Account Login | Webmail | Pay Bill

A A A

Scam Alert

If you have a suspicious email you would like us to look at please send an email to support@ispalerts.com.

The following email messages are examples of actual email phishing scams or attempts to deliver a virus via email.
Most of these examples appear to have been sent by your Internet Service Provider (ISP), Amazon, Ebay, Paypal,
a familiar credit card or bank, or social networking sites like Facebook or Twitter. If you do receive one of the following
emails, or a similar email message in your inbox, please disregard and delete the email.

NOTE: If you receive a questionable email and it is not listed here, do not assume that the email is valid.
This list is simply a small sample of the large amount of scam emails that are circulating.

2/12/2013

Welcome to Golden West

WEBMAIL LOG
Most Recent Webmail Log
Your account has been temporarily restricted because your account has expired.
Click to update your Online Account << (Malicious Link)

(c)2006 Golden West. All Rights Reserved. www.goldenwest.com

11/20/2012 Phishing Scam (includes malicious links)

From: Nobody On Behalf Of Golden West Telecommunications
Sent: Monday, November 19, 2012 2:34 AM
To: (Recipient List Suppressed)
Subject: Verify Your Webmail Access
Attention: Golden West Subscriber,

Your Email Account has been accessed from another computer.
For security reasons; click on verify my account below to protect your email access.

VERIFY MY ACCOUNT

<Malicious Link Here>

Note: Failure to adhere strictly to these instructions will lead to Email Account deletion thereby causing lost of files.
Thank you for using our mail system.
Golden West Telecommunications.

11/8/2012 Phishing Scam (includes malicious links)

Subject: Your Account Payment is due
Date: 2012-11-07 17:53
From: Goldenwest.net <account@goldenwest.net>
To:(Recipient List Suppressed)

View your status here now(This is a blue hyperlink in the email you would have received.)

Note: if status link doesnt show Download message as file to proceed

11/8/2012 Phishing Scam (includes malicious links)

Subject: Payment Invoice Notification
Date: 2012-11-07 17:53
From: support@siouxvalley.net <support@siouxvalley.net>
To: (Recipient List Suppressed)

View your invoice here now (This is a blue hyperlink in the email you would have received.)

9/17/2012 Phishing Scam (includes malicious links)

From: Mail Administrator<mail@admin.net>
Date: September 15, 2012 11:18:24 AM MDT
To: (Recipient List Suppressed)
Reply-To: Mail Administrator<mail@admin.net>

You are advice to click on the below link and Re-valide your E-mail account by filling the Helpdesk form (malicious link).

Thank you, Technical Helpdesk Service.

8/28/2012 Phishing Scam (includes malicious links)

From: Smiley eCard [mailto:address@smilercards.com]
Sent: Tuesday, August 28, 2012 1:19 AM
To: customer@yourdomain.net
Subject: You have a new eCard from Smiler Cards!
Importance: High

You have a new ECard

You Are Able to Open It by Going Here (malicious link).

Cant click the link? Cut and paste this URL into your browser's address bar (The address has been shortened to make things easier.):

(Possible virus or malware link inserted in the message here.)

7/24/2012 Phishing Scam (includes malicious links)

From: Message Center [mailto:user@hotmail.com]
Sent: Monday, July 23, 2012 3:06 PM
To: Customer name
Subject: Customer, (Your ISP name) has just sent you a gift!

Dear Customer,

On behalf of (ISP name) you have been issued a $1,000 Visa Gift Card free of charge.
Card type: Visa Gift Card
Issued to: (Customer name)
Issuing branch: Anytown, Any state
Valid until: 08/2015

Please use the following website to claim your card and have it shipped to the address of your choosing:

Go to: www.(malicious link).com

Note that claims must be made within 48 hours from this email being sent, or the above link will become invalid.

Sincerely, Rachel, Customer Service
Employee Benefits Center, LLC

7/24/2012 Phising Scam / Virus

From: "Summer Auto Sale" <info@unistordu.com>
Date: July 24, 2012 11:45:38 AM MDT
To: <XXXX@rapidnet.com>
Subject: This Is Your Personal Invitation To The Ford July Sales Event

Your Private Invitation To The Ford July_Sale Is Here

Getting the right car at a great price is hard but we have great news. For Tuesday ONLY, Ford_has clearaned priced all new cars (even sedans, hybrids and sports cars).

Check our inventory today

7/20/2012 Phishing Scam / Virus

-----Original Message-----
From: accounting@gwtc.net [mailto:accounting@gwtc.net]
Sent: Thursday, July 19, 2012 8:13 PM
Subject: RE: Your Wire Transfer N7917729732

Good morning,
Wire debit transfer was canceled by the other bank.

