Details of the most recent spam and phishing e-mails that you may receive. Some of these e-mails may also contain malicious software.

From 1st March 2012 the expectation is that this page will be updated within days of bogus e-mail being received.

GENERAL

These e mails are bogus and are just phishing for personal information or to load malicious software. If you receive anything like them, delete it immediately and do not open any attachments. If you are suspicious about activity on your bank or utility accounts, contact your bank direct or service provider using a known telephone number, NOT contact details within the bogus e-mails.


Note : For the purposes of description only, the defintion of "Originator" is the "alias" the fraudsters are making themselves out to be.


Originator : FedEx (quoting a managers name) Subject : Shipping Detail  Content :

Tracking ID : ######
Date : ## March 2013

Dear Client,

Your parcel has arrived at February 6.Courier was unable to deliver the parcel to you at # February (time).

To receive your parcel, please, print this receipt and go to the nearest office.

[Print Receipt]

Best Regards, The FedEx Team.

Comment : Sent to a specified recipient, but cc to others. The link to print problably contains malicious software. E-mail was not associated with FedEX. This is a continuation of a series of bogus e-mails that started in February 2013.
E-mail dated : 17th March 2013
Note 1: A second e-mail was received on 18th March with same format, but with different "managers name".


 

Originator : A hotel  Subject : "A hotel name"  Content :

Dear,
 
Further to our telephone conversation, please find attached confirmation of your booking with us.
 
We would like to thank you for making this reservation and we look forward to greeting you at the "A Hotel" on the ##th March 2013.
 
Yours sincerely,
Duty Manager

Comment : Attachment probably contain malicious software.
E-mail dated : 13th March 2013


 

Originator : {female name}  Subject : Wonderful source of income  Content :


Hello  {recipients name}

I've worked in casinos for ## years.
I've seen thousands of people trying to make money on the roulette tables.

If only they knew that the place to make money on roulette was not in casinos, but online!
Online casinos are built on computer programs, and if you understand the workings of the system, you can beat them.
"One weird trick" made me and hundreds of other people wealthy!

Find out how YOU can do the exact same RIGHT NOW!

Click the link below to discover the roulette system that paid for my house, my vacations, and my childrens' educations!
[ LINK ]

Yours,

{ Female name }

P.S. This method is so easy, a kid could do it! I know because my daughter { Childs name } is making money on this HERSELF!


To unsubscribe from our mailing list [ LINK ]

Comment : This e-mail is trying to play on peoples greed, "money for nothing". Links probably direct to malicious website or worse an application form asking you to provide all of your personal and banking details ; DON'T. There is a series of these e-mails all coming from a female with the same first name, but different Surname.
Series of e-mails first received : 12th March 2013


 

Originator : vodaphone.co.uk  Subject : you have a new picture message  Content :

You have a message from ##########

Comment : Attachment probably contains malicious content.
E-mail dated : 7th March 2013



 

Originator : tax.co.uk  Subject : Tax Refund New Message  Content :


TAX RETURN FOR THE YEAR 2013
RECALCULATION OF YOUR TAX REFUND HMRC 2010-2013

Dear Applicant,

The contents of this email and any attachments are confidential and as applicable, copyright in these is reserved to HM Revenue & Customs. Unless expressly authorised by us, any further dissemination or distribution of this email  or its attachments is prohibited.

If you are not the intended recipient of this email, please reply to inform us that you have received this email in error and then delete it without retaining any copy.

I am sending this email to announce: After the last annual calculation ofyour fiscal activity we have determined that you are eligible to receive a tax refund of ###.## GBP

You have attached the tax return form with the TAX REFUND NUMBER ID: ######,complete the tax return form attached to this message.

After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.

Our head office address can be found on our web site at HM Revenue & Customs: [ Link ]

Sincerely,
HMRC Tax Credit Office

© Copyright 2013, HM Revenue & Customs UK All rights reserved

Comment : Suspicious ;the e-mail states that you should not distribute it further, on that premise you cannot forward it on to your accountant ! Text also states "tax refund of ### GBP"; what other currency would HMRC deal in ? "TAX RETURN
FOR THE YEAR 2013" is also an erroroneous statement.It also appears that e-mail originator does not have a "£" on their keyboard. Attachment probably contain malicious software. Provided link probably directs to malicious website.
E-mail received : 6th March 2013


 

Originator : MMSC-T-Mobile   Subject : T-Mobile MMS message has arrived  Content :

From telephone number : ######

If your can't show pictures click here [Link] to visit our on-line a web address - www.t-mobile.co.uk/pmcollect - where you can look at the picture message (enter your telephone number and the password). It'll only be available online for 14 days, so make sure you save the picture to a computer if you want to keep it.

Comment : Compressed file probably contains malicious software. Link probably directs to website containing malicious software.
E-mail dated : 6th March 2013



 

Originator : Fuel Card Services  Subject : BP Fuel Card E-bill ##### for Account ####  Content :


Please note that this message was sent from an unmonitored mailbox which is unable to accept replies. If you reply to this e-mail your request will not be actioned.

Please find your e-bill  attached.

To manage you account online please click www.@@@@@

If you would like to order more fuel cards please click www.@@@@@@@

If you have any queries, please do not hesitate to contact us.

Regards

Cards Admin.
Fuel Card Services Ltd

T #######
F #######

Supplied according to our terms and conditions. (see www.@@@@@@@).

Please also note that if you cannot open this attachment and are using Outlook Express to view your mail you should select Tools / Options / Security Tab and deselect the option marked "Do not allow attachments to be opened that potentially may be a virus". All of our outgoing mail is fully virus scanned but we recommend this facility is

Comment : Attachment probably contains mailicious software. The links probably direct to a bogus website containing malicious software.
No bonafide organisation would advise you to turn off security software to allow a file to be openned.
E-mail received : 5th March 2013



 

Originator : @tax.co.uk  Subject : Tax Refund New Message Alert  Content :


TAX RETURN FOR THE YEAR 2013
RECALCULATION OF YOUR TAX REFUND
HMRC 2010-2011
Dear Applicant,

The contents of this email and any attachments are confidential and as applicable, copyright in these is reserved to HM Revenue &
Customs.

Unless expressly authorised by us, any further dissemination or distribution of this email or its attachments is prohibited.

If you are not the intended recipient of this email, please reply to inform us that you have received this email in error and then delete it without retaining any copy.

