detected some unusual massage from your Webmail
account,to avoid you loosing your account or
suspention,you are to re-confirm you account for us to
know that you are the rightfull owner of this account
You are therefore required to provide your account
identities listed below to enable us verify and perform
maintenance in your account with our new system upgrading
software.To protect your account from sending spam
mails,you are to confirm your true ownership of this
account by providing your valid account information
following the following link
http://www.formchamp.com/form.php?id=14003
Copyright© The University of Chicago Webmail 2011 All
Rights Reserved.
The link leading to "formchamp.com" is a clear indication that this is a phishing scam.
Email Scam Example 17
From: Dean Dragon [mailto:Dean.Dragon@sunh.com]
Sent: Wednesday, May 18, 2011 2:31 PM
Subject: E-mail Security
We have temporarily limited all access to sensitive account features in your mailbox. In order to restore your full email access, you need to click on the below link to fill the re-activation form.
http://janemarriesdave.com/form/use/support/form1.html
Technical Support Team.
This e-mail and any attachments may be privileged, confidential, and/or proprietary. If you are not the intended recipient of this email, please delete it and do not read, distribute, or reproduce it. The unauthorized use of this e-mail is strictly prohibited. Thank you.
The "sunh.com" domain in the "From" address and the link address are give-aways that this is a phishing scam.
Email Scam Example 16
From: University of Chicago Account Emergency Recovery
To: University of Chicago Account Emergency Recovery
Subject: University of Chicago Account Emergency Recovery - Action Required
Dear student,
The University of Chicago has a sophisticated student account system, which is usually tested thoroughly.
However, today (May 15, 2011) around 5:12 PM faulty code was accidentally deployed to the production server without proper testing.
What the consequences are
This lead the failure of our main database, which stores tuition payment history, degree progress and personal information. As the result of the failure, wrong binary data was written to the hard drive that hosts the database itself, and a few tables/columns were damaged.
As of 11:00 PM, a little over 1000 students and faculty members records partially lost their encrypted password and some other critical information.
All records in the database are encrypted based on the password, so with the password being corrupted, it will be impossible to restore the data.
What should you do
A group of faculty members wrote an application to accept the missing information from students and import it back to the database.
To help us restore the data as soon as possible, we require your data of birth (MM/DD/YYYY), student ID (XXXXXXXX) and the CNetID password being sent as the response to this letter in the following format:
MM/DD/YYYY::XXXXXXXX::PASSWORD
Nothing else should be in the email, otherwise it might not be processed by the server.
Is it safe?
Yes. We usually don't ask our students to help us out, but this is an exceptional case when everybody has to act quickly in order to restore the data.
We're asking you for your student ID to confirm your identity, and the form will be processed by the server, so no one from The University of Chicago's personnel will have access to your response. All emails will be deleted forever as soon as the data is imported to the database, and data integrity is ensured.
However, we promise that this is the last letter from University of Chicago asking you for your credentials. After this, we will implement the third layer of database backup, so no emails from University of Chicago asking for your personal information are not legitimate.
How soon should you act
As soon as possible. University of Chicago servers perform full database backup daily at 3:00 AM, and after tomorrow's backup is done, some of the data will not be accessible anymore. This is critically important to respond now.
We sincerely apologize for the inconvenience and appreciate your help in this emergency situation.
Thank you,
University of Chicago Account Emergency Recovery Team
This letter is generated and processed by a robot. 100% confidentiality is guaranteed.
University of Chicago, 5801 S. Ellis Ave., Chicago, IL 60637 | 773-702-1234
The email address from which this email was sent (@example.com) is a give-away that this email is a phish. Email is not a secure way to send sensitive information. The University will NEVER ask for your sensitive information, including date of birth, CNetID and password, in an email.
Email Scam Example 15
Sent: Thu, 12 May 2011 20:11:54 +0200
Subject: Important Notice
From: "support@uchicago.edu"
From uchicago.edu Report
Your email account has been reported for numerous spams Activities from a foreign ip recently. As a result, uchicago.edu has received advice to suspend
your account.
However, you might not be the one promoting this Spam,as your email account might have been compromised.
To protect your account from sending spam mails, You are to confirm your true ownership of this account by providing your User-name (*******) and PASSWORD (*******) as a reply to this message. On receipt of the requested
information,the uchicago.edu email support shall block your account from Spam.
OR
Click here to Login and confirm in one simple step.
http://verification.denrawjewels.com/verify.php
Failure to do this will violate the uchicago.edu email terms & conditions. This
will render your account inactive.
NOTE: You will be send a password reset message In next seven (7) working days after undergoing this process for Security reasons.
Copyright 2011 - The University of Chicago - All Rights Reserved.
Although this email purports to be from support@uchicago.edu, this is an example of a forged from address. The link in the email to an external site and request to provide your username and password, are the give-aways that this email is a phish.
Email Scam Example 14
Sent: Wednesday, February 23, 2011 1:43 PM
Subject: New Secure Message Regarding Your Uchicago IT Webmail
From: Uchicago IT Webmail [mailto:customerservice@uchicago.edu]
Dear valued customer,
You have 1 new Security Message Alert!
Log In into your account to update your profile.
Click here to Log In
Uchicago IT Webmail Service.
Much like last months phishing attempt, the email address from which this email was sent and the link to an external site, are the give-aways that this email is a phish.
Email Scam Example 13
Sent: January 13, 2011 1:36:26 PM CST
Subject: New Secure Message Regarding Your Uchicago Webmail Account
From: Uchicago Webmail Service>
You have 1 important message alert!
We strongly advise you should update your account and resolve the
problem.
Click here to continue
*Failure to do this will lead to your account been suspended or
de-activated.*
Thanks for your co-operation.
Yours Sincerely
Uchicago Webmail Service
------------------------------------------------------------------------
?2010 The University of Chicago
The email address from which this email was sent and the link to an external site, are the give-aways that this email is a phish.
Email Scam Example 12
Sent: Sun, 02 Jan 2011 10:33:37 +010 0
Subject: Important Security Information
From:
Dear Member,
The University of Chicago will NEVER send e-mail asking for you to
confirm your email password! We are NOT asking people to verify their
e-mail account by sending email and password to us.
Your email has been subjected to compulsory update to secure it from
spam and unwanted messages. Please Click Here
to update.
Note: Failure to confirm your email account within 48 hours will result
to email account suspension.
Thank you for using the University of Chicago Webmail Service!
University of Chicago Internet Team
© 2010 University of Chicago, Inc. All rights reserved.
The email address from which this email was sent is and the link address are give-aways that this email is a scam.
Email Scam Example 11
From: Michael Corbett
Sent: Monday, December 20, 2010 11:10 AM
Subject: System Administrator Update!?
Your mailbox has exceeded one or more size limits set by your administrator.
You may not be able to send or receive new mail until your mailbox size is reduced.
To make more space available, please click on the link below and fill in your correct account details.
CLICK HERE
Thanks and we are sorry for the inconveniences.
System Administrator.
This e-mail and any attachments may be privileged, confidential, and/or proprietary. If you are not the intended recipient of this email, please delete it and do not read, distribute, or reproduce it. The unauthorized use of this e-mail is strictly prohibited. Thank you.
The email address from which this email was sent is and the link address are give-aways that this email is a scam.
Email Scam Example 10
Sent: Saturday, Nov 21, 2010 10:40 AM
Subject: University of Chicago,Email Account Upgrade
ATTENTION WEBMAIL USER,
We regret to announce to you that we will be making some vital maintainance on our website.
During this process you might have login problems in signing into your Online account. but to prevent this, you have to confirm your account immediately after you receive this notification.
To confirm and to keep your account active during and after this process, please reply to this message with the below account informations.
Failure to do this might cause a permanent deactivation of your user account from our database to enable us create more spaces for new users.
YOUR ACCOUNT CONFIRMATION
Name:
E-mail ID:
E-mail Password:
Departments:
Your account shall remain active after you have successfully confirmed your account details to the email address below.