Rejected transfer:
FED REFERENCE NUMBER: ISL007138837ODP43267K
Transaction Report: View

Federal Reserve Wire Network

3/30/2012 Phishing Scam / Virus

-----Original Message-----
From: David H. [mailto:info.d@writeme.com]
Sent: Friday, March 30, 2012 8:47 AM
Subject: I NEED YOUR HELP TO TRANSFER US$9 MILLION, PLEASE SEE ATTACHED FOR DETAILS.
Attention: Sir/ Madam,

Good Day!
I’m Dr. David Hodnet, an investment portfolio manager of ABSA Bank of South Africa.

I’m sure you will be surprised to read from me considering that we not know each other, but I’m soliciting for your humble assistance in transferring the sum of $9 Million dollars which I found herein my bank in one of the default accounts whom the owner was a foreigner and a miner here in my country, South Africa.

This (Default Account) according to our record was opened since 1990 and till date no person has operated on this account, and our investigations has proved that the sole beneficiary of the funds was involved in a ghastly motor accident and there is no next of kin registered after his death.

I want you to correspond with me so that I can furnish you all details of this account and make you the beneficiary for our both investment profits. Should this proposal meets your approval, please reply me and confirm your interests and indicate your cell phone number.

I have resolved to offer you 30% of this fund, while 5% is mapped out for contingent expenses we may both incur, and the rest balance shall be for my compensation as the initiator.

For further clarifications, I can be reached at: 0027 79 300 6709 or by email: davidabsa@gmx.com, and please do not hesitate to indicate your direct cell phone number for an easy communication/clarifications.

I wait to read from you should this transaction interest you.

Thanks and remain bless.

Regards,
Dr. David Hodnet
Tel: 0027 78 300 6709
Email: davidabsa@gmx.com

3/15/2012 Phishing Scam / Virus

-----Original Message-----
From: admin@gwtc.net
Sent: Wednesday, March 14, 2012 7:41 PM
To: email@gwtc.net
Subject: Account Deactivation Request!

We are experiencing an unknown malware Trojan virus on your account requesting for Account deactivation.
To keep your account active we recommend that you click on

http://www.emailmeform.com/builder/form/A2ac606f06sfdvw50 to fix this within the next 48 hours.
(Please do not click, or browse to this link!)

3/06/2012 Phishing Scam / Virus

Date: Mon, 05 Mar 2012 18:41:16 -0700
From: admin@gwtc.net
To: sysadmin@gwtc.net
Subject:
We are experiencing an unknown malware Trojan virus on your Golden west Web=
mail account requesting for deactivation. error code 8gdlLv0QeUHbNj7aPmYKr =
To keep your account active click on http://www.emailmeform.com/builder/fo=
rm/8gdlLv0QeUHbNj7aPmYKr to fix this. Your pin is your password.

2/1/2012 Phishing Scam / Virus

From: Golden West Webmaster [mailto:salmansk@dhaka.net]
Sent: Wednesday, February 01, 2012 12:18 PM
To: undisclosed-recipients:
Subject: Account Update

This is to inform you that we have carried out maintenance on your email account and so therefore you cannot be able to receive or read new messages in your inbox until you complete the maintenance process. To complete the maintenance on your email account, Please kindly login to our message center within the next 24hrs so as to avoid any problem with your email account.

Click here to complete the process (This is a hyperlink in the real email, do not click it!)

12/21/2011 Phishing Scam / Virus

From: Webmaster
To: undisclosed-recipients:; (or youremail@email.com)
Date: Wednesday, December 21, 2011 1:20 AM
Subject: Read Immediately

Dear Email User
Your Email box has been temporarily suspended due to maintenance,To re-activate your email account Login into our message center to activate your account
Click here to activate your email account (This is a hyperlink in the real email, do not click it!)

12/1/2011 Phishing Scam / Virus

This message comes with an attachment.

From: scanner@rapidnet.com
To: youremail@goldenwest.net
Date: Wednesday, November 30, 2011 1:41 AM
Subject: Re: Fwd: Fwd: Scan from a Hewlett-Packard Officejet #98427669

A document was scanned and sent to you using a Hewlett-Packard OfficeJet JPF92640O

Sent by: CHANEL
Image(s) : 8
Type: Image (.jpeg) View

HP Officejet Location: location unknown
Device: UPD509S9LOS098802

f3e1d49b-605a7c82

11/21/2011 Phishing Scam / Virus

From: Sue Hartman mailto:robert.bitter@symbolic.com
Sent: Monday, November 21, 2011 4:17 AM
To: LNP Request
Subject: ACH transfer error

This message is related to the ACH transaction (ID: 33688488222) that you or any other person recently sent
from your banking account.

The current status of the above mentioned transfer is: failed due to the system malfunctioning. Please view
the detailed information in the report below:

http://netcologne.de/~nc-fischega20/5jwkg8/index.html

Best regards,
Sue Hartman
2011 NACHA - The Electronic Payments Association
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171

11/16/2011 Phishing Scam

Date: Mon, 14 Nov 2011 06:14:00 +0700
From: sales1@goldenwest.com
To: XXXX@goldenwest.com
Subject: Fwd: Wire Transfer Confirmation
Dear Bank Account Operator,I regret to inform you that Wire transfer initiated by you or on your behalf was hold
by us.Transaction ID: 951990862900051Current status of transaction: under review Please review transaction
details as soon as possible.Bernadette DickinsonPayments Administration

11/12/2011 Phishing Scam - Requests user to supply bank information.
Possibility of identity theft.

