Scam of the day – March 14, 2017 – Email phishing scam

As I have mentioned many times before, email phishing scams start when you receive an email that purports to be sent from your email server informing you that there is some problem with your account which requires you to click on a link in order to remedy the problem.  Many times the email purports to come from your specific provider; sometimes from a provider you do not even use.   Today’s phishing email scam, however, is generic in that it doesn’t even indicate the name of your email server.

Here is a copy of an email that is presently finding its way into many people’s email boxes.  This is a phishing scam.  DO NOT CLICK ON THE LINK.  Clicking on the link will result in either your downloading a keystroke logging malware program that will steal all of the information from your computer such as your Social Security number, credit card numbers and banking information that will then be used to make you a victim of identity theft or when you click on the link you will be prompted to provide personal information that will also be used to make you a victim of identity theft.

“Your mailbox has exceeded the storage limit 1 GB, which is defined by the administrator, you are running at 99.8 gigabytes, you can not send or receive new messages until you re-validate your mailbox.
To renew the mailbox,

Click Here
WARNING! Protect your privacy. Logout when you are done and completely exit your browser.”

Some phishing emails are better than others and this one was not very convincing.  The email address from which it was sent was not from an email provider.  Instead, the address of someone whose email had been hacked and made a part of a botnet of computers used by identity thieves to send out their phishing emails was used  In addition, this email is not directed to you by name.    As with many of these scams that often originate in foreign countries where English is a second language, the grammar is suspect as where in the email commas are used improperly.

TIPS

The most important thing to remember is to never click on links in emails or download attachments unless you are absolutely sure that they are legitimate.  In this particular case, it is easy to see that it is a scam.  Additionally, you should make sure that your anti-malware and anti-virus software are installed and up to date with the latest security updates while remembering that you cannot totally rely on your security software to protect you because it generally takes about thirty days from the discovery of new malware for the security software companies to come up with new patches and updates.

Scam of the day – November 8, 2015 – More AOL phishing scams

I have written about AOL phishing scams many times, but an abundance of AOL phishing emails that are presently being circulated make this a topic worth writing about again. Reproduced below are three of them, the last of which is a phishing email about a generic account that doesn’t even attempt to tell you the name of your email carrier.   Scammers and identity thieves send out phishing emails to lure people into clicking on links in these emails that will either download keystroke logging malware on to the victim’s computer that will enable the identity thief to steal personal information from the victim’s computer and use it to make him or her a victim of identity theft or by clicking on the link, the victim will be directed to an official looking page requesting personal information under some legitimate sounding guise.  If the victim provides the requested personal information, it is used to make him a victim of identity theft.

“Aol!
Dear Member,Your mail-box might be shutdown within 24hrs due to your recent termination request. To cancel RE-SET , Log-in and wait response from Aol.

Sincerely

Webmail 2015 Security Team”

and

“​​A0l.​
​​​​​​​​​​​​​​Account Termination

​Dear A0L User,

We received your request to terminate your A0L Mail Account and the process has started by our A0L Mail Team, Please give us 2 working days to close your A0L Mail Account.
​​please if you did not wish to termination , click below and sign in to cancel the termination request :”

This last one is not specific to AOL, but contains many of the same phishing elements:

Dear User,
Your E-mail has exceeded the storage limit. You can not send or receive new messages until you re-validate your mail.  To re-validate the mailbox:- = Click to restore

Thank you!
Mail Administrator.”

TIPS

Phishing emails such as these always wish to create a sense that immediate action is required in order to avoid some negative event such as your account being closed.  These particular emails are easy to identify as scams.  None of them came from an email address that was connected with an email provider.  In fact, they all came from personal email addresses that were probably those of innocent victims of a botnet where a cybercriminal takes control of the computers of innocent people and uses those computers to send out phishing emails and other such communications.  None of the emails reproduced above carried a company logo although, this is easy to counterfeit and shouldn’t be something that makes you consider such emails to automatically be legitimate if you do receive an email with an official corporate logo.  Finally, such phishing emails often contain, as these do, grammatical or spelling errors.  You should never click on any link or provide any personal information in response to an email unless you are absolutely sure that it is legitimate and safe to provide the requested information.  The best thing you can do is to contact the company that is purporting to be sending the email and inquire as to the legitimacy of the email you received.
​​