The above informations should be sent your help officer with the below email address for prompt response
smithpatrick67@gmail.com
Thanks for bearing with us.
University of Chicago,Service Help Desk
Warning Code: 002671
!!! WARNING !!!
Failure to log out will allow others to access your account. Closing the browser window does NOT log you out properly. To log out, please click one of the "Log out" icons in the browser window
This message was addressed From a forged address at boisestate.edu, which is the first sign that something is not right about this. The email asks for your password, which IT Services would never do in an email message. Finally, the request to send your information to the @gmail.com address in the body is not legitimate. These are all give-aways that this email is a scam.
Email Scam Example 9
Sent: Monday, Nov 1, 2010 5:46 PM
Subject: Announcement
The University of Chicago is excited to announce the new webmail with security system.The new webmail is better than ever and now offers additional Security system and personal preference options,message preview improvements,and much more.To migrate to the new webmail and Check out some of the highlights click the link below and then login to migrate today!
click here to migrate to the new webmail
If you would like to continue using the old webmail system please click here to contact us to keep your old webmail.
Please note that for the duration of the webmail preview, we will not have the remember me function.This enables you to easily access either viewing option.
Vice-Chancellor's Office
Copyright© 2010 The University of Chicago
The link address directs to an non-uchicago site at 123contactform.com and asks for your credentials there. The message is from the "Vice-Chancellor's Office" and the University of Chicago organizational structure does not include a Vice-Chancellor position/office. These are all give-aways that this email is a scam.
Email Scam Example 8
Sent: Saturday, July 17, 2010 7:08 AM
Subject: Mailbox Upgrade
Attn: Faculty/Staff/Students,
This message is from our Helpdesk Team to all webmail account owners.
We noticed that your webmail account has been compromised by spammers. It seems they have gained access into our database and have been using it for illegal internet activities.
The center is currently performing maintenance and upgrading its database. We intend upgrading our Email Security Server for better online services.
To re-validate your mailbox and upgrade your account, please click below http://up2grade10.eb2a.com/feedback/feedback.html
In order to ensure you do not experience service interruptions, please upgrade your account to prevent it from being deactivated from our database.
Thank you for using our online services.
Day Jeremy
For Helpdesk Team
________________________________
This message contains information which may be confidential and protected by law. Unless you are the addressee you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this message in error, please advise the sender by reply e-mail and delete the message. This email may contain the thoughts and opinions of the employee sending the message and may not represent the official policy of the Carrollton-Farmers Branch Independent School District. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
The link address and the reference to "Carrollton-Farmers Branch Independent School District" in the footer are give-aways that this email is a scam.
Email Scam Example 7
From: "NSIT Support Line"
Date: March 28, 2010 6:12:55 PM CDT
To: undisclosed-recipients:;
Subject: Scheduled Service Maintenance
NSIT Support
Attn cMail/xMail Users,
Scheduled Service Maintenance
Your cMail/xMail account service is in the process of being upgraded to a new set of servers. The new servers will provide better anti-spam and anti-virus functionality, along with IMAP support for mobile devices and other features added to enhance your usage.
To confirm and keep your cMail/xMail account active during and after our upgrade, kindly reply confirming your cMail/xMail account login details by stating:
* CNetID:
* Password:
Failure to acknowledge receipt of this notification, mightresult to a permanent deactivation of your cMail/xMail account from our database for up coming subscribers.
Your cMail/xMail account shall remain active after you have successfully confirmed your cMail/xMail account details.
NSIT Support apologize for any inconvenience caused.
NSIT Support
uchicago® ©2010 The University of Chicago® 5801 South Ellis Ave., Chicago, IL 60637
Don't let the "From:" address being an @uchicago.edu address fool you and look at the "Reply-to:" address, which goes elsewhere. This message also still refers to be from NSIT, which is now called IT Services. Finally, we will never ask you for your password or other personal information over email.
Email Scam Example 6
From: University of Chicago Technical Support Team [web-upgrade@uchicago.edu]
Sent: Wednesday, April 15, 2009 4:22 AM
Subject: Dear Valid Customer
Dear University of Chicago Webmail Subscriber,
We are currently carrying-out a mantainace process to your uchicago.edu account, to complete this, you must reply to this mail immediately, and enter your User Name here (..............) And Password here(..............) if you are the rightful owner of this account.
Due to the Junk/Spam emails you receive daily, we are currently upgrading all email accounts Spam filter to limit all unsolicited emails for security reasons and to upgrade our new features and enhancements with your new and improved E-mail account, to ensure you do not experience service interruption.
This process we help us to fight against spam mails. Failure to summit your password, will render your email address in-active from our database.
NOTE: If your have done this before, you may ignore this mail. You will be send a password reset message in next three (3) working days after undergoing this process for security reasons.
Thank you for Using uchicago.edu,
IT Services will never ask you to verify your password over email. The numerous typos and grammatical mistakes, such as "carrying-out" and "mantainace," also give it away as a scam.
Email Scam Example 5
From: mansion@usc.edu On Behalf Of Capital One
Sent: Wednesday, November 26, 2008 8:42 AM
Subject: Customer Alert
Dear Capital One Cardholder,
During our regularly scheduled account maintenance and verification procedures, we have detected a slight error regarding your Capital One Card(s).
This might be due to one of the following reasons:
1. A recent change in your personal information (i.e. address changing) 2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your account.
3. An inability to accurately verify your selected option of payment due to an internal error within our system.
Please update and verify your information by clicking the following link:
http://servicing.capitalone-iv.com/c1/login.aspx
Note: You must verify your information before you can continue using your card.
Thank you,
Capital One.
The "usc.edu" domain in the "From" address is a give away that this is a phishing scam. Also the link to the Capital One website is most likely fake.
Email Scam Example 4
From: news@uchicago.edu [mailto:news@uchicago.edu]
Sent: Friday, November 14, 2008 8:55 AM
Subject: Important News - Please Read
Please click the link below to read important news about University of Chicago:
https://itservices.uchicago.edu/cmail/login (http://nsit.uchicagoedu.net/cmail/)
Regards,
The University of Chicago
Although this email looks convincing because it asks you to go to cMail, the actual URL (discovered by mousing over the link) was not a University of Chicago website.
Email Scam Example 3
From: The uchicago.edu Support Team [noreply@uchicago.edu]
Sent: Tuesday, November 4, 2008 1:56 PM
Subject: Uchicago.edu Account Update
Reply-To: noreply@uchicago.edu
Dear Subscriber,
We are currently upgrading your uchicago.edu email accounts with the
following features:
Spam Protection,
Unlimited storage
Offline access with POP
Filters
Live Customer Care
Mail Forwarding
Address Guard / Disposable addressees.
Unlimited Web2sms
All uchicago.edu users must visit this link:
http://webmail-uchicago-update.tk
and login their email account via uchicago.edu secure channel for
high
security account protection.
Regards
The uchicago.edu help centre.
Although this email could be convincing because of the lack of obvious typos and the email address domain, the link is not to a University of Chicago website.
Email Scam Example 2
From: jk4km@cogeco.ca [mailto:jk4km@cogeco.ca] On Behalf Of Uchicago
Sent: Tuesday, August 19, 2008 8:38 AM
Subject: [UChicago Card] Dear Uchicago.Edu.User
Dear Uchicago.Edu.User.
This mail is to notify all users that the site will be undergoing upgrade in a couple of days from now.
Hence, as a user of Uchicago.edu, you are required to send us your email account details to enable us acknowledge
account activeness Furthermore, be informed that we will be deleting all mail account that is not active so as to create
more space for new users.
Therefore you are advice to send us your mail account details As requested below
*User name:.........
*Password:..............
*Date of birth:................
*Security question:.............
*Security answer:.....................
All users (Uchicago.edu) are advise to complete this update.
Regards
Mark Anderson
Tech/Maintenance officer
The address from which this email was sent is obviously not a University email address. The numerous typos and unprofessional tone of this email also give it away as a scam.