From: Boggs, Sharon
Sent: Saturday, November 12, 2011 1:28 AM
Subject: Contact ( ups_dispatch@hotmail.com )

After much attempts to reach you on phone, I deemed it necessary and urgent to contact you via your e-mail and to notify you finally about your outstanding compensation payment.

During our last annual calculation of your banking activities we have realized that you are eligible to receive a compensation payment of $2,811,041.00 USD.

This compensation is being made to all of you who have suffered loss as a result of fraud, accident or illness.

For more info, contact the assigned UPS agent Collins Abah for the delivery of your cashier check Send Name, Address, City, State, Zip Code, Country and telephone number.

(United Parcel Service (UPS)
Contact Name: Collins Abah
Tel: +2348138900697
E-mail: ups_dispatch@hotmail.com

Please take note that you will pay a shipping/handling fee of $97.00 USD to UPS.Thanks for your patience.

Merry Christmas.

Boggs, Sharon
Programme Manager
United Nations Human Settlements Programm

9/15/2011 Phishing Scam - Instructs recipient to click a link that may contain malware or virus.

From: Neilson, Roger [mailto:rneilson@NPS.K12.NJ.US]
TO: subscriber@yourdomain.com
Sent: Wednesday, September 14, 2011 10:47 AM
Subject: Webmail Account deactivation!

Dear User,
As part of our regular maintenance done on the exchange mail servers,
Microsoft System Administration is currently working to improve on the
security, functionality and performance of all our Microsoft Outlook
Webmail Access Accounts as we periodically review certain Accounts
which are vulnerable to Unauthorized Access or has not been
used/accessed over a period of time will be deleted to conserve storage.
However, your Account has been detected and queued up to be deleted
from our DB. Please note that the mail in the deleted mailboxes will NOT be recoverable.

To remove this limitation and initiate your Account Update and activation
process, please click here and complete the request Form.

Thank you for your co-operation

Webmail Management Team

8/26/2011 Scam

From: Mr. Muhammadan Peter (muhammada@att.net)
Sent: Fri 8/26/11 9:15 AM
To: This message is here because your junk email filter is set to exclusive.
Wait, it's safe!

Dear Sir / Madam,
It's a great pressure to indicate this opportunity to you. l need your support to handle this transaction with me in a trust and confidential manner.I believe you are a highly respected personality.

Considering the fact that I sourced your email from the international search database on the web during my discreet search for a foreign partner whom can assist me in taking this business to it success, let me introduce myself to you.

I am Muhammadan Peter Chief finance officer. I have a business suggestion for you. Please, do not think this is one of those scams. I need your assistance to transfer fund from my Bank to your country, while the percentage is going to be 60%/40% after the conclusion. I shall provide you with more information immediately i get a positive response from you.

Regards,
Mr. Muhammadan Peter.

8/12/2011 Phishing Scam

From: AMcDuffie@LPCH.ORG[mailto:AMcDuffie@LPCH.ORG]
To: user@yourdomain.com
Sent: Friday, August 12, 2011 12:55 PM

Subject: IT- Help desk requires you to upgrade web mail

IT- Help desk requires you to upgrade web mail by Clicking http://badlink.moy.su/outlook.htm

This Message is From Help desk. Due to our latest IP Security upgrades Wehave reason to believe that your web mail account was accessed by a Third party. Protecting the security of your web mail account is our primaryconcern, we have limited access to sensitive web mail account features.
Failure to re validate, your e-mail will be blocked in 72 hours.

Thank you for your cooperation.

Help Desk

08/04/2011 - Phishing Scam

From: Webmail and Network Support [mailto:tommy@greentaiwan.com.tw]
Sent: Thursday, August 04, 2011 7:27 AM
Subject: MESSAGE NO: LXMTNK

Attention Webmail Account User,

This message is from the Webmail & Network Account Management Center.
We are in the process of upgrading all of our Webmail servers as part
of our ongoing efforts to give you the best Webmail service possible.
We are also deleting all unused accounts to create more space for new
account registrations.

In order to ensure you do not experience service interruptions or possible
deactivation of your e-mail account, Please you must reply to this mail
immediately confirming your e-mail account details below for confirmation
and identification.

Do confirm your account details below.
_____________________________________
1. First & Last Name:
2. Full Login Email:
3. Username:
4. Password:
5. Retype Password:
_____________________________________

Failure to do this may automatically render your e-mail account
deactivated from our e-mail database/mail server. To enable us upgrade
your e-mail account, please do reply to this mail.

Thanks for your understanding, we wish you a pleasant day ahead.

Technical Support Team,
Webmail & Network Account Management Center.

