I don’t know why I feel compelled to write about this, but I’ve been getting a lot of phishing emails lately. Here is an example…
Subject: Your mailbox has exceeded one or more size limits
Date: Tue, 7 Sep 2010 03:44:08 -0700
From: “Rosales, Ariadne”
Your mailbox has exceeded one or more size limits set by your administrator.
Your mailbox size is 102145 KB.
Mailbox size limits:
You will receive a warning when your mailbox reaches 90000 KB.
You cannot send mail when your mailbox reaches 100000 KB.
You cannot send or receive mail when your mailbox reaches 100000 KB.You may not be able to send or receive new mail until you reduce your mailbox size.
To make more space available, Complete the Questionaire Below:
Click This Link And Validate Your Quota May Result In Loss Of Important Information In Your Mailbox/Or Cause Limited Access To It.
Failure To Click This Link And Validate Your Quota May Result In Loss Of Important Information In Your Mailbox/Or Cause Limited Access To It.
CONFIDENTIALITY NOTICE: This communication and any attachments may contain confidential or privileged information for the use by the designated recipient(s) named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or the attachments is strictly prohibited. If you have received this communication in error, please contact the sender and destroy all copies of the communication and attachments.
Thank you. MSG:104-123
The message seems to be warning me that my 100 megabyte quota has been exceeded by a little more than 2 megabytes. Apparently this can be corrected, not by deleting excess mail off the server, but logically by filling out a questionnaire. Failure to provide sensitive information to the form may result in loss of important information or limit access to my mailbox.
This is obviously scam. First off the email is from a domain I’ve never heard of (and by the way I have removed the email address because it is very simple to forge the from address in a message.) The next confusing thing is
that it is not implicitly to me. If you look it is to “undisclosed-recipients” which means I’ve received it as a bcc (blind carbonless copy.)
The real important thing to note here is the questionnaire. I would like to point out that receiving an email is considered authentic; where as sending an email isn’t. For example when you sign up for something and you have to wait to receive a validation email and click on a link to confirm you are who you say you are. You won’t, or shouldn’t, find a site that requires you to send them an email to automatically validate who you are.
when you receive a letter coming from your email provider that; requests you to validate your identity for your email address, with a link that brings you to a site you’ve never heard of, to enter in sensitive information that should be an immediate red flag. If this is a legitimate email coming from your email provider you may want to start questioning their integrity and it’s time to find a new provider.
In closing I should simply like to stress the importance of knowing who you are giving sensitive information to. We once sent out a letter that warned our customers about phishing email that included an excerpt of a phishing email. Sadly more than one person replied to our warning email with the information requested from the excerpt. Please always think about what information you are giving out and to who. Check the domain of the web page you are submitting data to. Consider the likelihood of the information being requested from you.
Share on Facebook