I am sending this email to announce: After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of ###.## GBP

You have attached the tax return form with the TAX REFUND NUMBER  ID: ######## , complete the tax return form attached to this message.

After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.

Our head office address can be found on our web site at HM Revenue & Customs: http://www.hmrc.gov.uk

Sincerely,

HMRC Tax Credit Office

© Copyright 2013, HM Revenue & Customs UK All rights reserved


Comment : Compressed attachment is probably malicious software. The comment "barring" you from further distribution is suspicious as it is banning you from discussing / forwarding with an accountant etc.
E-mail received : 4th March 2013



 

Originator : Female name Subject : revolutionary source of income  Content :


Hello #####

I've worked in casinos for ## years.
I've seen thousands of people trying to make money on the roulette tables.

If only they knew that the place to make money on roulette was not in casinos, but online!
Online casinos are built on computer programs, and if you understand the workings of the system, you can beat them.
"One weird trick" made me and hundreds of other people wealthy!

Find out how YOU can do the exact same RIGHT NOW!

Click the link below to discover the roulette system that paid for my house, my vacations, and my childrens' educations!
http:##################

Yours,

Female name

P.S. This method is so easy, a kid could do it! I know because my daughter is making money on this HERSELF!


Comment : Not so much phishing, more of a blantant con with a promise of making easy money. The quoted website either holds malicious software or is just a honey trap for the gullible.
Date e-mail received : 4th March 2013


Originator : Visa Service  Subject : Your credit card has been suspended   Content :

Hello guest Visa Card,

Your credit card is suspended, because we have noticed a problem on your card.

We determined that someone may be using your card without permission. For your protection was have suspended your card. To lift the suspension [ Click here link ] and follow the stated procedure to update credit card.

NOTE : if not completed by {date} we will be forced to suspend.

[Link directing to : getwifi.ru]

Comment : e-mail was meant to be from wichita in USA, but links were directing to websites in Romania and Poland. Link websites are either trying to obtain bank account details and passwords or the facilitate the downloading of malicious software. This e-mail managed to get through a firewall of a IT company !
E-mail dated : 1st March 2013


Originator : Vodaphone  Subject : You have a new message  Content :

Sender ###########

Comment : The compressed file probably contains malicious software.
E-mail dated : 21st February 2013



Originator : Turkish Airlines Subject : Turkish Airlines Online Ticket  Content :

 


Dear,
 Thank you for booking online. Thank you for choosing Turkish Airlines.
 You can find your Itinerary in the attached file.

The remainder of the e-mail contained airline "Terms and Conditions" and "reservation code".

Comment : Even though named e-mail recipient, there was no recipient name against the salutation with the content.
The compressed file probably contains malicious software.
E-mail dated : 20th February 2013
Note 1: A second identical (apart from reference number) e-mail was received on same date, but around one hour later.


 

Originator : Cavendish Hotel Subject : Peacock Hotel (Baslow) Ltd payslip Content :

The attached file is your payslip, produced by Sage 50 Payroll in PDF (Adobe
Acrobat) format. To view the payslip you will need Acrobat Reader, available
as a free download.

Comment : It is unlikely that a 4 star hotel chain (Cavendish) would be associated small Best Western hotels which this e-mail aludes to.
The e-mail is attempting to tempt someones curiousity on anothers salary. The attached compressed file probably contains malicious software.
E-mail received : 14th February 2013


 

Originator : Emirates Airline Subject : Your eReceipt Details  Content :

Dear Customer,

Thank you for choosing Emirates!

Please find your E-Ticket attached with this email.

We wish you a pleasant journey!


Regards,

Emirates

Please do not reply to this message using the "reply" address. However, your feedback is important to us.Please click on the link
(Customer Satisfaction Survey)if you would like to provide information regarding your customer service experience today.

If you do not receive your eTickets as a PDF attachment, please check your computer settings or alternatively you can re-print your eTickets online by going to www.emirates.com 'Manage my existing booking' section.

Comment : E-mail sent to single recipient seemingly from an Emirates address. Recipient has stated they have never flown with Emirates or booked any tickets with them. The e-ticket is in the format of a compressed file which probably contains malicious software.
E-mail received : 14th February 2013



Originator : FedEx (quoting a managers name) Subject : Shipping Info  Content :

 

Tracking ID : ######
Date : ## Feb 2013

Dear Client,

Your parcel has arrived at February 6.Courier was unable to deliver the parcel to you at # February (time).

To receive your parcel, please, print this receipt and go to the nearest office.

[Print Receipt]

Best Regards, The FedEx Team.

Comment : Sent to a specified recipient, but cc to others. The "print receipt" button problably downloads malicious software. E-mail was not associated with FedEX.
E-mail dated : 7th February 2013
Note 1: A second e-mail was received on 8th February with same format, but with different "managers name".
Note 2: A third e-mail was received on 12th February with same format, but with different "managers name".
Note 1: A forth e-mail was received on 14th February with same format, but with different "managers name".
Note 3: A fifth e-mail was received on 17th February with same format, but with different "managers name".
Note 4: A sixth e-mail was received on 27th February with same format, but with different "managers name".


 

Originator : general@mmsc.t-mobile  Subject : T-Mobile MMS message has arrived   Content :

From telephone number ############
Password #######

If your can't show pictures click here to visit our on-line a web address - www.t-mobile.co.uk/pmcollect - where you can look at the picture message (enter your telephone number and the password).
It'll only be available online for 14 days, so make sure you save the picture to a computer if you want to keep it.
 

Comment : Attachment probably contains malicious software.
Date received : 23rd January 2013

 


 

Originator : billing@t-mobile   Subject : Billing Information    Content :

Bill date: 15 January 2013
Invoice number: #########
DEC 12
Your last bill amount charged £##.##

Payment received ##/##/13 by Direct Debit - Thank you

Full details you can find in the attached report

Comment : Attachment probably contains malicious software. No recipient name quoted.
Date received : 17th January 2013


 

Originator : Europcar e-invoicing  Subject : Europcar Invoice #####   Content :

Please find your Invoice attached.This is an automated message, please do not reply to this email.Should you require further information,

please contact Europcar UK Customer Services by emailing to CustomerServicesUK {bonafide email address}.Best Regards,Europcar UK LtdCar

hire with great rental deals, holiday offers, and discount UK car rentals. Europcar UK make car hire quick and easy. For latest offers and

promotions please visit us at: europcar.co.uk {bonafide website}

Comment : The "invoice" attachment probably contains malicious software.
Date received : 16th January 2013


 

Originator : First Class Mail Service (FedEx) Subject : Tracking Number (x) xxxxx xxx  Content :

Order : ######
Order date : #####

Dear Customer,

Your parcel has arrived at the post office at [Date] .Our courier was unable to deliver the parcel to you.