7/25/2011 - Scam

From: Postmaster [mailto:postmaster@noxis.net]
Sent: Sunday, July 24, 2011 7:06 PM
To: postmaster@enetis.net
Subject: Dear Postmaster, please check your DNS- and/or HELO-name...

Dear Postmaster,

you are receiving this mail since your mailserver is probably misconfigured or someone is abusing your domainname.

This message was sent to you automatically.

This Mailserver applies very strict rules to incoming mails as a measure against spam. These rules may cause some side-effects. This mail was sent to inform you that you may be affected by this.

Some mail coming from one of your mail relays or from one of your customers was rejected due to one or more of the following reasons:
---------------------------------------------------------------------------
= INVALID REVERSE DNS RECORD ==============================================
Your mailserver is using a IP address for sending that has no valid reverse DNS record. This makes it very hard to determine if this IP is eligible to send mail for your domain and thus many mailservers will reject mails coming from this IP.

How to fix this:
Contact your network department or ISP to setup a reverse DNS mapping from the IP 116.41.202.201 to your HELO hostname [116.41.202.201].
---------------------------------------------------------------------------
= GENERAL INFORMATION =====================================================

Jul 24 16:06:46 noxis postfix/smtpd[5715]: NOQUEUE: reject: RCPT from unknown[116.41.202.201]: 450 4.7.1 Client host rejected: cannot find your hostname, [116.41.202.201]; from= to= proto=ESMTP helo=

The rejected email probably still resides on the machine with the IP-Address: 116.41.202.201, calling itself [116.41.202.201].

Investigations at my end show:

Sender = youremail@domain.com
Recipient = disho@noxis.net
From-IP = 116.41.202.201
From-Host = unknown
Helo = [116.41.202.201]

'dig [116.41.202.201]' resulted in : not found 'dig -x 116.41.202.201' resulted in: unknown 'dig unknown' resulted in : not found

---------------------------------------------------------------------------

The recipient(s), to which this message was addressed, has already received a notification about this.
To make sure you mail gets delivery to all users of this mailserver please fix all issues listed above.
You will receive this mail only once. Please act acordingly to restore full service to your users.

Best Regards,
postmaster@noxis.net

5/10/2011 - Phishing Scam

Date: Tue, 10 May 2011 05:25:15 -0600
From: WEBMAIL ACCOUNT UPGRADING
To: undisclosed-recipients:;
Subject: Webmail Warning Alert !!!
Dear Webmail User Account,

This Email is from Edu Webmail Customer Care and we are sending it to
every Web Email User Accounts Owner for safety.we are shutting down
some Email Accounts due to the anonymous registration our Webmail
Account.We are sending this email to you so that you can verify and
let us know if you still want to use this Email account. If you are
still interested please, You are to send this information below to
enable us RECONFIRM YOUR WEBMAIL ACCOUNT and for Upgrading.

Email Username : (***********)
EMAIL Password : (***********)
Date of Birth : (***********)
WEBMAIL UPGRADING SERVICE Support Team
Email: accountupgrading1960@admin.in.th
After following the instructions in the sheet, your account will not
be interrupted and you will continue as normal.Thanks for your
attention to this request.We apologize for any inconveniences.

Warning!!!

Account owner that refuses to update his/her account within 24hours of
this warning notice we are afraid you will have to lose your account
permanently. For Help and Support, contact the Technical Support help
desk at: technicalteams@hotmail.com

Thank you for using our email account!

Warning Code: VX2G99AAJ

Sincerely,

The Webmail Upgrading
Technical Support Team.

5/05/2011 - Fake Email

Subject: FW: UPS Uniforms Possible terrorists.

> Government Warning regarding purchase of UPS uniforms: There has
> been a huge purchase, $32,000 worth, of United Parcel Service (UPS) uniforms
> on eBay over the last 30 days. This could represent a serious threat as
> bogus drivers (terrorists) can drop off anything to anyone with deadly
> consequences! If you have ANY questions when a UPS driver appears at your
> door they should be able to furnish VALID I.D.
>
> Additionally, if someone in a UPS uniform comes to make a drop off or pick
> up, make absolutely sure! they are driving a UPS truck. UPS doesn't make
> deliveries or pickups in anything, except a company vehicle. If you have a
> problem, call your local law enforcement agency right away! TAKE THIS
> SERIOUSLY! Tell everyone in your office, your family, your friends, etc.
> Make people aware so that we can prepare and/or avoid terrorist attacks on
> our people! Thank you for your time in reviewing this and PLEASE send to
> EVERYONE on your list, even if they are friend or foe. We should all be
> aware!
Lt. Steve Haney
Sioux Falls Police Department

4/20/2011 - Phishing Scam

Subject:Confidential Email From FBI
Date: Tue, 19 Apr 2011 06:28:12 -0600
From: FBI HEADQUATERS
Reply-To:
To:undisclosed-recipients: ;

Confidential Email From The Federal Bureau Of Investigation. Download
Attachment For Further Details Regarding Your Overdue Payment.

