Phishing and Spam Alerts

Information security is everybody's responsibility!

See samples

What is E-mail Spam and Phishing?

E-mail spam are messages sent to many people, often simultaneously, that either contain web links to Internet websites that host malware or contain executable malware within the message designed to infect the computer when opened. These messages are also called junk e-mail.

Phishing is the term for messages sent to individuals via e-mail or text message with the intent to fool unsuspecting recipients into providing personal information, such as user names, passwords and financial account information. They often employ social engineering tactics by creating messages that appear to be legitimate. These messages can also lure individuals to malware-hosting websites.

Spear phishing differs from phishing in that it targets a specific department, division or college, seeking unauthorized access to protected information. These messages allegedly come from IT support staff or other professionals in a position of authority from within the targeted department, division or college. As with phishing, these e-mails will attempt to trick users into divulging personal or financial information, or their credentials, or entice them into clicking on a link that could install malware on the computer.

ITS provides this website to help campus users identify illegitimate messages. The samples below are actual messages that are currently, or were previously, circulated on our campus.

If you have any questions related to the legitimacy of an e-mail message that you have received, please contact the ITS Help Desk at helpdesk@calstatela.edu or call them at 323-343-6170

Other Resources:

June 27, 2017

---------------- Phishing E-mail ----------------

From: Jeannette E. Smith [no-reply@newsmail33.com]
To: Recipient
Subject: Reference #420449207961 from Wickes Furniture
phishing email message looks like an order from Wickes Furniture with link to download malicious file

TOP

June 27, 2017

---------------- Phishing E-mail ----------------

From: Catherine T. Wilkerson [no-reply@mailserve7ff.de]
To: Recipient
Subject: Inovice #246517613444 from Best Products
phishing email message looks like an order from Best Products with link to download malicious file

TOP

June 27, 2017

---------------- Phishing E-mail ----------------

From: Norma R. McIntosh [no-reply@mailserve7ff.de]
To: Recipient
Subject: Order #190012338127 from American Appliance
phishing email message looks like an order from American Appliance with link to download malicious file

TOP

June 21, 2017

---------------- Phishing E-mail ----------------

From: De Leons Transport, Inc. [quickbooks-email@deleonstransportinc.com]
To: Recipient
Subject: Invoice 02432 for calstatela.edu
phishing email message looks like an invoice from Intuit with link to download malicious file

TOP

June 20, 2017

---------------- Phishing E-mail ----------------

From: order-update@amazon.com [order-update@amazon.com]
To: Recipient
Subject: Amazon.com - Your Cancellation (114-685-4526)

Dear Customer,

Your order has been successfully canceled. For your reference, here's a summary of your order:

You just canceled order 114-685-4526 placed on June 21, 2017.

Status: CANCELED

____________________________________________________________________

1 "Wilkes"; 2003, Second Edition
By: Jasen Patterson

Sold by: Amazon.com LLC

_____________________________________________________________________

Thank you for visiting Amazon.com!

---------------------------------------------------------------------
Amazon.com
Earth's Biggest Selection
http://www.amazon.com
---------------------------------------------------------------------

TOP

June 12, 2017

---------------- Phishing E-mail ----------------

From: Wells Fargo Online [wellsfargo@online.com]
To:
Subject: We locked your account access IUPMOIZZPV
phishing email message pretends to be from Wells Fargo

TOP

June 6, 2017

---------------- Phishing E-mail ----------------

From: Rocxx, Amos [Amos.Rocxx@lrsd.org]
To:
Subject: ITHelp Survey invitation

You have been invited to take a Satisfaction survey for a recent IT-Help ticket.

Click here to take your survey

To view your survey queue at any time, sign in and navigate to Self-Service > My Assessments & Surveys.


Additional details about this Survey are:

Number #: INC1798292

Short Description: HELP-DESK ALERT.