To receive your parcel, please, go to the nearest office and show this receipt.

[Link - GET A PRINT RECEIPT]


Comment : Link probably takes you to a malicious website. E-mail was sent from a non FedEx e-mail address. An e-mail bcc was also associated with message and that was to a yahoo address.
Date received : 14th January 2013
Nb1. Second e-mail of a similar nature with attachment received on 20th January with different originating address.
Nb2. Third e-mail of a similar nature with attachment received on 23rd January with different originating address than previous two.
Nb3. Forth e-mail of a similar nature with attachment received on 24th January with different originating address than previous three.


 

Originator : Tesco Bank Subject :                          Content :


Dear Valued Customers,

Tesco Bank is giving you a chance to shop for free at any of our tesco outlets or online by giving out free
tesco vouchers. This offer is only for Tesco Credit Card owners and it will be on until  31st January,2013.

To Qualify, follow the link below and input all the details required

Click here to Register [Link]

After validation, if selected your voucher will be sent via text message or posted to your Mailbox.

Yours sincerely

The Tesco Bank credit card team.


Comment : Link probably directs to a website which contains malicious software. No recipient name quoted.
Date received : 6th January 2013

 


 

Originator : Postal Office 472 (FedEx) Subject : Tracking ID ##########  Content :

Order: ++++  
Order Date: +++++ 
Dear Customer,

Your parcel has arrived at the post office at January 6.Our courier was unable to deliver the parcel to you.

To receive your parcel, please, go to the nearest office and show this receipt.

 
GET & PRINT RECEIPT [Link]
 
 
Best Regards, The FedEx Team. 

Your parcel has arrived at the post office at December 20.Our courier was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this receipt.
 
Comment :
Link probably directs to a website which contains malicious software. E-mail was meant to have been sent from a "Kansas.com" address, extremely unliklely FedEx use this address. No recipient name quoted.
Date received : 10th January 2013


 

Originator : Littlewoods Subject : Changes in your shipping and Email Address Content :

Dear Customer

We observe changes in your shipping address and your email address
We therefore implore you to click My Account Verification [Link]
To confirm your information have not be compromised.

We apologize for any inconvenience
 
Regards,

Littlewoods®
 
©Shop Direct Limited. All Rights Reserved. Shop Direct Home Shopping Limited.
Registered number: 4663281. Registered office: 1st Floor, Skyways House, Speke Road, Speke, Liverpool L70 1AB.

Comment : Link probably directs to a website which contains malicious software. No recipient name quoted. Non Anglo spelling used. Recipient never shopped with Littlewoods.
Date received : 8th January 2013


Originator : Shipping Service (FedEx) Subject : Tracking ID (##) ###-### Content :

Order: +++
Order Date: +++

Dear Customer,

Your parcel has arrived at the post office at December 20.Our courier was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this receipt.
 
Comment : Link probably directs to a website which contains malicious software. E-mail was meant to have been sent from a "columbus.com" address, extremely unliklely FedEx use this address. No recipient name quoted.
Date received : 25th December 2012


 

Originator : HM Revenue & Customs Tax Subject : HMRC Tax Refund  Content :

We have determined that you are eligible to receive a tax refund of 965.50 GBP.

Please submit the tax refund request and allow us 2-3 working days in order to process it.

Please DOWNLOAD to Submit Your Tax Refund Request Via Attachment.

Note : A refund can be delayed a variety of reasons, for example submitting invalid records.

Best Regards
HMRC

Comment : Attachment probably contains malicious software. E-mail was meant to have been sent from a "DirectGov" address, HMRC doesn't use this address. No recipient name quoted.
Date received : 18th December 2012


 

Originator : The Smile Bank  Subject : Restore Access to your Account  Content :

To ensure your protection, Access to your accounts has now been blocked

due to a system error { error code : 0c31e8 }.

To re-gain access,  Proceed via secure attachment file below

Comment : No recipient name quoted. Attachment probably contains malicious software.
Date received : 7th December 2012. Another was received twenty minutes after this bogus e-mail, but quoting another false "smile" address.


 

Originator : RapidFax  Subject : Inbound Fax   Content :

A fax has been received.

MCFID = ######
Time Received = ######
Fax Number = #######
ANI = #######
Number of Pages = ###
CSID = ######
Fax Status Code = Successful


Please do not reply to this email.

RapidFAX Customer Service

Comment : Attachment probably contains malicious software.
Date received : 3rd December 2012


 

Originator : UPS Office Subject : Tracking detail : ####### Content :

FedEx  
   
Order: #######   
Order Date: Monday, ## November 2012
Dear Customer,

Your parcel has arrived at the post office at November 29.Our postrider was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this postal receipt.

 
[GET POSTAL RECEIPT]   
 
Best Regards, The FedEx Team.

Comment : So FedEx are using a UPS e-mail address and are based in San Antonio, Ibiza; I think not. Link probably directs to a bogus website with malicious software.
Date received : 2nd December 2012


 Originator : orange.com Subject : Orange your bill  Content :

your bill
  
Account Number: ######
Bill Date ## Nov 2012
Bill Number ########

This is not a VAT invoice
hello...

Please find detailed summary of your account in the attached file
Total amount due now £##.##
Please ensure we receive payment straightaway. You'll find information about how to pay in the attached file.

© 2012 EVERYTHING EVERYWHERE LIMITED

Comment : Service provider not Orange. Attachment probably contains malicious software.
Date received : 22nd November 2012


 

Originator : HostelBookers.com  Subject : New Booking Ref : +++++ - ++++++  Content :


The 10.00% payment has already been made by the customer.

** The balance of EUR ###.## is payable on arrival.
 
Customers can cancel their reservation free of charge up to 2 days before arrival (local time).
 
If cancelled later or in case of no-show, the total price of the reservation will be charged. It is very important to contact us at least 24 hours prior to arrival by phone or email to confirm the check-in time. The hotel reception is located on Via della Vigna Nuova 9. Check-in should occur between 10:00 and 17:00 at the above address.
 
HB Tips:
It is important that you update your availability on a regular basis. All bookings are confirmed.