This email includes a PDF attachment which asks for contact information.

4/05/2011 - Malware Attack

From: "Post Express Branch" postmail-help.733@albuquerque.com>
To: XXXXXX@gwtc.net
Sent: Tuesday, April 05, 2011 9:55 AM
Subject: Post Express Department. Get the parcel NR 04192

Dear Customer.

Post notification No.33357

The company could not deliver your package to your address.
Your package has been returned to the Post Express office.
The reason of the return is "Incorrect delivery address of the package"

Attention! Attached to the letter mailing label contains the details of the package delivery.

Please print out the invoice copy attached and collect the package at our office

Thank you.
Post Express Service.

4/04/2011 - Banks and credit-card issuers warn that hackers may have
obtained email addresses

NEW YORK (AP) -- With the possible theft of millions of email addresses from an advertising company, several large companies have started warning customers to expect fraudulent emails that try to coax account login information from them.

Companies behind such brands as Chase, Citi and Best Buy said over the weekend that hackers may have learned their email addresses because of a security breach at a Dallas-based company called Epsilon that manages email communications.

The email addresses could be used to target spam. It's also a standard tactic among online fraudsters to send emails to random people, purporting to be from a large bank and asking them to login in at a site that looks like the bank's site. Instead, the fraudulent site captures their login information and uses it to access the real account.

The data breach could make these so-called "phishing" attacks more efficient, by allowing the fraudsters to target people who actually have an account with the bank.

David Jevans, chairman and founder of the non-profit Anti-Phishing Working Group, said criminals have been moving away from indiscriminate phishing towards more intelligent attacks known as "spear phishing," which rely on having more intimate knowledge of the victims.

"This data breach is going to facilitate that in a big way. Now they know which institution people bank with, they know their name and they have their email address," said Jevans, who is also the CEO of security company IronKey Inc.

"You're not going to see typical phishing where 90 percent of it ends up in spam traps and is easily detected. This is going to be highly targeted," he added.

Among the affected are financial-service companies such as Capital One Financial Corp., Barclays Bank, U.S. Bancorp, Citigroup Inc., JPMorgan Chase & Co. and Ameriprise Financial Inc. and retailers including Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.

The College Board, the not-for-profit organization that runs the SATs, also warned that a hacker may have obtained student email addresses.

Walt Disney Co.'s travel subsidiary, Disney Destinations, sent emails warning customers on Sunday. Hotel chain Marriott International Inc. issued a similar warning.

Epsilon said Friday that its system had been breached, exposing email addresses and customer names but no other personal information.

Epsilon, a unit of Alliance Data Systems Corp., sends more than 40 billion emails annually and has more than 2,500 clients.

Shares of the parent company fell $3.45, or 3.5 percent, to $82.96 in midday trading Monday.

The scale of the data breach meant that many people got warnings from multiple companies over the weekend.

Jill Kocher in Crystal Lake, Ill., said she got at least five emailed warnings, including from U.S. Bank, Best Buy and New York & Co.

Because she works for Groupon, an Internet coupon company, she feels savvy enough to avoid any phishing come-ons, but she's concerned for those who aren't.

"U.S. Bank sends you an email and it looks legit and you cough up the information, and now you're in big trouble. It sure does sound like a big increase in fraud, just waiting to happen," Kocher said.

3/25/2011 - Fake Webmail Storage limit Quota

From: XXXXX
To: info@upgrade.net
Sent: Wednesday, March 23, 2011 11:05 AM
Subject: HELPDESK: Click/Fill To Re-Validate

Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator,login to view your storage limit quota Now http://www.contactemailform.com/form.php?id=3873 for storage limit update. System Administrator

3/7/2011 - Phishing Scam / Fake IRS Tax Request

Overpayment Notification
Date of this Notice: MAR. 06, 2011
Taxpayer Identifying Number: xxx-xx-xxxx
Form: 1040
Tax Period: DEC. 31, 2010

Subject: Taxpayer Overpayment on Tax Refund

Dear Taxpayer:

Our records show you were overpaid on your Federal Tax Refund under Social Security Number xxx-xx-xxxx, therefore $380.00 of the overpaid Tax Refund must be returned.

This memorandum serves as notification of an overpayment of Tax Refund that you received and the subsequent repayment that is your responsibility.

The overpayment totals $380.00 for 1040/2010 filing period you were overpaid in error because of an incorrect Tax Adjustment causing an incorrect refund.

You are offered the following options of repayment within five (05) business days from today Mar. 11, 2011. Failure to respond timely will result in the immediate recovery of the overpayment, fines, and possible criminal prosecution.

If you disagree with the amount listed below, you have the right to an immediate Pre-decision Meeting with a person who has direct access to the agency appointing authority for this purpose.