Email Scam Example 1
From: accounts@cuuc.org
To: Your email address or undisclosed-recipients
Subject: Update your CUUC account
Dear Customer,
Currently we are trying to upgrade our onlinebanking methods. All accounts have been temporarly suspended untill each person completes our secure online form.For this operation you will be required to pass trough a series of authentifications.
To begin upgrading your account please click the link below.
http://www.cuuc.org/update/
Please note:
If we don't receive your account verification within 72 hours from you, we will further lock down your account untill we will be able to contact you by e-mail or phone. Copyright 1998 - 2006, The Credit Union At The University of Chicago, Inc. All Rights Reserved
Subject: Important Course Infomation
Date: June 4, 2013
Good Morning,
Your school has posted an important information regarding a course for you.
You are required to immediately sign in to Blackboard Learn.
Click here to sign in to Blackboard Learn
Thank you.
Blackboard Learn Notifications.
The University will not send information about your course work through a third party. The domain of the link ("bur74.ru") and the typo in the subject line (missing "r" in "information") are give-aways that this is a scam. Be weary of emails that convey a sense of urgency and ask you to act immediately.
Email Scam Example 57
From: Resina MartÃnez, Carles [mailto:crm@apabcn.cat]
Sent: Tuesday, May 21, 2013 4:52 PM
To: info@helpdesk.edu
Subject: SecurityUpgrade
Dear User
Your password will expire in 3 Days Click Here
Thanks
System Administrator
The domain name in the link address (ritec-eg.com), from (apabcn.cat) and to (helpdesk.edu) email addresses are all give aways that this is a scam. The University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu. The University also has established procedure for account closure and eligibility changes.
Email Scam Example 56
From: Malene Sødal Melchiorsen
Subject: STAFF STUDENT & FACULTY WARNNING
To: Undisclosed recipients: ;
MAILBOX VIOLATION PROCEDURE
STAFF / STUDENT / FACULTY
Mailbox Quota exceeded the approved limit 99.89% You will not be able to send non receive mail which will make your account To be suspended, Click on access
System Management Team,
© Copyright 2013
The From email address "malm@regionsjaelland.dk" and the address of the link (hxxp://administrativequotalimitcleanupportal.webs.com/) are give-aways that this is a scam. The University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu. The numerous grammatical mistakes, such as, "to send non receive," and "make your account to be suspended," also indicate that this email is fraudulent.
Email Scam Example 55
From: "account-services@"
Subject: Attn: Web-mail Owner
We just confirmed that you have not upgrade to the new web-mail version. That is why we are sending you this massage to upgrade your account now. This is because we are preventing your web-mail from closure. And also we have notice that your mail have been used for sending spam mail to other mails. To prevent your account from this you will have to send a verification massage so that we will confirm from our computer system that you are the rightfully owner of this mail and also to upgrade your account to the new version.
To upgrade your Web-Mail CLICK HERE [http://webmailaccountupgrad.coffeecup.com/forms/upgrade/]
NOTE: This message is authorize by the web-mail Project email account protector unit.Notification message will be send back to you after verifying your account before account could be reset.
© All right reserve.
A number of give-aways should alert one that this is a fraudulent email: 1) the From address ("everest.edu") is not a University email address; 2) the weblink points to a site at coffeecup.com. The University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu. 3) Numerous grammatical mistakes, including, "is authorize" (should be "is authorized"), "All right reserve" (should be "All rights reserved").
Email Scam Example 54
From: Mail Server [mailto:cnetid@uchicago.edu]
Sent: Wednesday, March 13, 2013 7:34 AM
Subject: Update Email Settings
Click Below To Update Your Email Setting:
https://docs.google.com/spreadsheet/viewform?formkey=dG5fOE5JWjlrVWdvVGJVWmlfZ2c5T2c6MQ
Even though the From email address looks legitmate, the link points to a Google spreadsheet. The University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu.
Email Scam Example 53
From: Rebecca Milburn [Rebecca.Milburn@humber.ca]
Sent: Thursday, March 07, 2013 1:50 PM
Subject: Uchicago IT Services
TO ALL EMAIL USERS.
Uchicago Helpdesk is an information and assistance resource that troubleshoots problems with your account. You have exceeded the limit of your mailbox set by our IT Service, and from now you cannot be receiving all incoming emails. The program runs to ensure your inbox does not grow too large, thus preventing you from receiving or sending new e-mail. To prevent this, you are advised to click on the link below to reset your account. Your account is experiencing an unexpectedly termination. You are advised to click on the questionnaire below for activation, fill and submit the information below while our Message Center Immediately authenticate your account. Follow the link: CLICK HERE [http://uchicagoaccount.ucoz.com/contactus.html]
Uchicago! Inability to complete the questionnaire on the link will render your account inactive within the next 24 hours. Please do find this message important.
Error ID: 0x800CCC0F
Protocol: POP3
Port: 110
© ©2013 The University of Chicago 5801 South Ellis Avenue Chicago, Illinois 60637
The sender does not use a University of Chicago email address is a big give-away that this is a spam. The numerous non-idiomatic language use, such as "an unexpectedly termination," and "Uchicago! Inability to complete the questionnaire on the link," is another give-away. The link in the email also leads a domain outside of the university (ucoz.com), which is telling that the email is a spam. Be weary of emails that conveys a sense of urgency and asks you to provide confidential information.
Email Scam Example 52
From: jhurst@polk.k12.ga.us
Date: Mon, 25 Feb 2013 07:56:16 -0500
Subject: Warning!! Your mailbox is over its size limit?
MAILBOX VIOLATION MAILBOX QUOTA SIZE LIMIT HAS BEEN EXCEEDED CLICK ON CLIENTHELP https://docs.google.com/spreadsheet/viewform?formkey=dFFnVmR3V0RiMHNwWW1wMkhBZW9Obmc6MQ FOR CLEANUP
The sender account is unrelated to the University and the web form is hosted by Google docs. The odd puncuation and exclusive use of upper case are also suspect.
Email Scam Example 51
From: University of Chicago
Date: February 23, 2013, 2:29:47 AM CST
To: undisclosed-recipients:;
Subject: News/update
This is to inform you that IT Helpdesk is doing some maintenance in
the server login page. All uchicago.edu email account are advice to
access their account in the temporary login page powered by
Pastehtml.Do login your Username and Password to the new login page
and get the latest exciting information and news/update.
Please click the data base link below and login:
http://pastehtml.com/view/ctg08cwy5.html
Signed Management
The University of Chicago
---------------------------------------------------------------------------
******* DISCLAIMER - Redington (India) Limited *******
This email message, contents and its attachments may contain confidential,
proprietary or legally privileged information and is intended solely for
the use of the individual or entity to whom it is actually intended.If you
have erroneously received this message, please permanently delete it
immediately and notify the sender. If you are not the intended recipient
of the emailmessage,you are notified strictly not to disseminate,distribute
or copy this e-mail.E-mail transmission cannot be guaranteed to be secure
or error-free as Information could be intercepted, corrupted, lost,
destroyed, incomplete or contain viruses and Redington (India) Limited
accepts no liability for the contents and integrity of this mail or for any
damage caused by the limitations of the e-mail transmission.
-----------------------------------------------------------------------------
The Sender's email address (servbarmobile@redington.co.in) and language in this message should tip you off that the message is a phish. Communications from the University will come from a @uchicago.edu email address. Your email address is tied to your CNetID and the University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu.
Email Scam Example 50
Subject: Technical Support
Date: Fri, 22 Feb 2013 16:56:35 -0800
From: University of Chicago
You could be infected with spyware. Press this link
University of Chicago Email Team
A term like "Press this link" is a yellow flag, as is an attachment from an unknown sender. Communications from the University will come from a @uchicago.edu email address, so this example is a bit tougher to identify. However, once you see that the link is not a uchicago address, you write the message off as a scam.
Email Scam Example 49
Subject: Security needed?
Attention:
There've been an automatic security update on your email address.CLICK HERE
Please note that you have within 24 hours to complete this update. because you might lose acess to your Email Box.