Description:

Resolved Date: Today 14:48:36 EDT

Ref:MSG5211182

TOP

June 5, 2017

---------------- Phishing E-mail ----------------

From: American Express [AmericanExpress@ampress.com]
To: American Express [AmericanExpress@ampress.com]
Subject: Information About your CardMember Account.
Attachments: AEMWWDPD0009.html

phishing email message pretends to be from American Express

TOP

June 5, 2017

---------------- Phishing E-mail ----------------

From: Helpdesk [avixx@uninove.edu.br]
To: noreply@netcombo.com.br
Subject: Verify Your Account

This e-mail has been sent to you by Office 365 to inform you that we were unable to verify your account details. This might be due to either of the following reasons:

1. A recent change in your personal information. (eg: address, phone)

2. illegal use of your account.

Due to this, to ensure that your email service is not interrupted, we request you to confirm and update your information today by following the link below

VERIFY

Office 365! Mail Product Management

TOP

May 22, 2017

---------------- Phishing E-mail ----------------

From: Wxx, Amy [wxxa@ohio.edu]
To: Recipient
Subject: Re: PO 589641 & 589640

phishing email message pretends to be from DocuSign

TOP

May 15, 2017

---------------- Phishing E-mail ----------------

From: Tyler Holmes via DocuSign [dse@docus.com]
To: Recipient
Subject: Completed calstatela.edu - Accounting Invoice 441350 Document Ready for Signature

phishing email message pretends to be from DocuSign

TOP

May 11, 2017

---------------- Phishing E-mail ----------------

From: OFFICE365_SUPPORT9030039000459502323-MS_009304.on.mail.onmicrosoft.com [00903009040report@ms-0ffice365supportplanquota.us.com]
To: Recipient
Subject: ####Error ID 900381438034 ## Upgrade Plan

phishing email message pretends to be from Office365

TOP

May 4, 2017

---------------- Phishing E-mail ----------------

From: USPS [usps@uspz.com]
To: Recipient
Subject: USPS Proof of Delivery letter on your shipment EI64689072US

This is a post-only message. Please do not respond.

Label Number: EI64689072US

Service Type: Express Mail®

Thank you for requesting a Proof of Delivery letter on your shipment.

Your Proof of Delivery letter can be viewed online, by visiting the link below:

https://www.usps.com/shipping/delive ry/view.do?file=proof_of_delivery&tracking=EI64689072US

You will need Microsoft Office software to view the DOC file.

If you have additional questions on Track & Confirm services and features or if you have difficulties viewing the file, please visit the Frequently Asked Questions (FAQs) section of our Track and Confirm site at http://www.usps.com/shipping/trackandconfirmfaqs.htm for more information.

-------------------------------------------------------- ----------------------

Results provided by the U.S. Postal Service.

TOP

May 3, 2017

---------------- Phishing E-mail ----------------

From: Muhammad Sofi Shxx bin Md Saxx / RETAIL / Kedah [shxx.saxx@pos.com.my]
To: No-reply@microsoft.net
Subject: Webmail Upgrade 2017

Webmail Upgrade 2017

Dear Customer,
We notice some irregularities from your mailbox and you are obliged to please clink this LINK and fill in your correct details and failure to do this your account will be suspended.

Thank you for your Understanding.

Microsoft Team®

TOP

April 20, 2017

---------------- Phishing E-mail ----------------

From: Alxx, Lynn [lalxx@calstatela.edu]
To: Recipients
Subject: Important Notice for office

phishing email message pretends to be from Office365

TOP

April 19, 2017

---------------- Phishing E-mail ----------------

From: Traffic Police [twrixx@ragasconsultancy.com]
To: Recipient
Subject: Parking ticket #987111363

You received a parking ticket!


26-141 - Parking of motor car or otherwise obstructing fire lanes shall be forbidden at all times

TrialLaw Court appearance required

Parking ticket number information: PTD987111154


Parking fine

To pay your parking ticket, download your fine and choose one of 2 convenient ways:
1. Online
Pay online by Visa or Mastercard, $2 processing fee.

2. By phone (automated system)
Pay by Visa or Mastercard at (866)562-9742

Best wishes,
Police Department.