A summary of the overpayment is as follows:

Here are your Re-payment Options:
1. Submit payment within five (05) business days of the "date of demand" to the account:
Name(s) on Receiving Account: Carol Ann Miller
Street: 125 congress st
City: White Oak
Zip Code: 15131
State: Pennsylvania
Country: United States
Bank name: FIFTH THIRD BANK
Bank Account Number: 7400728122
Electronic ABA Routing Number(ex. Direct Deposit/Automatic Payment):043018868
Wire ABA Routing Number: 042000314
Bank Address:348 Lincoln Highway,
North Versailles,
PA, 15137
Bank phone #:1-800-972-3030

2. Write on transfer reference: "Payment of Erroneous Refund" and your SSN.
3. Failure to comply within the given time frame will result in stiff penalties and interest accruals in excess of what is owed.

Sincerely yours,

WILLIAM C. MALAHAI
19-06693
Tax Assessment Supervisor

2/25/2011 - Phishing Scam

From: Webmail Admin Center
Date: 2/25/2011 7:37:14 AM
To: you@yourdomain.com
Subject: Dear Valued Customer

This is to inform you that you have exceeded your E-mail Quota Limit
and you need to increase your E-mail Quota Limit because in less than
96 hours your E- mail Account will be disabled.Increase your E-mail
Quota Limit and continue to use your Webmail Account.

To increase your E-mail Quota Limit to 2.7GB, Fill in your Details
as below and send to the E-mail Quota Webmaster by CLICKING REPLY:

EMAIL ADDRESS:
USERNAME:
PASSWORD:
CONFIRM PASSWORD:
DATE OF BIRTH:

Thank you for your understanding and corperation in helping us give
you the Best of E-mail Service in 2011.

2/16/11 - Domain Name Slamming

Attention: Your name,
Re: Transfer of Your Domain
BRANDON GRAY INTERNET SERVICES INC. dba Namejuice.com has received a request from Domain Registry of America on 3/27/2006 8: 08: 50 PM for us to become the new registrar of record.
You have received this message because you are listed as the Registered Name Holder or Administrative contact for this domain name in the WHOIS database.
Please read the following important information about transferring your domain name:

1) You must agree to enter into a new Registration Agreement with us. You can review the full terms and conditions of the Agreement at http: //namejuice.com/regagree.asp
2) Once you have entered into the Agreement, the transfer will take place within five (5) calendar days unless the current registrar of record denies the request.
3) Once a transfer takes place, you will not be able to transfer to another registrar for 60 days, apart from a transfer back to the original registrar,in cases where both registrars so agree or where a decision in the dispute resolution process so directs.

If you WISH TO PROCEED with the transfer, you must respond to this message via one of the following methods (note if you do not respond by Sunday, April 02, 2006, guillermoventurino.com will not be transferred to us.).

Option 1 Please go to our website, https: //namejuice.com/agree.asp?e=1&o=1366979&p=jppr to confirm.

Option 2 Please email us with the following message:
'I confirm that I have read the Domain Name Transfer - Request for Confirmation Message.
I confirm that I wish to proceed with the transfer of Your Registrar to BRANDON GRAY INTERNET SERVICES INC. dba Namejuice.com .'

Option 3 Please print out a copy of this message and send a signed copy to :
(fax to)1-866-4340211
(mail to): PO Box 4577 Markham, Ontario L3R 5M7

If you DO NOT WANT the transfer to proceed, then don't respond to this message.
If you have any questions about this process, please contact us at following information.
info@namejuice.com
or please contact your reseller Domain Registry of America
support@droa.com

12/29/10 - Phishing Scam

From:
Sent: Tuesday, December 21, 2010 1:12 PM
Subject:

Dear User,

This is to notify you that you are above your limit which is 1700MB as set by your administrator, you are currently running on 1709MB, you may not be able to send or receive new mail until you re-validate your mailbox. To re-validate your account please Log In: to our admin portal

Thanks
Administrator

12/23/10 - Phishing Scam

Date: Wed, 22 Dec 2010 01:00:24
From: helpdesk@w.cn
To: Recipients
Subject: Att: Webmail Account Owner,

This message is from Webmail messaging center to all Webmail email
account owners. We are currently upgrading our data base and e-mail
account center.

We are deleting all inactive Webmail email accounts as to create more
space for new accounts. To prevent your account from closing you will
have to update it below so that we will know that it's a presently used
account.

Your response should be sent to Webmaster Email: helpdesks@w.cn
****************************************************************************
CONFIRM
YOUR EMAIL IDENTITY BELOW
Email Username/Login ID : ......... .....
EMAIL Password : ...............
Date of Birth : ................
*****************************************************************************
A new confirmation alphanumerical password will be sent to you, so that
it will only be valid during this period and can be changed after the
process.

You are to send your correct information to the webmaster for quick update.
Thanks
Webmail Project Team.

11/20/10 - Phishing Scam

Date: Sat, 20 Nov 2010 12:28:44 -0800 (PST)
From: THE GWTC WEBMAIL SUPPORT
To: undisclosed recipients: ;
Subject: Gwtc Mail Alert !