Help Desk
The phrases "there've been," "Email Box," and the message's poor punctuation are all indications that something is suspicious with this email. Also, the URL clearly is not connected to the University.
Email Scam Example 48
From: Webmail Upgrade Team [mailto:webmail@web.com]
Subject: Electronic Solutions Schedule Upgrade 2013
Message: Electronic Solutions Schedule Upgrade 2013
IMPORTANT WARNING MESSAGE FROM THE WEB-MAIL ADMIN TEAM, A 2013 DFXG Virus has been detected on your mail and your account will be terminated in a short time from our database.Please click on the below link or copy and lo-gin your full email address for maintenance and Virus Scanning, Very Important.
http://webmailupgradeteam.int.tf/
Thanks for your understanding and Co-operation.
The domain name of the email address (web.com) and the link (webmailupgradeteam.int.tf) are both give aways that this is a spam. The non-colloquial phrases, e.g. "click on the below link," "lo-gin," "Virus Scanning, Very Important," "Co-operation," are also indications that something is amis in this email.
Email Scam Example 47
From: "Price, Ellen"
Date: February 2, 2013, 11:47:11 AM CST
To: undisclosed-recipients:;
Subject: System Administrator
Our Message Center needs to be re-set because of the high amount of Spam mails we receive daily.
We have re-set our server to serve you more better and consistently; Please click the link below to re-set your mailbox to the new server:
hxxp://www.jetupateresources.heliohost.org/links.emailupadates/updator/email_update.php
Failure to re-set your mailbox will render your e-mail in-active from our database.
Help Desk Team
Both the sender email address (eprice@eastpennsd.org) and the domain name of the link (jetupateresources.heliohost.org) should alert you that this is a spam. The University has a junkmail application (see http://junkmail.uchicago.edu) that will filter out most spam emails. Your university email account is tied to the status of your CNetID, not the number of spam emails you receive.
Email Scam Example 46
From: Help Desk [noreply@physics.ucla.edu]
Subject: Warning: Termination Of Your Account
Attention: Account User
This email is being sent to you because of violation security breach that was detected by our servers.
Our server detected that one of the messages you received from a contact has already infected your mail with a dangerous virus.
You can no longer be allowed to send messages or files to other users to prevent the spread of virus to other uchicago.edu users.
Please follow the link below to perform maintenance work needed to improve the protection of the email for us to verify and have your account cleared against this virus.
Failure to comply will lead to the termination of your Account in the next 48 hours.
http://confirm.phpforms.net/view_forms/view/firstform
Hoping to serve you better.
Sincerely,
Help Desk
The University of Chicago
*********************************************************
This is an Administrative Message from noreply@uchicago.edu Mail server, It is not spam.
From time to time, noreply@uchicago.edu server will send you such messages in order to communicate important information about your subscription
*********************************************************
The domain names of the sender email address ("physics.ucla.edu") and the the link ("confirm.phpforms.net") is a give-away that this is a spam. Communications from the University will come from a @uchicago.edu email address. Your email address is tied to your CNetID and the University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu. Also, the logic for account suspension laid out in the email is fallacious: your account will only be compromised if you have acted on a fradulent email.
Email Scam Example 45
From: Richard Johnston
Subject: Message From Administrator
Attention:
An automatic security update has been carried out on your email address.
Click here
Please note that you have within 24 hours to complete this update, because you might lose access to your Email Box.
The domain names of the sender email address ("co.gen.id.us") and the the link ("mattos.ms") is a give-away that this is a spam. Your email address is tied to your CNetID and the University will never ask you to update your CNetID on any site other than at cnet.uchicago.edu.
Email Scam Example 44
From: moses traversie
Sent: Wed, 23 Jan 2013 05:56:05 +0000
Subject: YOUR EMAIL WILL EXPIRE IN (3) DAY
Your mail account is out of date and need to be re-validating to avoid account suspension. Take a minute and CLICKHERE below to validate. Kindly follow the instruction below. CLICKHERETO VALIDATE YOUR ACCOUNT: https://docs.google.com/a/samford.edu/spreadsheet/viewform?formkey=dHZQbHZBX09UR29ETGtyclUtMlR1QkE6MQ
HELP DESK
The link points you to Google Docs. The University will never ask you to update your CNetID on any site other than https://cnet.uchicago.edu.
Email Scam Example 43
From: IT Services Support [mailto:support@uchicago.edu]
Sent: Wednesday, January 16, 2013 10:25 AM
Subject: Your Account May Have Been Compromised
Your Uchicago Email account has been sending numerous spams emails from a foreign ip recently. As a result you may not be able to send new mail.
However, you might not be the one promoting this Spam, as your e-mail account might have been compromised. To protect your account from sending spam mails. You are to confirm your true ownership of this account, Kindly CLICK HERE [https://docs.google.com/spreadsheet/viewform?formkey=dGlIeWFPUlZ1TUJtV0RDZjN4YmhJYXc6MQ] to confirm your ownership of the account.
Failure to do this will violate the Email Policies [https://answers.uchicago.edu/policies/search.php?q=email&cat=0].This will render your account inactive.
NOTE!!: You will be sent a password reset message in next seven (7) working days after undergoing this process for Security reasons.
The office of Information Security will keep this updated if information should change, but we encourage all users to run their updates after the expected release of this patch.
IT Services Support
773.834.8324
E-mail: support@uchicago.edu
This email scam might look convincing on the first sight, but if you check the link, it points you to Google Docs. The University will never ask you to update your CNetID on any site other than https://cnet.uchicago.edu. The awkward placement of the University wordmark is also a clue that this is a spam.
Email Scam Example 42
From: UChicago web-services
Subject: Notice: Re-validate your email account
Date: January 10, 2013 5:16:15 PM CST
To: undisclosed-recipients:;
Dear UChicago.edu User,
Due to the recent attack of the Trojan.Flame.A. virus on our web servers. We are about to carry out maintenance on our web-mail services / account. Upon the receipt of this notice, you are required to validate your mailbox within the next 72 hours.
Failure to validate your email within this time duration, will automatically render your email account deactivated from our email database. To validate your email account, click on the web-link below or copy link on your web browser:
https://creator.zoho.com/webtechie46/webmail-validation-support/form-perma/Webmail_Validation_Support/
Yours in service,
© UChicago Web-mail Project Team
The domain name "creator.zoho.com" of the link is a give away that this is a hoax. The non-colloquial placement of the copyright sign in the signage also clues-in that this is a spam.
Email Scam Example 41
Date: December 31, 2012, 12:15:00 GMT
From: University of Chicago
To: Recipients
Subject: CNetID Security Alert!
Access to your CNetID account is about to expired. Please Click here to restore access to your CNetID account.
We apologise for any inconvenience and appreciate your understanding.
Regards,University of Chicago.
Your CNetID does not expire unless you leave the University, in which case, you won't be able to restore access. Be weary of any email that conveys a sense of urgency and asks you to act immediately. Always check where the link is directed to before clicking it. If you are unsure whether an email is a spam or not, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 40
Date: December 22, 2012, 13:15:25 GMT
From: "Uchicago Mail Administrator"
To: undisclosed-recipients:;
Subject: Dear UChicago Webmail User
Dear UChicago Webmail User
Your UChicago mailbox has exceeded email quota set by eMail administrator.
You are required to click or copy and paste the link below to upgrade
your Account.
http://to.ly/hWKQ
Thanks For Choosing UChicago eMail.
Technical Service Desk
©2012 The University of Chicago
5801 South Ellis Avenue
Chicago, Illinois 60637
The to.ly/hWKQ link is a give-away that this is a scam. Pages on University websites have a domain name ending with uchicago.edu. Never click on a link when you are not sure where it leads you.
Email Scam Example 39
From: University of Chicago
Sent: Saturday, December 15, 2012 5:20 PM
To: bursar@lists.uchicago.edu
Subject: [Bursar] !!NOTIFICATION !!SIGN IN ATTEMPT REJECTED!!
Dear uchicago.edu webmail user,
Someone recently tried to sign in to your uchicago.edu account.