TOP

April 19, 2017

---------------- Phishing E-mail ----------------

From: Roy Baxx [gottschalk_markxx@t-online.de]
To: Recipient
Subject: Hi

Hello
I visited your website today..
I'm currently looking for work either part time or as a intern to get experience in the field.
Please look over my CV and let me know what you think.

Attached to my google drive here
My resume is password protected. The password is 123456

Respectfully yours,

--
Roy Baxx

TOP

April 18, 2017

---------------- Phishing E-mail ----------------

From: Delta Air Lines [orders@deltaa.com]
To: Recipient
Subject: Your order 55034568 with Delta Air Lines has been confirmed!

Delta Airline logo

Your order on Delta.com website is now complete and your credit card has been charged.
Your flight number , seat number and other important details can be found on your ticket, below:

https: //www.delta.com/orders/viewTicketO nline.do?name=jsee&flight_no=NY7354534170


To check your flight status , please visit : http: //www.delta.com/flightinfo/viewFlightStatusSetup
You can do the check-in online, here: https: //www.delta.com/PCCOciWeb/findBy.action


Thank you for flying with us

© 2017 Delta Air Lines, Inc. | Travel may be on other airlines.

Terms and conditions apply to all offers and SkyMiles benefits. See specific offer for details, and visit SkyMiles Membership Guide & Program Rules

TOP

April 15, 2017

---------------- Phishing E-mail ----------------

From: Customer Service [inrxx@nicoletcoiffure.nl]
To: Recipients
Subject: Security Notification

phishing email message pretends to be from USAA Bank

TOP

April 14, 2017

---------------- Phishing E-mail ----------------

From: PayPal [qwqkoax@services.net]
To: PayPal
Subject: An Issue ON Your Account
Attachments: AttachedFile.html

We ask for your time to carefully read this notification sent by our Account Review Team.

Our security system has blocked unusual charges to a credit card linked to your account.

An intrusion into your account has been detected which shows that someone tried to access your PayPal account without your permission. We have limited access to your account due to this problem. Moreover, we have sent you an attachment which contains all the necessary steps in order to restore your account access. Please download and open it in your browser.

Please do understand that this is a security measure taken with intention to protect you and your account. We apologize for any inconvenience.

TOP

April 12, 2017

---------------- Phishing E-mail ----------------

From: USAA [us@nicx.com]
To: Recipients
Subject: USAA Incoming Transaction Alert

phishing email message pretends to be from USAA

 

TOP

April 10, 2017

---------------- Phishing E-mail ----------------

From: USPS [notice@ussp.com]
To: Recipient
Subject: Delivery notification - Parcel delivery 8077571021 failed

Your package could not be delivered because our courrier could not find anyone at the destination address.

Service type : Next Day Ground
Package size: Medium
Weight: 12.94 lbs
Date : April 10 2017

Please call the number on the shipping notice we left at your doorstep, to arrange a new delivery.

You can view the delivery notice online, on the USPS website:
https: //tools.usps.com/shipping/tracking.file?id=8077571021 &date=04/10/2017

If a new shipment is not arranged in 24 hours, the package will be returned.
Microsoft Word must be installed on your PC.

Copyright 2017 USPS. All Rights Reserved.

TOP

April 10, 2017

---------------- Phishing E-mail ----------------

From: IT DESK [kincaidxx@ksu.edu]
To: Recipient
Subject: URGENT UPDATE!

GENERAL ANNOUCEMENT

All School email account holders are to upgrade their school email address now, following the link below via office365 server, failure to upgrade your email account will lead to the closure of your school email account.
UPGRADE NOW

IT DESK

TOP

April 7, 2017

---------------- Phishing E-mail ----------------

From: ACCOUNT SERVICE [shipping@impratea.co.ke]
To: Recipient
Subject: user@calstatela.eduYour Account will Expire, Wednesday, April 12th/ 2017

Your Account Will Be Blocked!
user@calstatela.edu

Your Account will Expire, Wednesday, April 12th/ 2017
If you would like to continue using your Email Address,
user@calstatela.edu

Upgrade Your Account Now

YOU WILL LOSE YOUR EMAIL ADDRESS IF YOU DO NOT UPGRADE YOUR ACCOUNT.

