skip to primary navigationskip to content
 

Other scam emails

The problem

Scam emails can take several forms, including appearing to come from a bank, building society or similar financial institution, or from one of the online payment or auction sites, for example PayPal or eBay. Other messages appear to show that you have ordered an item, often an expensive electrical item, or that your email account is about to be closed for some spurious reason.

These messages commonly contain an invitation to visit a website to confirm or check details. An alternative is a request that you reply to the message, or open a document or run an application attached to the message.

You should be wary of these messages and invitations, particularly if phrases like "security checks" or "security updates" are used, or if you are invited to "update your credit/debit information", "verify your email address", "verify your information", "verify" or "track the status" of your "order". You should simply delete these messages. On no account should you visit the website apparently advertised, reply to the message, or open any attachment to the message.

Samples of messages

Below are samples of text taken from messages that have been addressed to people at Cambridge. In messages where the name of the company or institution has been replaced by the phrase [COMPANY NAME] the same text is frequently used in messages apparently sent by several companies.

An important thing to note is that, when you receive one of these messages, the link to the website will look perfectly normal and will apparently show the name of the real website of the company. However they often exploit vulnerabilities in web browsers, together with features of HTML that allow redirection to another (false) site without it appearing that this has happened. The true nature of the URL hidden behind the apparent link is visible if you look at the source HTML of the message. For example in one message a link apparently to http://www.barclays.co.uk actually contained <a href="http://210.15.78.10/img/.b/1,,logon,00.html">http://ww w.barclays.co.uk</a> which would send you to a site set up to harvest information and card details. Other links use site names that are look as though they could belong to the company, frequently using part of the name in the link, for example www.ebaydbs.com

Please note that these are samples - they are intended to give a flavour of the types of message that you may receive. There are, of course, other variations in wording. The Anti-Phishing Working Group (phishing is the term used to describe attempts to obtain personal data such as account usernames and passwords, and credit card details) is building an archive of phishing scam emails and their site is a good place to check the range of scams.

  • Two typical invitations to "reactivate your account"
    Dear Customer
    
    This message is from [COMPANY NAME], to inform you
    that we had updated our anti-fraud system to prevent
    frequent fraud attempts. At this moment we need you to
    reactivate your account due to software security updates.
    All accounts that haven't been reactivated will be placed
    on hold.
    
    To verify your account, please visit the IBank
    website at http://www.[COMPANY NAME].co.uk
    
    If you have questions about your online statement,
    please send us a Bank Mail or contact the Online Banking
    Helpdesk on 0845 600 2323
    
    We appreciate your business. It's truly our
    pleasure to serve you.
    
    [COMPANY NAME] Customer Care
    
    This email is for notification only. To contact us,
    please log into your account and send a Bank Mail.
    
    ---------------------------
    
    Dear Valued Customer,
    
    We have just installed our new security system
    which will help you to avoid frequently fraud
    transactions and to keep your investments in safety.
    
    Due to this technical update we are insisting our
    clients to verify reactivate their accounts.
    
    Please click on the link below and wait while a new window
    opens. Then fill out [COMPANY NAME] account verification form
    and click the 'submit' button. The verification process
    normally takes about 10 seconds but it may take longer
    during certain times of the day. When your information
    will be successfully updated, you will return to the main
    page.
    https://online.[COMPANY NAME].co.uk/applypassword.ibc
    
    We appreciate your business. It's truly our pleasure to serve you.
    
    [COMPANY NAME] Customer Care
    
    This email is for notification only. To contact us,
    please log into your account and send a Bank Mail.
    
  • "Your account has been randomly chosen for verification"
    Dear customer!
    