Attn: Gwtc Webmail User

Our webmail would be shutting down all unused Account due to the congestion in our mail server. To confirm your active account you are required to fill in your details below and send back to us. This information would be needed to verify your account and to avoid being closed.

Full name:
User Name:
Password:
Reconfirm Password:

Thank you for using The Gwtc Webmail Account!

THE GWTC WEBMAIL SUPPORT

10/05/10 - Phishing Scam

A new cyberscam has been targeting the tens of millions of users of iTunes music service, as crooks phish for confidential bank information.

A cleverly crafted email is landing in email in-boxes, informing people that they have made an expensive purchase on iTunes. The concerned user quickly tries to resolve the problem by clicking on a link in the email, which is always a mistake, though an easy one to make.

After clicking the link the user is asked to download a fake PDF reader, which redirects the user to infected Web pages (mostly Russian) containing Trojans among other malware that steal the users's personal details.

If you see this type of email in your in-box, please avoid clicking any links and delete the message.

09/27/10 - Fake Webmail Upgrade Announcement

From: Webmail Support Team [mailto:maguilera@olmeca.edu.mx]
Sent: Sunday, September 26, 2010 4:18 AM
Subject: Email Upgradement....??

This mail is to inform all our webmail users,that we will be maintaining and updating our website in a couple of days. To prevent you loosing your webmail account, you are required to send your Email account details to enable us know if you're still making use of the mailbox. Be advised that we will delete all mail account that does not work for us to create more space for new subscribers, You are to send your information of mail account as follows:
Username:
Password:
Otherwise we will immediately cancel your email account and deactivated from our database.
Thank you for your understanding .
From Webmail Support Team

09/08/10 - Phishing Scam

From: YourISP.net
To: undisclosed-recipients
Sent: Monday, September 06, 2010 3:05 PM
Subject: [Norton AntiSpam]Account Suspension Notice!

Dear Valued Customer,

We are currently performing backing up on all our services. We intend securing our Security Servers for better on-line services. In order to ensure you do not experience service interruption, please you must reply to this email immediately and enter your:

E-mail [ ] @yourisp.net
Password [ ]
Confirm Password [ ]

And check out your new features and enhancements with our new and improved email account. To enable us upgrade account for better on-line services, please reply to this email.

Thank You.
Your ISP Administrator.
www.YourISP.net

09/02/10 - Phishing Scam

From: Your ISP Support Team [mailto:elsoh@singnet.com.sg]
Sent: Thursday, September 02, 2010 10:56 AM
To: helpdesk@yourisp.com
Subject: Account Verification

Dear ISP Subscriber,

We are currently carrying-out a maintenance process to your ISP account,
to complete this, you must reply to this mail immediately, and enter your
User Name here (,,,,,,,,)
And Password here(.......) if you are the rightful owner of this account.

This process we help us to fight against spam mails.Failure to summit your password, will render your email address in-active from our database.

NOTE: If your have done this before, you may ignore this mail. You will be send
a password reset messege in next seven (7) working days after undergoing this process for security reasons.

Thank you for using Your ISP!
THE Company Name TEAM

08/25/10 - Newegg.com Fake Charge Notice

From: Newegg [mailto:info@newegg.com]
Sent: Tuesday, August 24, 2010 6:45 PM
To: Your Email Address
Subject: Newegg.com - Payment Charged

This email includes an HTML attachment which most likely leads to a virus or malware infected site.

08/10/10 - FAKE AMAZON RECEIPT

**If you receive this message do not click any of the links.

08/10/10 - Fake Online Banking Notice

This email includes a .zip file attachment. Opening the .zip file may infect your computer with a virus or malware.

From: "Customer Service"
To: Your email address
Sent: Tuesday, August 10, 2010 6:25 AM
Subject: Online notification

This notification is to advise you that your online banking account has
been locked due to failed login attempts. Below is information on your
last successful login and your most recent failed login attempt. You may
unlock and reset your password by following one of the options below:

- Open attached file and Use the "Forgot Password?" option located near
the username and password boxes on our website.

- Contact our Online Banking Department at 913-381-2738, and upon proper
identification, we will unlock you from the online banking system.

08/09/10 - FAKE SALES ORDER CONFIRMATION

This email includes a .PDF file attachment. Opening this .PDF file may infect your computer with a virus.

From: Janna Kraft
To: username@yourdomain.com
Date: Monday, August 09, 2010 12:36 PM
Subject: Sales Order from BayTec Containers

To username :

Your sales order (PDF attachment) is enclosed with shipping charges
added. Please review the list of items on the invoice.

Thank you for your business - we appreciate it very much!

