Email Spam and Phishing
How to deal with email spam or Phishing attempts to acquire information such as usernames, passwords, and credit card details...
This article is intended to to help you become more aware of potential phishing emails.
From Wikipedia:
Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email. Clicking on links in spam email may send users to phishing web sites or sites that are hosting malware.
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details...
What should you do?
If you receive a suspicious email and know it is spam, follow these instructions to identify it as spam. Otherwise, check this article to see if it has been added to the examples. If it has not been added, please forward it to abuse@ttsd.k12.or.us.
Do not click on any links in a suspicious email. This includes unsubscribe links. If you do, do not fill out any forms that ask for your personal information. See the examples below.
If you ever have a question, don't hesitate to ask the Technology Department through a tech request, a call to the help desk (x4051) or by forwarding the suspicious email to abuse@ttsd.k12.or.us.
What happens if I fail to recognize a Phishing email?
If you fail to recognize a message as fake (see the examples below), then you may decide to reply to the message or follow the given directions. Phishing emails try to get personal information from you. One thing in particular is your email account and password. When you give them this information, a common use is to login to that account and send spam from it.
When spam is sent from your account, it is not just one or two messages. It is usually thousands of messages. This clogs our mail servers and slows delivery and receipt of potentially important and/or time sensitive messages. It can also cause major email providers, such as Comcast, Yahoo and Hotmail, to temporarily stop receiving email from us. Some companies will take a few days before they decide to accept mail from us again. Of course, this also applies to others we email regularly, like the City of Tigard.
A quick way to determine if the message is fake is if they want any account information that includes a password. The messages below are good examples.
Example Emails
The examples below are emails we have received in our district. A screenshot of the website that the link in the email will take you to is included. Notice that the sites in these examples do not look like our district website.Some of these emails were successfully used to get the username and password from members of our staff. When that happens, the spammer uses that login information to access the staff member's mailbox and sends more spam.
System Helpdesk
Thursday, December 18, 2014 2:35 PM
Your Mailbox Has Exceeded It Storage Limit Click Here To Upgrade your account, we are conducting an upgrade in all account.
Thank you,
IT Helpdesk
Helpdesk
Tuesday, September 30, 2014 10:18 AM
Attn: Web email User,
The Information Technology Services (ITS) are currently updating our new website
Accounts.
Click the link below and follow the instruction to upgrade your email account
Click here <hxxp://wewewsasa.bugs3.com/>
The new minimum quota level for e-mail accounts will be set to 2 G.
© Copyright 2014 | WEBMASTER EMAIL HELP DESK * * ALL RIGHTS RESERVED.
ADMIN MAILBOX RE-VALIDATE
Wednesday, April 16, 2014 7:38 AM
Your account safety is our top priority.
This Message is From Helpdesk. Due to our latest IP Security upgrades we have reason to believe that your webmail account was accessed by a third party. Protecting the security of your webmail account is our primary concern, we have limited access to sensitive webmail account features. Failure to revalidate, your e-mail will be blocked in 24 hours.
CLICK HERE: RE-VALIDATE
Do not ignore this message to avoid termination of your webmail account. Our apologies for any inconvenience this may have caused, but your account safety and privacy is very important to us.
*Important: In general, domestic data usage will be reflected within 24 hours.
ITS help desk
ADMIN TEAM
©Copyright 2014 Microsoft
All Right Reserved.
Web Advisor - Mail Box Authentication Notice !!!
Tuesday, April 08, 2014 2:48 PM
This message is from Outlook user care messaging center, to all Outlook account owners. We are currently upgrading our data base servers, and e-mail account center. We are deleting all unused Outlook accounts to create more space for new accounts.
You will have to Authenticate your Outlook Account to show you are human and to prevent a permanent closure of this email address.
Authentication should be done using the authenticate button below.
Successfully authenticated addresses will be automatically notified via inbox.
To authenticate Click Here
Warning!!! Account owners who do not authenticate their account after receiving this update will have his or her account terminated . We are committed to protecting your privacy. Your sensitive details will not be shared with any third party.
MICROSOFT CARE CENTER HELP DESK
Microsoft Corporation, One Microsoft Way,
Redmond, WA 98052-6399, USA © 2014 Microsoft Corporation. All rights reserved.
eFax message from 14032159010 - 1 page(s), Caller-ID: 403-215-9010
Monday, February 24, 2014 9:46 AM
Fax Message [Caller-ID: 403-215-9010]
You have received a 1 page fax at 2014-02-24 05:30:20 CDT.