The 10.00% payment has been taken for our commission - the balance is payable on arrival.
For full guest details including credit card - login to your backoffice.
We recommend that you send your guest a confirmation.
 
 
Comment : This e-mail was somewhat long winded with paragraphs of terms and conditions (these have been removed for this example ). Attachment probably contains malicious software.
Date received 22nd November 2012, a second e-mail of a similar nature was received one hour later.


 


Originator : Three.co.uk  Subject : Notification - You have received a new MMS  Content :

You have received a MMS from mobile number : **************
 To save this picture, please save attached file.

Copyright 1999-2012 Three.co.uk. All rights reserved.

Comment : No senders address quoted, whats to hide ? Attachment probably contains malicious software.
Date received : 21st November 2012, received 2 hours after previous entry.


 

Originator : Not quoted  Subject : Notification - You have received a new MMS  Content :

You have received a MMS from mobile number : **************
 To save this picture, please save attached file.

Copyright 1999-2012 Three.co.uk. All rights reserved.

Comment : No senders address quoted, whats to hide ? Attachment probably contains malicious software.
Date received : 21st November 2012


 

Originator : Western Union Headquarters Subject : Western Union Agent action needed  Content :

Western Union® AgentPortal
Dear Sir/Madam,

Western Union Headquarters notifies all the agents about urgent changes in the compensation policy and working conditions.
In order to keep the job you need to read the documents and accept the contract attached to this letter.

We are sorry to cause inconvenience. Please do not be slow in making the decision and take the necessary actions as soon as you can.

Thank you,
Western Union Agent Coordination Department

Comment : E-mail was sent from address registered in Japan. Attachment probably contains malicious software.
Date received : 20th November 2012


 



 

Originator : First Class Mail Service Subject : Tracking ID : ##########  Content :

Order No.: ************ Order Date: ###########
   
Dear Customer,

Your parcel has arrived at the post office an November 12.
Our postman was unable to deliver the parcel to your address.
To receive a parcel you must go to the nearest office and show your postal receipt.


Thank you for using our services
 
Comment : Poor English. E-mail address @neworleans.com !
Date received : 20th November 2012


 


 

Originator : mms vodaphone Subject : You have received a new message Content :


You have received a picture message from mobile number +44 #########
To save this picture, please save attached file.

Comment : The mobile number quoted in message was unknown to recipient. The attachment probably contains malicious software. Two messages of this nature received within minutes of each other.
Date received : 20th November 2012


 

 

Originator : Northern Rock Subject : Your Virginmoney statement is available Content :

Your statement is available via attached file

Download file attached to access statement


Comment : No recipients name quoted. Attachment probably contains malicious software.
Date : 17th November 2012



Originator : Virgin Money Subject : Account Notification Content :

 

Dear Customer,

This is an automatic message by the system to let you know that your account has been

Restricted from online banking due to third party log in from an unknown ISP .

Note: Download The Attached File To Lift Restriction.

Virgin Money©.2012

Comment : No named recipient. Attachment probably contains malicious software. The originators e-mail address indicated that the sender maybe registered in Norway, but not necessarily domicile there !
Dated : 16th November 2012


 

Originator : Chase Paymentech  Subject : Merchant Statement  Content :

Attached is your Chase Paymentech electronic Merchant Billing Statement.

If you need assistance, please contact your Account Executive or call Merchant Services at the telephone number listed on your statement.

PLEASE DO NOT RESPOND BY USING REPLY. This email is sent from an unmonitored email address, and your response will not be received by Chase Paymentech.

Chase Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Chase Paymentech's or the Merchant's email service or otherwise.  Chase Paymentech recommends that Merchants continue to monitor their statement information regularly.

----------
Learn more about Chase Paymentech Solutions, LLC payment processing services at
chasepaymentech.com

Comment : Attachment probably contains malicious software.
Date : 16th November 2012


 

Originator : Halifax Bank  Subject : Halifax Banking Alert  Content :

Valued Halifax Customer,

We are contacting you to Inform you that we have detected unusual activities in your account

To ensure that your account access has not been compromised, access to your account has been limited.

Your account access will remain limited until you confirm your identity

please follow the link below to resolve

[CLICK HERE]

Thank you
Halifax Bank Plc

Comment : No recipient quoted. Provided link directs to a bogus website that probably contains malicious software.
Date : 10th November 2012


 


Originator : Electronic Payments Association Subject : ACH transaction (ID: ######) was rejected Content :

The ACH transaction (ID: ###########), recently sent from your checking account (by you or any other person), was rejected by the Electronic Payments Association.

Comment : The Electronic Payments Association within the USA would not use a e-mail address associated with a website advertising kitchen remodelling.The attachment probably contains some form of malicious software.
Date : 8th November 2012


 

Originator : paybyphone Subject : Pay by Phone Parking Receipt Content :

Westminster Pay by Phone Parking Receipt

Location: nnnn
License: #######

Description: ##### Street

Start Parking: 2012/11/05 1:35pm
Stop Parking: 2012/11/05 2:35pm
Cost: 33.50 including Service Charge

You can access a full list of all your parking transactions in the attached file

Thank you for using Westminster City Council's Pay by Phone parking
service

Comment : This scam was has been quoted in the London press. The attachment probably contains some form of malicious software.
Date : 7th November 2012; two e-mails received on this date.


 

Originator : Better Business Bureau Subject : Complaint  Content :

The Better Business Bureau has been filed the above mentioned complaint from one of your customers in respect of their business relations with you.

The details of the consumer's concern are contained in enclosed document. Please give attention to this issue and inform us about your opinion as soon as possible.

We kindly ask you to open the COMPLAINT REPORT (attached to this email) to reply on this complaint.

Comment : The originating e-mail was not of the "Better Business Bureau" format as per previous bogus communications. The attachment probably contains some form of malicious software.
Dated : 7th November 2012


 

Originator : Vodafone Subject : You have received a new message Content :

You have received a picture message from mobile number : #############
To save this picture, please save attached file.

Comment : The attachment probably contains some form of malicious software.
Dated : 6th November 201; two e-mail of a similar nature received on this date.


 

Orginator : UPS Subject : UPS delivery information - Error #####  Content :

Comment : Message only consisted of an image that was blocked by my ISP. Images often carry malicious software.
Date : 31st October 2012


 

Originator : Yorkshire Account Subject : Important Message About your Yorkshire Account Content :

Dear Customer

We Observe Multiple Error Logins from your Yorkshire account,

Please do verify your account by clicking [link] prove account ownership .