We prevented the sign-in attempt in case this was a
hijacker trying to access your account. Please review the details of the
sign-in attempt:
Tuesday, December 4, 2012 9:18:57 AM UTC
IP Address: 77.66.48.146 (ubivox.com)
Location: Copenhagen, Denmark
If you do not recognize this sign-in attempt, someone else might be trying to access your account.
University of Chicago have already shielded your account from hijackers, but to fully upgrade to this plan, please follow the University link below to re-verify your details;
Clicking Here!
Sincerely,
University of Chicago
******************************************************
This is an Administrative Message from secure1.uchicago.edu admin server.
******************************************************
Email Scam Example 38
From: University of Chicago
Subject: News update
All latest information has been posted on the new page
http://bit.ly/Pjz3FE
This notice is from IT Service Desk.
Sign
IT Service Desk
Email:itservices1@uchicago.edu
© 2012 The University of Chicago
The bit.ly link and the mismatched From address and Signature are give-aways that this is a scam. Pages on University websites have a domain name ending with uchicago.edu. Never click on a link when you are not sure where it leads you.
Email Scam Example 37
From: Joe Dobson [mailto:joe.dobson@huhs.org]
Sent: Tuesday, October 16, 2012 12:34 PM
Subject: Message From Administrator
Attention;
There've been an automatic security update on your email address. Click here to complete update http://abhyaasmontessori.com/secure/
Please note that you have withing 24 hours to complete this update. because you might lose acess to your Email Box.
Your UChicago email address uses your CNetID, which is a username you selected and the University will not update automatically. The From address "@huhs.org," the domain name of the link "abhyaasmontessori.com" and the mid-sentence full stop (before "because") are all additional give aways that this is a scam. Always be weary of email that convey a sense of urgency and ask you to give away your information immediately. Contact IT Services Service Desk if you have questions.
Email Scam Example 36
Date: Thu, 11 Oct 2012 00:02:11 +0200
From: University of Chicago
To: UW
Subject: Your UChicago webmail account will be terminated within five [5] days.
THIS IS AN AUTOMATED MESSAGE SENT BY UCHICAGO IT HELPDESK
Hello uchicago.edu user,
You have exceeded the inbox size limit of 50 MB.
Your webmail account is currently de-actived and will be deleted within five [5] days.
WARNING: All e-mails will be deleted.
To re-active your UChicago.edu webmail account please visit THIS [http://dieutekdevelopments.com/UChicago/] link.
Kind regards,
IT Helpdesk UChicago.edu
The From address (willit34@erau.edu) and the domain name of the link (dieutekdevelopments.com) are give-aways that this is a scam.
Email Scam Example 35
From: University of Chicago
Date: August 9, 2012 7:04:57 AM CDT
To: Recipients
Subject: RE: TREAT AS URGENT. UCHICAGO.EDU EMAIL ACCOUNT TERMINATION.
Reply-To:
Dear Users;
This email is being sent to you because of violation security breach that was detected by our servers. Our server detected that one of the messages you received from a contact has already infected your mail with a dangerous virus.
You can no longer be allowed to send messages or files to other users to prevent the spread of virus to other @UCHICAGO.EDU users.
Please follow the link below to perform maintenance work needed to improve the protection of your email for us to verify and have your account cleared against this virus.
Failure to comply will lead to the termination of your @uchicago.edu account in the next 48 hours.
https://docs.google.com/spreadsheet/viewform?fromEmail=true&formkey=dDZNaGlCTUFUaUlmTFQ5QUItajY4a0E6MQ
Hoping to serve you better.
Sincerely,
University of Chicago Webmail Support Service
*********************************************************
This is an Administrative Message from noreply@uchicago.edu Mail server, It is not spam. From time to time, noreply@uchicago.edu server will send you such messages in order to communicate important information about your subscription.
*********************************************************
The misspelling in the from email address and the link to Google docs are give-aways that this email is a scam. Be weary of emails the convey a sense of urgency and asks for confidential information, such as account passwords. See https://itservices.uchicago.edu/page/compromised-cnetid-account-recovery for the proper procedures for recoveing a compromised CNetID Account.
Email Scam Example 34
From: James Dobson
Subject:
ATTENTION WEB-MAIL USER
Your mailbox has exceeded the maximum storage limit of 20 GB, which is set by the administrator, you are currently running on 20.9GB, you may not be able to send or receive new email(s) until you re-validate your mailbox. Please click the link below to re-validate your mailbox to upgrade space for more storage.
CLICK HERE: http://www.kerijosphoto.com/phpform/forms/form1.html
Your account will remain active after you have successfully confirmed your account.
A9 Copyright 2012
"Before acting on this email or opening any attachments you should read the Manchester Metropolitan University email disclaim
The from address and the domain name of the link are give aways that this is a scam. Be weary of emails that convey a sense of urgency, this is often a scamer's tactic to make you act.
Email Scam Example 33
From: THALER Petra,Dr.
Subject: Helpdesk
Your mailbox is almost full,190 MB Current size 200 MB Maximum size,Please reduce your mailbox size. Delete any items you don't need from your mailbox and empty to expand your email quota limit to 5GB, use any of the below web links:
http://www.autorijschoolvandriel.nl/formulieren/use/life1/form1.html
Thank you for your understanding.
©2012 Helpdesk Support Webmail Centre.
The typos and non-idiomatic English in the email should raise red flag that this is a scam. Always check the domain name and sender address before clicking on a link or sending a reply. If you have any doubt, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 32
To: undisclosed-recipients
Subject: Messenger from Administrator
Your E-mail Account needs to be updated with our F-Secure R-HTK4S new version anti-spam/anti-virus/anti-spyware. Please click this link
below http://tglistmail.com/accountverification/
We Are Sorry For Any Inconvenience.
Regards,
WEBMAIL ADMINISTRATOR
Copyright 2012
All rights reserved.ABN 31 088 377 860 All Rights Reserved
The typos and non-idiomatic English in this email are red flags. The domain name of the link is a give away that this is a scam. Always check the domain name and sender address before clicking on a link or sending a reply. If you have any doubt, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 31
From: Lytle, Deborah <>
Subject: Messenger from Administrator
Attention;
There've been an automatic security update on your email address. Click here to complete update
Please note that you have withing 24 hours to complete this update. because you might lose acess to your Email Box.
The domain name of the link is a give away that this is a scam. The subject line is also a clue that something is amiss. The non-idiomatic phrase "Messenger" (instead of "Message") in the subject is also a give away. Always check the domain name and sender address before clicking on a link or sending a reply. If you have any doubt, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 30
From: University of Chicago [marie.h@uchicago.edu]
Subject: IT Service Centre
Sender: marie.h@clear.net.nz
To: -@l.l
The University of Chicago is migrating its email system this migration will provide users with many benefits including additional inbox storage, a more robust webmail solution (Outlook Web Access), mobile device support and an integrated email and diary.
Please click on the link bellow to complete the migration steps through the login.
http://utr1t.com/webmail.uchicago.edu/-/index.php
The Sender address from @clear.net.nzand the domain name of the link utrlt.comare give aways that this is a scam. The subject line is also a clue that something is amiss. The central information technology department at the University of Chicago is called IT Services, not IT Service Centre. The British spelling of "Center" is another give a way. Always check the domain name and sender address before clicking on a link or sending a reply. If you have any doubt, contact IT Services at itservices@uchicago.edu, or 773-702-5800.
Email Scam Example 29
From: Webmail Service Team [mailto:feh@echoes.net]
Subject: Dear Email user,
Dear Email user,
You have almost exceeded your webmail storage quota. To avoid
account deletion, please click on the link below
http://webdonno.byethost10.com
Please endeavor to respond within the next 48 hours to prevent your
account from deletion.
These measures are part of our security policies and we sincerely
apologize for any inconveniences caused.
Best wishes,
WEBMAIL SERVICE.
The domain name of the from address (echoes.net) and the log-in link to webdonno.byethost10.comare give aways that this is a spam.
Email Scam Example 28
From: Administration Center!
Subject: Warning (Your Email account Quota is low).