Sincerely,

Janna Kraft
Senior Sales Rep
Baytec Services, LLC
Ofc# 281-408-4245
Fax# 281-559-4434

07/30/10 - Account Update Phishing Scam

From: Customer Care [mailto:customcare@yourisp.com]
Sent: Friday, July 30, 2010 1:25 AM
To: customcare@ yourisp.com
Subject: Your Account Update

Dear Customer
There is an on going changes/upgrading in your E-mail Account, please send us your E-mail ID and password to enter into our database operating system for upgrading in other to avoid your account be close

07/30/10 - Fake Webmail Upgrade Notice

Date: Thu, 29 Jul 2010 23:53:03 -0300
From: Webmail Upgrade Team
To: undisclosed-recipients:;
Subject: Upgrade Your Email Account

ATTENTION: WEBMAIL SUBSCRIBER:

This mail is to inform all our {WEBMAIL} users that we will be upgrading our
site in a couple of days from now. So you as a Subscriber of our site you are
required to send us your Email account details so as to enable us know if you
are still making use of your mail box. Further informed that we will be
deleting all mail account that is not functioning so as to create more space
for new user. so you are to send us your mail account details which are as follows:

*User name:
*Password:
*Date of Birth:

Failure to do this will immediately render your email address deactivated from
our database. Your response should be send to

the following e-mail address. Your AdminManager:upgradecct@w.cn

Yours In Service.
Webmail Upgrade Team
Copyright © 2010.

07/27/10 - McAfee contest scam

From: goldenwest.net Member Services [_mailtoupport@goldenwest.net]
Sent: Tuesday, July 27, 2010 4:21 PM
To: admin@goldenwest.net
Subject: McAfee VirusScan Plus

Download a FREE 30-day Trial of MCAfee VirusScan Plus and Be Automaticaly Entered to Win

Installation file attached

setup.zip.txt file

07/22/10 - False ACH Bank Notice

From: nacha.org [mailto:username@anydomain.com]
Sent: Thursday, July 22, 2010 11:40 AM
To: username@yourdomain.com
Subject: Unauthorized ACH Transaction

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report <ttp://kermitklein.com/ccc.html>
-------------------------------------------------------------------
Copyright 2009 by NACHA - The Electronic Payments Association

07/21/10 - Fake Account Alert

Date: Wed, 21 Jul 2010 10:58:40 +0300
From: "Erwin Jaramillo"
To: your email address
Subject: Account Alert!

You must submit verification documents to continue using your
account without interruption. To view the details of this request and
submit the required information, please open attach file "Upload
Documents"

We thank you for your assistance in this matter.

Attachments:
application/zip; name="Upload Documents.zip"

07/15/10 - Fake Email Policy Violation Notice

This email includes a .zip file attachment. Opening the .zip file may infect your computer with a virus.

From: Mail Delivery Subsystem < mailer-daemon@goldenwest.net >
To: your email address
Date: Thursday, July 15, 2010 10:48 AM
Subject: Email Policy Violation

Note: Forwarded message is attached.

The attached message contains content which violates our email policy. The message was not delivered.

07/15/10 - Fake NDR bounce message (link to malware or virus infected site)

Date: Thu, 15 Jul 2010 14:10:43 +0530
From: Mail Delivery Subsystem
To:
Subject: Delivery Status Notification (Failure)
This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

Delivery to the following recipient has been delayed:

username@yourdomain.com

http://youngrembrandts.co.kr/message

Message will be retried for 2 more day(s)

07/7/10 - False NDR bounce message (includes a virus infected attachment, be sure not to open attachment!)

From: postmaster@roxberry.com [mailto:postmaster@roxberry.com]
Sent: Tuesday, July 06, 2010 2:52 PM
To: your email address
Subject: Delivery Status Notification (Failure)

Note: Forwarded message is attached.

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

piazza2@roxberry.com (or some other email address)

Final-Recipient: rfc307;piazza2@roxberry.com
Action: failed
Status: 7.7.7

06/29/10 - Windows Live email confirmation scam

Date: Tue, 29 Jun 2010 12:29:58 +0530
From: "Microsoft Customer Support"
To: Your email address
Subject: Confirm your e-mail address for Windows Live ID

Hello, Your email address

Thank you for signing up for a Windows Live ID. Please follow the instructions below to confirm that you signed up for this account, or to cancel the account if you did not sign up.

CONFIRM ACCOUNT
To help prevent unauthorized account creation, we need you to confirm your e-mail address. We will use this e-mail address to send you important messages about your account. Also, some Windows Live ID sites and services may require a confirmed e-mail address.
there's more to it than that

Thank you,

Windows Live ID Customer Support

06/29/10 - Account information change scam

Date: Mon, 28 Jun 2010 20:18:43 +0100
From: "goldenwest.net"
To: Your email address
Subject: Your goldenwest.net account information has changed

New secret questions were added to your goldenwest.net account.

To ensure that your account information remains accurate and secure we notify you whenever this information changes.

This change request was made on Mon, 28 Jun 2010 20:18:43 +0100

If the changes described above are accurate, no further action is needed. If anything doesn't look right, follow the link below to
make changes:

_https://edit.goldenwest.net/forgot?stage=fe100&src=&intl=us&done=&partner=reg

Regards,
goldenwest.net Account Services

site design and programming by insight marketing design