Thank you for helping us protect you

Yorkshire Building Society

Comment : No recipient name quoted. Link directed to a bogus website which may contain malicious software. Originating e-mail implied it was from a Yorkshire Building Society e-mail.
Dated : 30th October 2012


 

Originator : Ameriprise Financial  Subject : A new Account Statement is available Content :

Review your document
   
A new account statement is available for you to review.

To view your document:

Download attached document
Open with Windows Explorer
 
If you have questions about online document delivery, please call customer service at 800.862.7919.

Thank you for choosing Ameriprise Financial. 

Comment : No recipient name quoted. The attached compressed file probably contains some form of malicious software.
Dated : 29th October 2012


 

Originator : Better Business Bureau  Subject :  Notice Content :

RE Case : #######

Hello,

The Better Business Bureau has been filed the above mentioned complaint from one of your customers in respect of their business relations with you. The details of the consumer's concern are contained in enclosed document.

Please give attention to this issue and inform us about your opinion as soon as possible. We kindly ask you to open the COMPLAINT REPORT (attached to this email) to reply on this complaint.

We are looking forward to your prompt response.

Faithfully yours,


Comment : Obviously from someone that knows the building / location of a organisation in Arlington, Virginia ! The attachment probably contains malicious software.
Date : 25th October 2012; a second e-mail of a similar nature was received on 26th October 2012,



Orginator : NACHA Subject : Direct Deposit Transaction Content :

 

Herewith we are notifying you, that your latest Direct Deposit transaction (###########) was rejected, due to your current Direct Deposit software being out of date.

The detailed information about this matter is available in the attachment.
View attached document using your PDF reader.

Please apply to your financial institution to obtain the necessary updates of the Direct Deposit software.

(c) 2012 NACHA - The Electronic Payments Association

Comment : The USA fund transfer organisation is extremely unlikely to use a private company's e-mail address to send its communication. Attachment probably contains malicious software.
Date : 24th October 2012


 

Originator : Electronic Payments Association Subject : Transfer Report Content :

Herewith we are notifying you, that your latest Direct Deposit transaction (Int. No.190336872852) was rejected, due to your current Direct Deposit software being out of date.

The detailed information about this matter is available in the attachment.
View attached document using your PDF reader.

Please apply to your financial institution to obtain the necessary updates of the Direct Deposit software.

(c) 2012 NACHA - The Electronic Payments Association

Comment : As NACHA is a fund transfer agency within the USA it is extremely unlikely to send its communications via a German e-mail address. The attached file probably contains malicious software.
Date :24th October 2012


 

Orginator : UPS Subject : UPS delivery information - Error #####  Content :

Comment : Message only consisted of an image that was blocked by my ISP. Images often carry malicious software.
Date : 18th October 2012


 


Originator : PayPal Subject : Make PayPal safer, simpler and more convenient  Content :

Hello,

We're constantly working to make PayPal safer, simpler and more convenient for you.
This means that from time to time we make changes to the terms of our User Agreement and other legal agreements to reflect the improvements we make to our service.

We have noticed unauthorized transaction/update on your paypal account. due to this we have your account limited.

What do I need to do?

{Click here to review your account} or  {www.paypal.co.uk}
 
 
If you agree to the changes, you don't need to do anything, any updates will automatically apply to you.

Yours sincerely,

PayPal

Comment : No recipients name quoted. The links did not direct to the PayPal website.
Date : 18th October 2012


 

Originator : BA Subject : BA e-ticket receipt Content :

THIS IS AN AUTOMATED EMAIL - PLEASE DO NOT REPLY AS EMAILS RECEIVED AT THIS ADDRESS WILL BE AUTOMATICALLY DELETED.

Virus checking of emails (including attachments) is the responsibility of the recipient.

This message is private and confidential and may also be legally privileged. If you have received this message in error, please advise the sender and immediately, permanently destroy the document. Please do not read, print, retransmit, store or act in reliance on it or any attachments .....[This e-mail went on for several paragraphs, including booking reference numbers etc]

Comment : The links within the text directed to bonafide BA website pages. The attachment was a compressed file which is probably a malicious file.
Date : 17th October 2012


 

Originator : businessdirect Subject : BT Business Direct Order No. ######### - Notice of delivery Content :
                                                            
Notice of delivery
 
Hi,We're pleased to confirm that we have now accepted and despatched your order on , ## Oct 2012.Unless you chose a next day or other premium delivery service option, then in most cases your order will arrive within 1-3 days.

If we despatched your order via Letterpost, it may take a little longer.***Please note that your order may have shipped in separate boxes and this means that separate consignment numbers may be applicable***We've despatched......using the attached shipment details..CourierRefCarriage method
Royal Mail ######## 1-3 Days
Please note that you will only be able to use this tracking reference...... [This message waffled on for several more paragraphs]

Comment : No recipients name quoted. The originator was quoting the BT company URL, but but BT would not use the salutation "Hi". The remainder of the e-mail consisted of corrupted html coding (internet programming language).
A second e-mail was received a few minute after the first with the same message content where the html coding was not corrupted. This e-mail included an attachment which probably contains malicious software.
Date :16th October 2012


 

Originator : ADPClientServices (ADP are a US data processing house) Subject : Debit Draft  Content :

Your Transaction Report(s) have been uploaded to the web site:

@@@@@@@@

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the report(s).

Please do not respond or reply to this automated e-mail. If you have any questions or comments, please Contact your ADP Benefits Specialist.

Thank You,
ADP Benefit Services

Comment : The link provided has been tampered with does not direct to the ADP website, therefore the destination could be to a file of malicious content on a bogus website.
Date : 12th October 2012


 

This strangely is a quiet period which I suspect is due to university students and the like preparing to return to their studies after vacation.


 

Originator : Vodafone Europe Subject : Vodaphone Europe : Your Account Balance Content :

PLEASE CHECK YOUR ACCOUNT BALANCE IN ATTACHED FILE

Comment : This type of scam is known as a "spike"; the recipients name is quoted. The e-mail encourages you to look at account balance within an attachment, which probably contains malicious software.
Date received : 18th September 2012 (Two e-mails received in similar format )



Originator : National Westminster Bank Subject : NatWest Account Security Notice Content :

 

Dear Customer,

Security machinery at National Westminster Bank has been upgraded to provide customers
with a faster, easier and more efficient online experience.