UPGRADE IS FREE OFF CHARGE.

Thanks.
Mail service provider ! ©2017 All Rights Reserved

Disclaimer:
This email and any attachment thereto are confidential and privileged. If you have received it in error, please delete immediately and notify the sender. Do not disclose, copy, circulate or in any way use it. The information contained therein is for the intended address(es) only, if you reply, its at your own risk. Emails are not guaranteed to be secure or error free, the message and any attachment could be intercepted, corrupted, lost, delayed, incomplete or amended. Outlook.Inc does not accept liability for any damage caused by this email or its attachment.

TOP

April 3, 2017

---------------- Phishing E-mail ----------------

From: Apple [apple@service.com.us]
To: Recipient
Subject: Please update your Account Information

 

phishing email message pretends to be from iTunes

 

TOP

April 3, 2017

---------------- Phishing E-mail ----------------

From: Axx, Erixx [eaxx@calstatela.edu]
To: Recipient
Subject: Final Warning

WebMail Portal+
Dear Customer, Thank you for using our verification system.

Click Here to Verify you are the true owner of this account.
NOTE: Please do not click the link more than once.

Ignorance Of this mail will lead to permanent lock.
Thanks.
Webmail copy;

TOP

April 1, 2017

---------------- Phishing E-mail ----------------

From: Chase Online [Noreply@uvu.edu]
To: Recipients
Subject: Online Banking Security Update

 

Chase logo

Dear Customer:

A new account update is available for your account ending in 0***5.

To view update, log in using the link below.
www.ChaseOnlineUpdate.Com

If you aren't enrolled in Online Statements and believe you have received this message in error, please contact our Customer Support team immediately at the phone number listed under the "Contact Us" link that you see after logging in to our website.

Please do not respond to this notification e-mail.

Sincerely,

Online Banking Team

 

TOP

March 30, 2017

---------------- Phishing E-mail ----------------

From: Bank of America [NoreplyBoa@uvu.edu]
To: Recipient
Subject: Online Access Security Update

 

phishing email message pretends to be from Bank of America

 

TOP

March 20, 2017

---------------- Phishing E-mail ----------------

From: Team Support [notfication@support.com]
To: Recipient
Subject: Your iOS Lost device was found near !

 

phishing email message pretends to be from iTunes Services

 

TOP

March 16, 2017

---------------- Phishing E-mail ----------------

From: Vxx R. Cappucci [xxxxx@ent-law.com]
To: Recipient
Subject: RE: divorce papers

My name is Vincent Cappucci and I am a senior partner at ENTWISTLE & CAPPUCCI LLP.
Your spouse has contracted me to prepare the divorce papers.
Here is the first draft , please contact me as soon as possible:

http: //www.entwistle-law.com/papers/divorce.doc

Thank you
Vxx R. Cappucci
Senior Partner
xxxxx@ent-law.com
Phone: 212-894-****
Fax: 212-894-****

TOP

March 8, 2017

---------------- Phishing E-mail ----------------

From: Mxx, Zach [zmxx@calstatela.edu]
To: INF@MSN.COM
Subject: Support

Your mailbox is filled up and need to be validated to avoid deactivation. Kindly click on the link below to avoid your account from been disabled.

Click here

Outlook365 Support.

TOP

March 6, 2017

---------------- Phishing E-mail ----------------

From: Capital One [capitalone@online.com]
To: Capital One
Subject: We locked your account access HNDSERSYQB

 

phishing email message pretends to be from Capital One

 

TOP

March 2, 2017

---------------- Phishing E-mail ----------------

From: Staff Portal [qzhxx@middlebury.edu]
To:
Subject: Important Announcement

A meeting has been scheduled,

Click here to view details

California State University, Los Angeles

TOP

February 27, 2017

---------------- Phishing E-mail ----------------

From: ADP Billing [billing@adp-service.com]
To: Recipient
Subject: Your invoice 712743 is ready for your review!