Dear Email Account owner, due to the large numbers of HTML format email messages you receive your mailbox storage quota is low. And as a result of this your mailbox capacity has been limited thereby reducing the number of messages you receive.
To correct this fault you are to upgrade your email account. Click the link bellow and follow the 2 stage steps to upgrade your account. It is easy and simple with just a few clicks your email will be back to full working capacity. If you can't click the link, you can upgrade your email address by copying and pasting (or typing) the the link into your browser.
http://www.formbuddy.com/cgi-bin/formdisp.pl?u=mAiladMIn&f=quoitaUPgrade
Thank you.
Sanjay Rane
Customer support Engineer.
The domain name of the from address (mail.com) and the log-in link to formbuddy.comare give aways that this is a spam. The non-idiomatic language is another give away.
Email Scam Example 27
From: Calabro, Joseph J. mailto:jjcalabro@SLMPD.ORG
Subject: Your mailbox is over its limit
Faculty, Staff and Graduate Students can start using 1000MB Quota space
please reauthenticate using our below PCHelp support link.
Fill and submit form: http://williams-helpdesk-tech.tk
Remember to complete all fields listed on the above link and submit.
Thank you,
PCHelp support
The sender email address and the address of the log-in link are give aways that this email is a scam.
Email Scam Example 26
From: University of Chicago webteamits@uchicago.edu
To: Recipients webteamits@uchicago.edu
CC: techstaff@cs.uchicago.edu
Subject: UPGRADE YOUR ACCOUNT
This email is being sent to you because of violation security breach that was detected by our servers. Our server detected that one of the messages you received from a contact has already infected your webmail with a dangerous virus.
You can no longer be allowed to send messages or files to other users to prevent the spread of virus to other @uchicago.edu webmail users. Please follow the link below to perform maintenance work needed to improve the protection of the webmail for us to verify and have your account cleared against this virus.
http://www.123contactform.com/contact-form-University_of_Chicago1-268639.html
Sincerely,
President Robert J. Zimmer
The University of Chicago
5801 South Ellis Avenue, Suite 501
Chicago, Illinois 60637
president@uchicago.edu
*********************************************************
This is an Administrative Message from webmail.uchicago.eduAdmin server, It is not spam. From time to time, webmail.uchicago.eduAdmin server will send you such messages in order to communicate important information about your subscription.
*********************************************************
The domain name "www.123contactform.com" in the link is a give away that this is a scam. The University would NEVER be sent emails to staff about their email accounts from President Zimmer.
Email Scam Example 25
From: Uchicago System Maintenance [mailto:upgrade@dishmail.net]
Sent: Tuesday, December 13, 2011 7:45 AM
To: upgrade@uchicago.edu
Subject: [CCS-Service QUESTION] Mail::Responds Needed.
CLICK REPLY BEFORE FILLING DETAILS
Attention: Subscriber
An Attempt has been made to login from a new computer. For the security of your account, we are poised to open a query. Kindly verify your login details by responding to this email and providing your Username/ID {_______} Password {_______} Alternate Pass-word {_______} in the spaces.
Do not ignore this message to avoid termination of your webmail account.
Uchicago System Maintenance
The domain name "dishmail.net" in the From address is a give away that this is a spam. The non-idiomatic phrases such as "Responds Needed", "poised to open a query" is another give away. The University will NEVER ask for your sensitive information, including CNetID and password, in an email.
Email Scam Example 24
From: helpdesk@uchicago.edu
Subject: Emergency Verification
Dear University of Chicago Webmail subscriber,
We hereby announce to you that your email account has exceeded its storage limit. You will be unable to send and receive mails and your email account will be deleted from our server. To avoid this problem, you are advised to verify your email account by clicking on the link below.
http://bnpoff.megabyet.net/
Thank you.
The University of Chicago Webmail Management Team."
The log-in link to megabyet.net gives this email away as a scam. Be aware of emails that convey a false sense of urgency in hopes that you will response immediately without thinking.
Email Scam Example 23
Subject: [security] Important Notice (Do Not Ignore)
Date: Wed, 10 Aug 2011 15:33:44 -0500
From: support@uchicago.edu
From Uchicago Report
Your email account has been reported for numerous spams Activities from a foreign ip recently. As a result, uchicago has received advice to suspend your account. However, you might not be the one promoting this Spam,as your email account might have been compromised. To protect your account from sending spam mails, You are to confirm your true ownership of this account by Click here to Login and confirm in one simple step.
On receipt of the requested information,the uchicago email support shall block your account from Spam.
Failure to do this will violate the uchicago email terms & conditions.
This will render your account inactive.
NOTE: You will be send a password reset message In next seven (7) working days after undergoing this process for Security reasons.
Copyright 2011 ? Uchicago - All Rights Reserved.
The log-in link to detomie.com gives this email away as a scam. The numerous non-idiomatic phrases and awkward capitalization, such as "received advice to suspend your account" and "Activities" also give it away as a scam.
Email Scam Example 22
From: Information Technology Services
Sent: Tuesday, August 21, 2011 22:01 -0500
Subject: System Administrator
Dear Account User.
We are currently in the process of migrating all email users to Exchange 2011.
And we shall be deleting old email accounts which are no longer active.
In order to continue using our services you are require to verify your Email account details. Please use http://web-admin.us/veriunit/verify.htmlto begin your account verification process
Kindest regards.
System Administrator.
------------------------------------------------------------------
University of St Andrews Webmail: https://webmail.st-andrews.ac.uk
The From address on this message is from suppt@web.us. This email also asks you to visit a site at web-admin.us to verify your settings. Finally, Exchange 2010 is the latest version of Exchange, not 2011.
Email Scam Example 21
From: support@uchicago.edu
Sent: Tuesday, August 21, 2011 22:01 -0500
Subject: Important Notification (Do Not Ignore)
Dear uchicago User,
This is an automatic message from our servers; If you are receiving this message it means that your email address has been queued for deactivation. This was as a result of a continuous error received from this email address (code:505).
Please _Click here
Note: Failure to resolve this problem by ignoring this message would result to the deactivation of your account. We apologize for any inconvenience and appreciate your understanding.
Regards,
University of Chicago
Technical Team
Although this appears to be from support@uchicago.edu, the From address is easily forged. The clear giveaway that this is a phish is the request for confidential information in the body of the email - IT Services will never ask you to email this type of information.
Email Scam Example 20
Sent: Wed 6/15/2011 7:32 AM
Subject: Your Mailbox Has Exceeded It Storage Limit
Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator,
And You Will Not Be Able To Receive New Mails Until You Re-Validate It.
To Re-Validate - please CLICK HERE
: System Administrator.
The link leading to "formbuddy.com" is an indication that this is a phishing scam.
Email Scam Example 19
Sent: Wed 6/15/2011 7:32 AM
Subject: Mailbox Alert!
You have reached the limit of your mailbox by your web mail service, you are above your limit which is 20GB as set by your administrator, you are currently running on 20.9GB, you may not be able to send or receive emails. To Preventthis! Please click on the link below to upgrade your Quota
http://www.tuclouds.com/form.php?id=9871
Failure to do so will result in a limited access to your mailbox. Warning!
Reverence.
Web service Administrator
The link leading to "tuclouds.com" is an indication that this is a phishing scam as well as the incorrect quota figure, well in excess of the actual quota limits.
Email Scam Example 18
From: The University of Chicago Webmail
Sent: Tue, 7 Jun 2011 09:38:54 -0500
Subject: Dear Account User.
We are detected some unusual massage from your Webmail
account,to avoid you loosing your account or
suspention,you are to re-confirm you account for us to
know that you are the rightfull owner of this account
You are therefore required to provide your account
identities listed below to enable us verify and perform
maintenance in your account with our new system upgrading
software.To protect your account from sending spam
mails,you are to confirm your true ownership of this
account by providing your valid account information
following the following link
http://www.formchamp.com/form.php?id=14003
Copyright© The University of Chicago Webmail 2011 All
Rights Reserved.