All customers are required to update their account information.

[Click here to Login] to complete the update process.

Note: Failure to update your information will lead to online service suspension.

Yours sincerely,
Online Customer Service
National Westminster Bank plc

Comment : No recipient name quoted. The provided link DOES NOT direct to a NatWest website.
Date recieved : 18th September 2012


 

Originator : KLM Sales and Service Subject KLM e-Ticket ## Sept  Content :

Booking code: #####
E-ticket issue date: Issued by: KLM SALES & SERVICE CENTER  BACKOFFICE                     

Thank you for choosing KLM E-ticket. This is the itinerary and receipt. If unable to use the e-ticket, if travel

plans change or if you received this document in error, please review full information in the attached file

E-ticket number : #####
Number loyal program : #####
Itinerary Information : see attachment

Receipt

Payment for : 2 passengers
Fare amount : ###
Tax and Carrier Fees : ###
Method of payment : card details provided
(Not recipients)

Comment : This type of scam is known as a "spike"; the recipients name is quoted. The e-mail encourages you to look at the flight details within an attachment, which probably contains malicious software.
Date received : 17th September 2012 (Two e-mails received in similar format, but with different monetary amounts and reference numbers quoted)


 

Originator : NatWest Bank Subject : NatWest Bank Alert : Unauthorized Access on your account Content :

Security Alert?
National Westminster Bank has been receiving complaints from our customers for unauthorised use of the Natwest Online accounts. As a result we periodically review Natwest Online Accounts and temporarily restrict access of those accounts which we think are vunerable to the unauthorised use.

This message has been sent to you from National Westminster Bank because we have noticed invalid login attempts into your account, due to this we are temporarily limiting and restricting your account access until we confirm your identity.

To confirm your identity and remove your account limitation please following the Log in below.
[Link]


Comment : No recipient name quoted. Provided link not NatWest banks, but a website registered in South Africa (.co.za).
Date received : 15th Septembe 2012



 

Originator : NatWest  Subject : Update Alert Content :

Online banking
Please note that Your NatWest online banking account has been flagged, due to recent
changes we have made to our online banking system.

Therefore your access to use our NatWest online banking services has been limited until
you update your account information, [update your account here]
Security advice
Note: This verification will allow us to activate new features to your account on our system.

Comment : No recipient name quoted. Update link does not go to a NatWest website, instead in links to a file on a betting website.
Date received : 12th September 2012


 

Originator : Co-operative Bank Subject : New Co-operative Bank Account Review Content :

Dear Customer,

YOUR ACCOUNT HAS BEEN FLAGGED AS ONE OF THE NUMEROUS ACCOUNTS THAT NEEDS TO BE REVIEWED.
The main reason for this action are:

* Billing / Payment Issues.
* Invalid log on attempts by a suspected third party user.

(Proceed Securely Via Attachment To Resolve This Issue)

Programs and data held on The Co-operative Bank p.l.c. and smile systems are PRIVATE PROPERTY. Unauthorised

access is prohibited and is contrary to the Computer Misuse Act 1990, which may result in criminal offences and a

claim for damages. Customers are reminded to keep their Customer Security Codes confidential and to contact The Co-operative Bank.

Comment : No recipient name quoted. Attachment probably hold malicious content.
E-mail dated : 8th September 2012


 

Originator : Santander UK plc Subject : Existing Santander Customer Notification Content :

Dear Santander Customer,

At Santander, to ensure that your accounts has not been accessed from fraudulent locations,
access to your account has been blocked. Your online account was blocked due to possible errors detected
with your online banking accounts. Restricted accounts will not be able to receive payments,
send payments or withdraw funds.

To update your Santander records proceed securely via attachment below:

Yours sincerely

Santander UK plc

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : online@santander.co.uk
Date received : 1st September 2012


 

Originator : Santander UK plc Subject : Irregular Activity on Your Santander  Content :

Dear Santander Customer, This is a security alert from Santander Online Fraud Prevention about your Card. We identified activity on your account that may be fraudulent and ask you verify the activity immediately. Signing In Thank you for using Santander Online Banking

-------------------------------------------------

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. Thank you for banking with us. Santander UK Plc 2012 All Rights

Comments : No recipient name quoted. No Attachment and no links, but could be deemed as a "warm up" to the email received on 1st September 2012.
Quoted originating e-mail address : do_not_reply@santander.co.uk
Date received : 29th August 2012


 

Originator : Royal Mail Subject : Royal Mail Shipping Advisory  Content :

Royal Mail Group Shipment Advisory

The following 1 piece(s) have been sent via Royal Mail on Mon, 20 Aug 2012 12:49:21 +0200, REF# 7621428157

SHIPMENT CONTENTS: Documents

SHIPPER REFERENCE: PLEASE REFER TO ATTACHED FILE

ADDITIONAL MESSAGE FROM SHIPPER: PLEASE REFER TO ATTACHED FILE


Royal Mail Group Ltd 2012. All rights reserved

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : noreply@royalmail.com
Date received : 20th August 2012
Date received : 21st August 2012



Originator : UPS Quantum View Subject : Delivery Notification UPS (quoting date) Content :

 


This message was sent to you at the request of Kuala Lumpur Kepong Bhd to notify you that the electronic shipment information below has been transmitted to UPS. The physical package(s) may or may not have actually been tendered to UPS for shipment.

Important Delivery Information


---------------------------------------------------
Scheduled Delivery: 15-August-2012


Number of Packages: 1
UPS Service: EXPEDITED
Weight: 92,9 LBS
Tracking Number: 4H44380E2189972648
Invoice Number: ORDER#3227
Purchase Order Number: SUPPLIES


Please refer to attached file


Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address :
auto-notify@ups.com
Date received : 13th August 2012


 

Originator : DHL Express  Subject : Express Tracking Notification ID ########  Content :


DHL Express
Tracking Notification: Thu, 9 Aug 2012 16:04:37 +0700


----------------------------------------------------------
Custom Reference: #########
Tracking Number: ********
Pickup Date: Thu, 9 Aug 2012
Service: AIR/GROUND
Pieces: 1
--------------------------------------------------------------------------------
 
Thu, 9 Aug 2012 16:04:37 +0700 - Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.

--------------------------------------------------------------------------------


Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications

Thanks in advance,
DHL Express International Inc
.


Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : noreply@dhl.com
Date received : 9th August 2012



Originator : www.nationwide.co.uk Subject : Security information - Nationwide  Content :

 

Dear Customer,

To safeguard the security of your accounts you are temporarily unable to access your accounts online.
To continue using our Internet Banking service and for more information on our extra security measures, please proceed below via attached file.

Thank you.
Nationwide Online Security Team.

Nationwide Building Society is authorised and regulated by the Financial Services Authority under registration number 106078. Credit facilities other than regulated mortgages are not regulated by the Financial Services Authority. You can confirm our registration on the FSA's website, www.fsa.gov.uk or by contacting the FSA on 0845 606 1234.


Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : updates@nationwide.co.uk
Date received : 8th August 2012


 

Originator : UPS Quantum View Subject : Delivery Notification UPS Content :

This message was sent to you at the request of Farma Koka Nosilja AD Milici to notify you that the electronic shipment information below has been transmitted to UPS. The physical package(s) may or may not have actually been tendered to UPS for shipment.

Important Delivery Information
--------------------------------------------------------------------------------

Scheduled Delivery: 10-August-2012


Number of Packages: 1
UPS Service: EXPEDITED
Weight: 62,0 LBS

 
Tracking Number: #######
Invoice Number: ORDER#*****
Purchase Order Number: SUPPLIES


Please refer to attached file.

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : auto-notify@ups.com
Date received : 8th August 2012



Originator : Booking.com Subject :Reservation [#####] #th August 2012  Content :

 

Hotel Confirmation:
[Londolozi Private Game Reserve] ##### 
Date:  Wed, 8 Aug 2012

--------------------------------------------------------------------------------

Herewith you receive the electronic reservation for your hotel. Please refer to attached file for full details.
--------------------------------------------------------------------------------
Arrival: Friday, August ##, 2012
Departure: Monday, August ##, 2012
Number of rooms: 1 

--------------------------------------------------------------------------------

Sincerely, Customer Service Team
Booking.com
http://www.booking.com

Your Reference ID is: ####

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.-Booking.com guarantees the best hotel rates in both cities and regional destinations - ranging from small family hotels to luxury hotels.

----------------------------------------------

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : customer.service@my.booking.com
Date received : 8th August 2012


 

Originator : Booking.com Subject : Reservation (#######) Day, # August 2012 Content :


Hotel Confirmation: [Ritz-Carlton] 3041970 
Date:  Wed, 8 Aug 2012

--------------------------------------------------------------------------------

Herewith you receive the electronic reservation for your hotel. Please refer to attached file for full details.

--------------------------------------------------------------------------------
Arrival: Friday, August ##, 2012
Departure: Monday, August ##, 2012
Number of rooms: 1 

--------------------------------------------------------------------------------

Sincerely, Customer Service Team
Booking.com
http://www.booking.com

Your Reference ID is: #######

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.-Booking.com guarantees the best hotel rates in both cities and regional destinations - ranging from small family hotels to luxury hotels.

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : customer.service@my.booking.com
Date received : 8th August 2012


 

Originator : Booking.com Subject : Reservation Confirmation (######)   Date and time quoted Content :

Hotel Confirmation: ********
 
Herewith you receive the electronic reservation for your hotel. Please refer to attached file for full details.


Arrival: August 0~, 2012
Departure: August 0#, 2012
Number of rooms: 1 

--------------------------------------------------------------------------------

Sincerely, Customer Service Team
Booking.com
http://www.booking.com

Your Reference ID is: @@@@@@@

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.-Booking.com guarantees the best hotel rates in both cities and regional destinations - ranging from small family hotels to luxury hotels.

Comment : No recipient / customers name quoted anywhere within e-mail. Attached documented itinerary probably holds some form of malicious software.Quoted originating e-mail address : customer.service@my.booking.com
E-mail dated : 3rd August 2012


 

Originator : Ms. Carman L Lapointe Subject : UNITED NATIONS OFFICE OF INTERNATIONAL OVERSIGHT SERVICES Content :

UNITED NATIONS OFFICE OF INTERNATIONAL OVERSIGHT SERVICES
Internal Audit, Monitoring, Consulting And Investigations Division
 
From: Ms.Carman L.Lapointe
 
Dear:
 
This is to inform you that I came to Nigeria yesterday from Canada, after series of complains from the FBI and other Security agencies from Asia, Europe, Oceania, Antarctica, South America and the United States of America respectively, against the Federal Government of Nigeria and the British Government for the rate of scam/fraud activities going on in these two nations.
 
I have met with President Dr.Good Luck Jonathan,President Federal Republic of Nigeria By The Law Makers. Who claimed that he has been trying his best to make sure you receive your fund in your account. Right now, as directed by our secretary general Mr. Ban Ki-Moon, We are working in collaborations with the Nigerian Economic and Financial Crime Commission (EFCC) and have decided to Ensure That Your Approved Fund Legal Papers Is Secured and authorize the Government of Nigeria to effect the payment of your compensation Approved Fund Valid $10. M direct to your Account or We load it into ATM Card and deliver it to you.Approved by both the British government and the UN into your account without any delay.
 
All you need to do is to furnish us a scan copy of your Identification (ID) and your direct cell phone to enable us cross check your information we have in our file here with us at the same time advice you on what to do to receive your fund.
Sincerely, you are a lucky a person. This is because I have just discovered that some top Nigerian and British Government Officials are interested in your fund and they are working in collaboration with One Mr. Richard Graves from USA and Mrs.Inga-Britt Ahlenius the formal.United Nations Under-Secretary-General for Internal Oversight.to frustrate you and thereafter divert your fund into their personal account.
 
I have a very limited time to stay here in Nigeria therefore; I would like you to urgently respond to this message so that I can advise you on how best to confirm your fund in your account within the next 72 hours. For oral discussion, call me on this number which I just acquired in Nigeria today:+234-818-144-0453  or you call my personal assistant herein Nnigeria with his direct line +234-803-487-4282   his name is Mr.Wilson Peter.
 
Sincerely yours.
 
Ms.Carman L. Lapointe.
United Nations Under-Secretary-
General for Internal Oversight.
Email: (
mlapointe736@ymail.com)

Comment : No named recipient. It is extremely unlikely that a such an "esteemed" person would communicate via a ymail e-mail account. Neither would a UN personal assistant communicate via a local land line. Lastly and sadly Nigeria has a reputation for phishing. This actual text has been doing the rounds since December 2011.
Quoted originating e-mail address : mscarman@fine.ocn.ne.jp
E-mail dated : 28th July 2012



 

Originator : Jack Hicks Subject : New Payment through the Intuit network Content :

Payment received: You received $***.00 from Parks Heritage FCU for invoice #####


You can access the payment details here.