    Please read this important message about
    security. We are working very hard to protect
    our customers against fraud. Your account has
    been randomly chosen for verification. This is
    requested to us to verify that you are the real
    owner of this account. All you need to do is to
    click on the link below. You will see a verification
    page. Please complete all fields that you will see
    and submit the form. You will be redirected to [COMPANY NAME]
    IBank home page after verification. Please note that if
    you don't verify your ownership of account in 24 hours we
    will block it to protect your money. Thank you.
    https://[COMPANY NAME].co.uk/fp/1_2x/online/1,,logon,00.html
    
  • "Verify your e-mail address"
    Dear [COMPANY NAME] Internet Banking Customer!
    
    This email was sent by the [COMPANY NAME] server to verify
    your e-mail address. You must complete this process
    by clicking on the link below and submiting [COMPANY NAME]s
    secure verification form which appears in your browser
    
    This is done for your protection --- because some of
    our members no longer have access to their email addresses
    and we must verify it.
    
    Please use this unique link to the [COMPANY NAME] verification form
    to verify your e-mail:
    http://www.[COMPANY NAME].co.uk?EmailID=jksdf8sdgasJUYCvbb
    
  • Credit/Debit card "Security Update" - this email also contained a link to a false site.
    Dear Sir/Madam,
    
      We were informed that your card is used by another person or
      stolen. It could happen if you have been shopping on-line, and
      someone got your "Billing information" including your card
      number. To avoid and prevent any billing mistakes and to
      refund your credit card, it is strongly recommended to proceed
      filling in the secure form on our site and applying for our
      Zero Liability program. This program is free and it will help
      us to investigate this accident.
    
      Sincerely yours, [COMPANY NAME] Support Assistant, [NAME].
    
  • Sample of message apparently in response to an order
    ON-LINE ORDER CONFIRMATION
    
    Account Number: 24879712a
    password: ******
    Order Number: PBW7992
    Order Total: $4,490.50
    
    Thank you for ordering from pcihotup.com, below is your order detail.
    
    Your order is currently being reviewed and processed. We will send you an
    e-mail confirming shipment and providing pertinent shipping information as
    soon as your order ships.
    
    The Following item(s) are included with this order:
    -------------------------------------------
    Item : PANASONIC - TH42PHD6UY 42-IN HDTV PLASMA
    DISPLAY
    Product Code : TH42PHD6UY
    Price : $4,135.00
    Quantity : 1
    Price : $4,135.00
    
    Subtotal $4,135.00
    Shipping $355.50 Grand Total $4,490.50
    -------------------------------------------
    
    You can track the status of your order anytime you like (24/7) online by
    going to our website www.pcihotup.com and logging into your account.
    
    It was a pleasure to serve you and we hope you visit us again soon. If you
    have any questions, please contact us.
    
  • PayPal scam - run the attached application to update your personal profile.. .
    Dear PayPal member,
    
    We regret to inform you that your account is about to be expired in next five
    business days. To avoid suspension of your account you have to reactivate it by
    providing us with your personal information.
    
    To update your personal profile and continue using PayPal services you have to
    run the attached application to this email. Just run it and follow the
    instructions.
    
    IMPORTANT! If you ignore this alert, your account will be suspended in next
    five business days and you will not be able to use PayPal anymore.
    
    Thank you for using PayPal.
    
  • eBay scam using a false site with a name that is quite plausible at first sight
    Dear Customer,
    
    Update your credit /debit card on your eBay account 
    
    http://www.ebaydbs.com/
    
    Use this secure form to update your credit/debit card information on 
    your eBay account. The transmitted credit/debit card information is 
    protected by the industry standard encrypted SSL connection. 
    
    Unfortunately, eBay has not been able to authorize your credit/debit 
    card. Your credit/debit card information must be updated on your eBay 
    account immediately. 
    When you update your credit/debit card on eBay, eBay will attempt to 
    authorize your card. The response from your credit/debit card company 
    will appear on your account status page as either approved or declined 
    within 24 hours of receipt. 
    Note : If you have a Billpoint account, your credit/debit card will not 
    be updated. 
    
    Click to link http://www.ebaydbs.com/ and update your information.