 

ADP logo

Your most recent ADP invoice has been generated and is ready for your review.
You can download it by visiting the ADP website:
https: //invoices.adp.com/service/view.action?file=invoice&nbr=7 12743
Thank you for choosing ADP as your business partner.
Important: Please don't reply to this message. It is been generated from an unattended mailbox.

 

TOP

February 25, 2017

---------------- Phishing E-mail ----------------

From: Navy Federal [navy@penn.com]
To: Recipient
Subject: Suspicious Sign in Attempts Noticed
 

phishing email message pretends to be from Navy Federal Credit Union

 

TOP

February 25, 2017

---------------- Phishing E-mail ----------------

From: Bank of America Alert [admin@saschagrunert.de]
To: Recipients
Subject: Bank of America Alert: Your Online Access Is Temporarily locked

 

phishing email message pretends to be from Bank of America

 

TOP

February 4, 2017

---------------- Phishing Web Page ----------------

phishing web page pretends to be legit with our campus logo

TOP

February 4, 2017

---------------- Phishing E-mail ----------------

From: Agxx, Axxxx [aagxx@calstatela.edu]
To: [info37xx@calstatela.edu]
Subject: Notice

Your University E-mail account will be shutdown due to several negligence of emails regarding mailbox upgrade. To avoid this please click HERE and verify your Tulane email account.

Warm Regards,

Help-desk Administrator.

TOP

February 3, 2017

---------------- Phishing E-mail ----------------

From: Morxx, Hxxxx [hmorxx@calstatela.edu]
To: [SERVICE@MAIL.COM]
Subject: HELPDESK

We have reasons to believe that your account has been violated and access by a third party. Please click HERE and verify your Mailbox to avoid deactivation.
Warm Regards,

TOP

January 24, 2017

---------------- Phishing E-mail ----------------

From: Axxxx, Ruby [xxxxxx@calstatela.edu]
To: Axxxx, Ruby [xxxxxx@calstatela.edu]
Subject: Re: Incoming mail rejected

phishing email message pretends to be from helpdesk

TOP

January 23, 2017

---------------- Phishing E-mail ----------------

From: [joxxxx@sbcfire.org ]
To: Recipients
Subject: URGENT

Your Outlook Mailbox password will expire soon. you are to send your USERNAME and PASSWORD to our staff helpdesk email at employee_outlookxx@mail2webmastxx.com for immediate Validation. You may not be able to send or receive emails if you fail to do this. This message is from Technical Support.

TOP

January 23, 2017

---------------- Phishing E-mail ----------------

From: Manager [xxxxxx@calstatela.edu]
To: Recipient
Subject: Transaction Request

Hi,

I would like you to handle a financial task. Email me back and let me know if you're available right now.

xxxxxx
Manager.


Sent from my iPhone

TOP

January 23, 2017

---------------- Phishing E-mail ----------------

From: ITS HELPDESK [postmaster@bandmplumbixx.com]
To: undisclosed-recipients
Subject: Your Password Expires Today.

Webmail user,

Your Password Expires Today. You are hereby directed to click on ITS HELP-DESK to update your password to continue with your mailbox and follow instructions. . We advise that your mailbox password be update immediately. Failure to comply with these guidelines may result in a loss of access to your Webmail account. Kindly use the link above to complete your Web-mail User authentication form.

NOTE: JUST FOLLOW THE INSTRUCTION VIA THE ITS HELP-DESK.

© Copyright 2017.
All Rights Reserved

TOP

January 19, 2017

---------------- Phishing E-mail ----------------

From: System Support [support.bgxx@elcotodecaza.com]
To: Recipients
Subject: Re: [Ticket AN-59666-659226363] urgent notice

Important notice!

Dear customer, check your money balance at this link.
And be sure to check Your Bank Verification Status.

-
Regards,
Rainer Fischer
Chief Technical Officer
Money System Support
19.01.2017 15:35:59

TOP

Phishing and Spam Archive