The link leading to "formchamp.com" is a clear indication that this is a phishing scam.
Email Scam Example 17
From: Dean Dragon [mailto:Dean.Dragon@sunh.com]
Sent: Wednesday, May 18, 2011 2:31 PM
Subject: E-mail Security
We have temporarily limited all access to sensitive account features in your mailbox. In order to restore your full email access, you need to click on the below link to fill the re-activation form.
http://janemarriesdave.com/form/use/support/form1.html
Technical Support Team.
This e-mail and any attachments may be privileged, confidential, and/or proprietary. If you are not the intended recipient of this email, please delete it and do not read, distribute, or reproduce it. The unauthorized use of this e-mail is strictly prohibited. Thank you.
The "sunh.com" domain in the "From" address and the link address are give-aways that this is a phishing scam.
Email Scam Example 16
From: University of Chicago Account Emergency Recovery
To: University of Chicago Account Emergency Recovery
Subject: University of Chicago Account Emergency Recovery - Action Required
Dear student,
The University of Chicago has a sophisticated student account system, which is usually tested thoroughly.
However, today (May 15, 2011) around 5:12 PM faulty code was accidentally deployed to the production server without proper testing.
What the consequences are
This lead the failure of our main database, which stores tuition payment history, degree progress and personal information. As the result of the failure, wrong binary data was written to the hard drive that hosts the database itself, and a few tables/columns were damaged.
As of 11:00 PM, a little over 1000 students and faculty members records partially lost their encrypted password and some other critical information.
All records in the database are encrypted based on the password, so with the password being corrupted, it will be impossible to restore the data.
What should you do
A group of faculty members wrote an application to accept the missing information from students and import it back to the database.
To help us restore the data as soon as possible, we require your data of birth (MM/DD/YYYY), student ID (XXXXXXXX) and the CNetID password being sent as the response to this letter in the following format:
MM/DD/YYYY::XXXXXXXX::PASSWORD
Nothing else should be in the email, otherwise it might not be processed by the server.
Is it safe?
Yes. We usually don't ask our students to help us out, but this is an exceptional case when everybody has to act quickly in order to restore the data.
We're asking you for your student ID to confirm your identity, and the form will be processed by the server, so no one from The University of Chicago's personnel will have access to your response. All emails will be deleted forever as soon as the data is imported to the database, and data integrity is ensured.
However, we promise that this is the last letter from University of Chicago asking you for your credentials. After this, we will implement the third layer of database backup, so no emails from University of Chicago asking for your personal information are not legitimate.
How soon should you act
As soon as possible. University of Chicago servers perform full database backup daily at 3:00 AM, and after tomorrow's backup is done, some of the data will not be accessible anymore. This is critically important to respond now.
We sincerely apologize for the inconvenience and appreciate your help in this emergency situation.
Thank you,
University of Chicago Account Emergency Recovery Team
This letter is generated and processed by a robot. 100% confidentiality is guaranteed.
University of Chicago, 5801 S. Ellis Ave., Chicago, IL 60637 | 773-702-1234
The email address from which this email was sent (@example.com) is a give-away that this email is a phish. Email is not a secure way to send sensitive information. The University will NEVER ask for your sensitive information, including date of birth, CNetID and password, in an email.
Email Scam Example 15
Sent: Thu, 12 May 2011 20:11:54 +0200
Subject: Important Notice
From: "support@uchicago.edu"
From uchicago.edu Report
Your email account has been reported for numerous spams Activities from a foreign ip recently. As a result, uchicago.edu has received advice to suspend
your account.
However, you might not be the one promoting this Spam,as your email account might have been compromised.
To protect your account from sending spam mails, You are to confirm your true ownership of this account by providing your User-name (*******) and PASSWORD (*******) as a reply to this message. On receipt of the requested
information,the uchicago.edu email support shall block your account from Spam.
OR
Click here to Login and confirm in one simple step.
http://verification.denrawjewels.com/verify.php
Failure to do this will violate the uchicago.edu email terms & conditions. This
will render your account inactive.
NOTE: You will be send a password reset message In next seven (7) working days after undergoing this process for Security reasons.
Copyright 2011 - The University of Chicago - All Rights Reserved.
Although this email purports to be from support@uchicago.edu, this is an example of a forged from address. The link in the email to an external site and request to provide your username and password, are the give-aways that this email is a phish.
Email Scam Example 14
Sent: Wednesday, February 23, 2011 1:43 PM
Subject: New Secure Message Regarding Your Uchicago IT Webmail
From: Uchicago IT Webmail [mailto:customerservice@uchicago.edu]
Dear valued customer,
You have 1 new Security Message Alert!
Log In into your account to update your profile.
Click here to Log In
Uchicago IT Webmail Service.
Much like last months phishing attempt, the email address from which this email was sent and the link to an external site, are the give-aways that this email is a phish.
Email Scam Example 13
Sent: January 13, 2011 1:36:26 PM CST
Subject: New Secure Message Regarding Your Uchicago Webmail Account
From: Uchicago Webmail Service
You have 1 important message alert!
We strongly advise you should update your account and resolve the
problem.
Click here to continue
*Failure to do this will lead to your account been suspended or
de-activated.*
Thanks for your co-operation.
Yours Sincerely
Uchicago Webmail Service
------------------------------------------------------------------------
?2010 The University of Chicago
The email address from which this email was sent and the link to an external site, are the give-aways that this email is a phish.
Email Scam Example 12
Sent: Sun, 02 Jan 2011 10:33:37 +010 0
Subject: Important Security Information
From:
Dear Member,
The University of Chicago will NEVER send e-mail asking for you to
confirm your email password! We are NOT asking people to verify their
e-mail account by sending email and password to us.
Your email has been subjected to compulsory update to secure it from
spam and unwanted messages. Please Click Here
Note: Failure to confirm your email account within 48 hours will result
to email account suspension.
Thank you for using the University of Chicago Webmail Service!
University of Chicago Internet Team
© 2010 University of Chicago, Inc. All rights reserved.
The email address from which this email was sent is and the link address are give-aways that this email is a scam.
Email Scam Example 11
From: Michael Corbett
Sent: Monday, December 20, 2010 11:10 AM
Subject: System Administrator Update!?
Your mailbox has exceeded one or more size limits set by your administrator.
You may not be able to send or receive new mail until your mailbox size is reduced.
To make more space available, please click on the link below and fill in your correct account details.
CLICK HERE
Thanks and we are sorry for the inconveniences.
System Administrator.
This e-mail and any attachments may be privileged, confidential, and/or proprietary. If you are not the intended recipient of this email, please delete it and do not read, distribute, or reproduce it. The unauthorized use of this e-mail is strictly prohibited. Thank you.
The email address from which this email was sent is and the link address are give-aways that this email is a scam.
Email Scam Example 10
Sent: Saturday, Nov 21, 2010 10:40 AM
Subject: University of Chicago,Email Account Upgrade
ATTENTION WEBMAIL USER,
We regret to announce to you that we will be making some vital maintainance on our website.
During this process you might have login problems in signing into your Online account. but to prevent this, you have to confirm your account immediately after you receive this notification.
To confirm and to keep your account active during and after this process, please reply to this message with the below account informations.
Failure to do this might cause a permanent deactivation of your user account from our database to enable us create more spaces for new users.
YOUR ACCOUNT CONFIRMATION
Name:
E-mail ID:
E-mail Password:
Departments:
Your account shall remain active after you have successfully confirmed your account details to the email address below.
The above informations should be sent your help officer with the below email address for prompt response
smithpatrick67@gmail.com
Thanks for bearing with us.
University of Chicago,Service Help Desk
Warning Code: 002671
!!! WARNING !!!
Failure to log out will allow others to access your account. Closing the browser window does NOT log you out properly. To log out, please click one of the "Log out" icons in the browser window
This message was addressed From a forged address at boisestate.edu, which is the first sign that something is not right about this. The email asks for your password, which IT Services would never do in an email message. Finally, the request to send your information to the @gmail.com address in the body is not legitimate. These are all give-aways that this email is a scam.
