Example Of A Password Phishing Email

Example Of A Password Phishing Email

A common trick of hackers and con artists is to make you believe that you are exchanging information with a trusted person.  For example, a trick of theirs is to send you an e-mail telling you something about your e-mail or website.. such as your e-mail mailbox is full or your website domain password needs to be reset.  These attempts try to make you believe that you are sharing this information with your system administrator (i.e. us at ESG) or a trusted 3rd party like NetworkSolutions.  For obvious reasons, never respond to these attempts.  We at ESG will never contact you via -email or phone asking for your login and password.  For 3rd party providers it is best to call the number on their website (not a number provided in the e-mail) to verify what they are needing.

To help you identify a phishing e-mail attempt, we have pasted the content of a common “mailbox limit” type e-mail below.  See if you can spot some things that are wrong with this:

Dear Account UserID,

This is Web Maintenance Centre, our Technical System detected error files in your Email Account as a result that your mailbox exceeded the Storage Quota/Limit 25GB set by Administrator Database. You are currently running at a higher Storage Quota limit which is 25.98GB and may not allow your messages sent to deliver to the recipient or receiving new mails until your Email Account is upgraded.

To upgrade your Email Account to our new Power Storage Quota/Limit which is 120GB, you are to provide the below information’s to our Technical Administrator Support Teams E-Mail Address:

<typically this appears as something innocent-looking like administrator@qualityservice.com>

Upgrade Verification Form;
* Username/ID: ________________
* Password: ___________________
* Verify Password: ____________
* Email Address: ______________

Note: that the above information requested will enable us manually diagnose the error file in your Mailbox and Increase the size Storage Quota/Limit to 120GB.

Thank you for your Cooperation.
System Administrator

Copyright © 2012 System Administrator Group, Inc. All rights reserved.

 

Do you see some issues?  Here is a quick list.. which is helpful for identifying future phishing attempts as well:”

  • The generic greeting suggests they know little or nothing about you.  Sometimes this might be your e-mail address.. but of course they already have that so that proves nothing.  Do not trust any e-mail that cannot identify you by at least three elements (i.e. e-mail, first and last name, last four of your account number or login).
  • The e-mail is overly wordy without being specific on who is trying to reach you.  The generic response address.. an administrator account at a domain you have never heard of.. is another read flag that they are trying to hide their identity.  But even if the e-mail address appeared to be from a company like GoDaddy or NetworkSolutions, do not click on it or reply to the e-mail.. call them directly instead using the number from their website.
  • The body of the e-mail asks for information the sender should already know if they are legitimate.  Why would they need your username if they already know your mailbox is over its limit?  Gaps in logic like this are a big clue that the e-mail is bogus.
  • Throughout the e-mail there are incorrect uses of capitalization and wording.  While it is common to have a single spelling or capitalization error in the course of normal business, having numerous errors in a single e-mail suggests that the writer is not speaking native English.  Another tip-off along these lines is the use of spellings that are more common in other languages.. note the spelling of center as Centre.

As always if you are unsure of an e-mail, you can contact us at ESG at (913) 538-5576 to discuss the e-mail or contact the alleged sender of the e-mail directly from their known website.  And if you suspect an e-mail is bogus, delete it without replying and without clicking on any links it might contain.