Here are some examples of actual phishing emails received at Oakland University.

These first examples are trying to get you to give the criminals your log in information so that they can steal your identity, and, most likely, your money.

Example 1. NEW! Credit monitoring alert


Criminals will take advantage of timing. During tax season, OU employees received this alert, which is actually warning you about people trying to steal your identity. Clever. There are several clues, though, that tell you it isn't legitimate:

Phishing email.png

The comments in red are from OUPD. I also want to point out the very casual tone, the use of the ampersand symbol (&), the poor grammar, capitalization and punctuation.


Example 2. Email log-in


From: Oakland University <mail_servicetnc@yahoo.com>
Date: April 21, 2013, 4:51:23 PM EDT
To: undisclosed-recipients:;
Subject: Mail Upgrade
Reply-To: Mail_admin@oakland.edu

Dear Oakland Webmail user,

We are currently carrying out a maintenance process to our server account. We request that all our Mail email users upgrade their account. This process will help to fight against spam mails and improve on our services. Please click on this link http://klcves.php5.cz/ to upgrade your account.

Failure to upgrade might render your mail box in-active after successive upgrading to a more secured server within 7 day.

Thanks for complying.

Mail_admin@oakland.edu


This is supposed to be a message from Oakland University, but if you notice the "from" address, it says:
Oakland University <mail_servicetnc@yahoo.com> which is obviously not a Oakland University domain. All OU email addresses end in "oakland.edu."

Other hints that it is not legitimate:
  • Poor grammar ("successive", "within 7 day")
  • No personalization for recipient or sender
  • Body link is obviously not Oakland either <http://klcves.php5.cz/>
  • Most important: any time an email threatens to block or deactivate your account if you don't log in, IT'S A SCAM



Example 3. Wells Fargo lockout



wellsfargo.png

Now it was easy to know this was a scam, because I do not do business with Wells Fargo. But 70 million people are customers of Wells Fargo, so it's a pretty good bet that someone who sees this would think it was legitimate.

In this example, the criminals actually used good spelling and grammar, which typically does not happen in these emails. The big clue that this one is a phishing scam is the threat of suspended access to your account. When you click on that link, it will take you to a log in screen that looks exactly like the log in screen you would really see at Wells Fargo. The link is hidden in a hyperlink, but if you mouse-over a hyperlink (or an actual link) your browser should tell you where it is taking you. Here is an example:

hyperlink fraud.png

So remember:
  • Poor grammar (not relevant in this example)
  • No personalization for recipient or sender
  • Sender email link is obviously not Wells Fargo <noreply @ googlesiram .com>
  • Most important: any time an email threatens to block or deactivate your account if you don't log in, IT'S A SCAM


Example 4. Hey buddy!

heydana.png

The personalization on these emails is what throws people off. Both of these mails mention my name, and appear at first glance to be from people in my contacts list. The second one, J. Robinson, is my uncle. However, there are a few REALLY BIG clues that this is a scam.

  • Nicole Sesto's email address says "justin @eyihosting. com" and J. Robinson's email address is listed as "michael @pmbs. biz." It doesn't even attempt to be close. I might've been fooled if it said, "nicole@eyihosting" or "jack@pmbs" but the scammers are going for quantity, not quality.
  • A short, generic opening and an unfamiliar link
  • No signature. Nicole would have definitely said something like, "Love ya! Nik" and my uncle would've signed his "Uncle Jack."


Next: So what do you know?