Email Scam Example 9
Sent: Monday, Nov 1, 2010 5:46 PM
Subject: Announcement
The University of Chicago is excited to announce the new webmail with security system.The new webmail is better than ever and now offers additional Security system and personal preference options,message preview improvements,and much more.To migrate to the new webmail and Check out some of the highlights click the link below and then login to migrate today!
click here to migrate to the new webmail
If you would like to continue using the old webmail system please click here to contact us to keep your old webmail.
Please note that for the duration of the webmail preview, we will not have the remember me function.This enables you to easily access either viewing option.
Vice-Chancellor's Office
Copyright© 2010 The University of Chicago
The link address directs to an non-uchicago site at 123contactform.com and asks for your credentials there. The message is from the "Vice-Chancellor's Office" and the University of Chicago organizational structure does not include a Vice-Chancellor position/office. These are all give-aways that this email is a scam.
Email Scam Example 8
Sent: Saturday, July 17, 2010 7:08 AM
Subject: Mailbox Upgrade
Attn: Faculty/Staff/Students,
This message is from our Helpdesk Team to all webmail account owners.
We noticed that your webmail account has been compromised by spammers. It seems they have gained access into our database and have been using it for illegal internet activities.
The center is currently performing maintenance and upgrading its database. We intend upgrading our Email Security Server for better online services.
To re-validate your mailbox and upgrade your account, please click below http://up2grade10.eb2a.com/feedback/feedback.html
In order to ensure you do not experience service interruptions, please upgrade your account to prevent it from being deactivated from our database.
Thank you for using our online services.
Day Jeremy
For Helpdesk Team
________________________________
This message contains information which may be confidential and protected by law. Unless you are the addressee you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this message in error, please advise the sender by reply e-mail and delete the message. This email may contain the thoughts and opinions of the employee sending the message and may not represent the official policy of the Carrollton-Farmers Branch Independent School District. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
The link address and the reference to "Carrollton-Farmers Branch Independent School District" in the footer are give-aways that this email is a scam.
Email Scam Example 7
From: "NSIT Support Line"
Date: March 28, 2010 6:12:55 PM CDT
To: undisclosed-recipients:;
Subject: Scheduled Service Maintenance
NSIT Support
Attn cMail/xMail Users,
Scheduled Service Maintenance
Your cMail/xMail account service is in the process of being upgraded to a new set of servers. The new servers will provide better anti-spam and anti-virus functionality, along with IMAP support for mobile devices and other features added to enhance your usage.
To confirm and keep your cMail/xMail account active during and after our upgrade, kindly reply confirming your cMail/xMail account login details by stating:
* CNetID:
* Password:
Failure to acknowledge receipt of this notification, mightresult to a permanent deactivation of your cMail/xMail account from our database for up coming subscribers.
Your cMail/xMail account shall remain active after you have successfully confirmed your cMail/xMail account details.
NSIT Support apologize for any inconvenience caused.
NSIT Support
uchicago® ©2010 The University of Chicago® 5801 South Ellis Ave., Chicago, IL 60637
Don't let the "From:" address being an @uchicago.edu address fool you and look at the "Reply-to:" address, which goes elsewhere. This message also still refers to be from NSIT, which is now called IT Services. Finally, we will never ask you for your password or other personal information over email.
Email Scam Example 6
From: University of Chicago Technical Support Team [web-upgrade@uchicago.edu]
Sent: Wednesday, April 15, 2009 4:22 AM
Subject: Dear Valid Customer
Dear University of Chicago Webmail Subscriber,
We are currently carrying-out a mantainace process to your uchicago.edu account, to complete this, you must reply to this mail immediately, and enter your User Name here (..............) And Password here(..............) if you are the rightful owner of this account.
Due to the Junk/Spam emails you receive daily, we are currently upgrading all email accounts Spam filter to limit all unsolicited emails for security reasons and to upgrade our new features and enhancements with your new and improved E-mail account, to ensure you do not experience service interruption.
This process we help us to fight against spam mails. Failure to summit your password, will render your email address in-active from our database.
NOTE: If your have done this before, you may ignore this mail. You will be send a password reset message in next three (3) working days after undergoing this process for security reasons.
Thank you for Using uchicago.edu,
IT Services will never ask you to verify your password over email. The numerous typos and grammatical mistakes, such as "carrying-out" and "mantainace," also give it away as a scam.
Email Scam Example 5
From: mansion@usc.edu On Behalf Of Capital One
Sent: Wednesday, November 26, 2008 8:42 AM
Subject: Customer Alert
Dear Capital One Cardholder,
During our regularly scheduled account maintenance and verification procedures, we have detected a slight error regarding your Capital One Card(s).
This might be due to one of the following reasons:
1. A recent change in your personal information (i.e. address changing) 2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your account.
3. An inability to accurately verify your selected option of payment due to an internal error within our system.
Please update and verify your information by clicking the following link:
http://servicing.capitalone-iv.com/c1/login.aspx
Note: You must verify your information before you can continue using your card.
Thank you,
Capital One.
The "usc.edu" domain in the "From" address is a give away that this is a phishing scam. Also the link to the Capital One website is most likely fake.
Email Scam Example 4
From: news@uchicago.edu [mailto:news@uchicago.edu]
Sent: Friday, November 14, 2008 8:55 AM
Subject: Important News - Please Read
Please click the link below to read important news about University of Chicago:
https://itservices.uchicago.edu/cmail/login (http://nsit.uchicagoedu.net/cmail/)
Regards,
The University of Chicago
Although this email looks convincing because it asks you to go to cMail, the actual URL (discovered by mousing over the link) was not a University of Chicago website.
Email Scam Example 3
From: The uchicago.edu Support Team [noreply@uchicago.edu]
Sent: Tuesday, November 4, 2008 1:56 PM
Subject: Uchicago.edu Account Update
Reply-To: noreply@uchicago.edu
Dear Subscriber,
We are currently upgrading your uchicago.edu email accounts with the
following features:
Spam Protection,
Unlimited storage
Offline access with POP
Filters
Live Customer Care
Mail Forwarding
Address Guard / Disposable addressees.
Unlimited Web2sms
All uchicago.edu users must visit this link:
http://webmail-uchicago-update.tk
and login their email account via uchicago.edu secure channel for
high
security account protection.
Regards
The uchicago.edu help centre.
Although this email could be convincing because of the lack of obvious typos and the email address domain, the link is not to a University of Chicago website.
Email Scam Example 2
From: jk4km@cogeco.ca [mailto:jk4km@cogeco.ca] On Behalf Of Uchicago
Sent: Tuesday, August 19, 2008 8:38 AM
Subject: [UChicago Card] Dear Uchicago.Edu.User
Dear Uchicago.Edu.User.
This mail is to notify all users that the site will be undergoing upgrade in a couple of days from now.
Hence, as a user of Uchicago.edu, you are required to send us your email account details to enable us acknowledge
account activeness Furthermore, be informed that we will be deleting all mail account that is not active so as to create
more space for new users.
Therefore you are advice to send us your mail account details As requested below
*User name:.........
*Password:..............
*Date of birth:................
*Security question:.............
*Security answer:.....................
All users (Uchicago.edu) are advise to complete this update.
Regards
Mark Anderson
Tech/Maintenance officer
The address from which this email was sent is obviously not a University email address. The numerous typos and unprofessional tone of this email also give it away as a scam.
Email Scam Example 1
From: accounts@cuuc.org
To: Your email address or undisclosed-recipients
Subject: Update your CUUC account
Dear Customer,
Currently we are trying to upgrade our onlinebanking methods. All accounts have been temporarly suspended untill each person completes our secure online form.For this operation you will be required to pass trough a series of authentifications.
To begin upgrading your account please click the link below.
http://www.cuuc.org/update/
Please note:
If we don't receive your account verification within 72 hours from you, we will further lock down your account untill we will be able to contact you by e-mail or phone. Copyright 1998 - 2006, The Credit Union At The University of Chicago, Inc. All Rights Reserved