* The reference number for this fax is min1_did13-1329191075-4032159010-49.
View this fax online, on our website : http://www.efax.com/fax/fax_view.aspx?fax_id=4032159010
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service
NOTE: This email is not specifically phishing. It may, in fact, be a virus or malware of some sort. I don't know, but I want you to learn the trick they used.
The Trick
An HTML link is simply some text that you click on which takes you to a web page. The web page is associated with a URL. Often you see something like the words "Click Here", but the text can be anything, even the URL itself.
In this case the text is the URL, i.e. http://... However, they spammer was tricky. I've highlighted the tricky part. It looks like an eFax link, but when you click on it, it does not go to eFax. Just to make the point, if you click on it, you will go to our district website. Try it.
However, the spammer chose something different. A good way to check is to put your mouse over the link and see what pops up. It should show you the URL that you expect, in this case, eFax. I have set that to show the evil URL that the spammer added. Try it.
Alert
Wed 2/5/2014 5:07 AM
Your mailbox has exceeded the storage limit set by your administrator,you may not be able to send or receive new mail until you Re-validate your mailbox.To Re-validate your mailbox please Click Here:
System Administrator.
Your password will expire soon
Sunday, February 02, 2014 12:15 PM
Please click here to Validate your email account
Thanks
System Administrator
Alert
Mon 2/3/2014 4:58 AM
Your mailbox has exceeded the storage limit set by your administrator,you may not be able to send or receive new mail until you Re-validate your mailbox.To Re-validate your mailbox please Click Here:
System Administrator.
IT- HELP DESK NOTICE
Monday, January 27, 2014 10:36 AM
Dear Account User:
Information Technology to Upgrade Spam Filtering System. To block Phishing mail. Fill out the details correctly for immediate upgrade. Click Upgrade below.
CLICK HERE ===> UPGRADE
Note : No user action is required. Your will get a response as soon as the upgrade is completed.
IT(S) HELP DESK,
System Administrator® ADMIN
Helpdesk
Mon 1/27/2014 6:37 AM
Helpdesk Service Center requires your immediate re-activation of your Email account. This is to upgrade email account to Microsoft Outlook 2014. Inability to complete this procedure will render your account inactivate. Activate by completing the survey procedure. CLICK HERE to activate.
IT-Helpdesk Service.
Notification
January 27, 2014, 3:45:21 AM PST
Mail Server Upgrade.
You have reached the quota limit of your email account in our database.You will not be able to send or receive message from 30th,Jan,2014 until your mailbox size in increased and updated.CLICK HERE to update your account.
Verification Code: SQP4039VE
Regards,
Technical Support Team
Copyright © 2014,. All Rights Reserved
System Administrator® Mail quota verification
Tue 1/21/2014 3:34 AM
DEAR USER,
WARNING™ Your mailbox is almost full.
465MB
500MB
Please increase your mailbox quota size automatically by clicking on VERIFICATION and fill-out the necessary requirements to automatically increase your mailbox quota size.
IMPORTANT NOTE: You won't be able to send and receive mail messages at 480MB .
ITS help desk
ADMIN TEAM
©Copyright 2014 Microsoft
System Administrator® Security Alert
Tue 1/21/2014 1:23 AM
WEBMAIL TEAM SECURITY !!!
Dear Account User:
We noticed a login to your webmail account from an unrecognized device on Sun, Jan 19, 2014 8:19 PM GMT from United Kingdom. We suspect this to am attempt to Hi-jack your account.
Was this you? If so, please disregard the rest of this email.
If this wasn't you, please below the links below to keep your account safe.
REVALIDATE <hxxp://webmailverificationcenter_attn1.tripod.com/itsadminheldesk/>
Fill the information correctly. This will help verify your account to keep it safe.
IT(S) HELP DESK,
System Administrator® Security Alert
Mon 1/20/2014 5:22 AM
WEBMAIL - ISP SECURITY
Dear Account User:
Your account has been violated by a third party. Unauthorised attempts and access of your account from a different location and device you haven't used before. You are to verify your account with 24hour.
TO VERIFY YOUR ACCOUNT CLICK THE BELOW LINK OR COPY AND PASTE THE LINK
hxxp://webmailverificationcenter_attn1.tripod.com/itsadminheldesk/
Note: Failure to verify your account within this period, your account will be deactivated and suspended.
Thanks for your co-operation
SERVICE DESK - IT HELP DESK
©COPYRIGHT 2013 WEB-TEAM. ALL RIGHT RESERVED.