Funds will be deposited in your bank account.


You now have the option to get paid by Credit Card on your invoices. To find put more please sign in to your IPN account and click on the 'Profile' tab on the left.

Comment : E-mail sent to multiple recipients, but same invoice number. Links to malicious files on un-associated wesbite.
Quoted originating e-mail address : support@intuit.com
E-mail dated : 16th July 2012


 

Orginator : Dwight Khan (UPS) Subject : Please download and pay your UPS delivery charges Content :

This is an automatically generated email Please do not reply to this email address.

Valued UPS Customer,


New invoice(invoices) are available for viewing in UPS billing center. Do not forget that your UPS invoices

should be paid within 14 days so as not to incur any additional charges.


Please surf to the UPS Billing Center [Link] to view and pay your invoice.

Comment : E-mail sent to multiple recipients. The link directed to a executable file (probably malicious) on a Romanian website not linked to UPS.
Quoted originating e-mail address : USPS_Shipping_Services@usps.com
E-mail dated : 10th July 2012



 

Originator : The Electronic Payments Association Subject : ACH payment canceled Content :

The ACH transfer (ID: 632290239611), recently initiated from your checking account (by you or any other person),

was rejected by the Electronic Payments Association.

Rejected transfer
Transaction ID : ##########
Rejection Reason : See details in the report below
Transaction Report : report.doc (Mircosoft Word Document)

**** Sunrise Valley Drive, Suite ***
Herndon, VA 20***
**** NACHA

Comment : What was declared as a Microsoft Word document was actually a link to a website which may hold malicious content. The subject title was mispelt. An "exclusive" Transaction ID was sent to multiple named recipients. NACH is the bank clearing system within the USA, but the e-mail was sent to UK recipients.
Quoted originating e-mail address : ach@nacha.org
E-mail dated : 5th July 2012

 


 

Originator : Booking.com Subject : Hotel Reservation Details Booking Content :

Booking Confirmation : #########
Dated : 3rd July 2012

Dear,

We have received a reservation for your hotel,
Please refer to attached file now to acknowledge the reservation and see the reservation detail :

[Room reservation details Booking*****.zip]

Comment : The attached compressed (zipped) file was openned in a safe environment and it did have malicious content. No recipients name quoted.
Quoted originating e-mail address : customer.service@booking.com
E-mail dated : 3rd July 2012


 

Originator : Santander UK plc Subject : Existing Santander Customer Notification  Content :

Dear Santander Customer,

At Santander, to ensure that your accounts has not been accessed from fraudulent locations,
access to your account has been blocked. Your online account was blocked due to possible errors detected
with your online banking accounts. Restricted accounts will not be able to receive payments,
send payments or withdraw funds.

To update your Santander records proceed securely via attachment below:

Yours sincerely

Santander UK plc

Comment : The attached compressed file is probably some form of malware. No recipient name was quoted.
Quoted Originating e-mail : support@santander.co.uk
E-mail dated : 26th June 2012


 

Originator : Delta Air Lines Subject : Ticket # 9**** is ready Content :

Dear Customer,

E-TICKET NUMBER / 2 381 344576932 7
SEAT / 28A/ZONE 2
DATE / TIME 16 JULY, 2012, 11:37 AM
ARRIVING / Orville
FORM OF PAYMENT / CC
TOTAL PRICE / 173.59 USD
REF / OB5703 FG / CZ
BAG / 2Piece

Your bought ticket is attached.
You can print your ticket.

Thank you for using our airline company services.
Delta Air Lines.

Comment : The bogus e-ticket is an attached compressed file is probably some form of malware. A recipient name was quoted.
Quoted Originating e-mail : support.5@delta.com
E-mail dated : 25th June 2012


 

Originator : Lloyds TSB Subject : Pending Security Notifications Content :

Dear Customer,

Lloyds TSB  has been receiving complaints from our customers for unauthorised use of the Lloyds TSB Online accounts.
As a result we are making an extra security check on all of our Customers account in order to protect their information from theft and fraud.

Due to this, you are requested to follow the provided attachment below and confirm your Online Banking details for the safety of your Accounts.
However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure
intended to help protect you and your account. Your satisfaction is what weÃÓe all about.

Thanks for your co-operation.

Fraud Prevention Unit
Legal Advisor
Lloyds TSB Team.

Comment : The attached compressed file is probably some form of malware. No recipient name quoted.
Quoted Originating e-mail : enquiry@lloydstsb.com
E-mail dated : 22nd June 2012




Originator : UPS Quantum Vew Subject : Your UPS delivery tracking number Content :

 

This message was sent to you at the request of ICRealtime Security Solutions LLC to notify you that the electronic shipment information below has been transmitted to UPS. The physical package(s) may or may not have actually been tendered to UPS for shipment. To verify the actual transit status of your shipment, click on the tracking link below or contact ICRealtime Security Solutions LLC directly.

Important Delivery Information


--------------------------------------------------------------------------------

Scheduled Delivery: 09-May-2012

Shipment Detail


--------------------------------------------------------------------------------
Ship To:
##########################
CSI SECURITY
2269 JEFFERIES HWY.
WALTERBORO
SC
29488
US
Number of Packages: 1
UPS Service: GROUND
Weight: 9.0 LBS

 
Tracking Number: +++++++++++
Reference Number 1: *****
Reference Number 2: @@@@@@


Click here to track if UPS has received your shipment or visit
http://www.ups.com/WebTracking/+++++

Comment : The tracking number link was to a file on a discount handbag website. That file was probably to some form of malicious software. The e-mail was "decorated" and looked more professional than most previously received.
Quoted Originating e-mail : auto-notify@ups.com
Date Received : 15th June 2012


 

Originator : The Co-operative Bank Subject : Private document from The Co-operative Bank p.l.c
Content :

Fraud prevention and online security

Here at The Co-operative Bank, keeping your personal information secure and confidential is crucial to us.
To protect all our customers we use a range of strict security measures including the latest encryption technology, and cookies. 

As Internet scams are becoming more common, we are taking steps to keep you and us ahead of the game.
*Proceed securely via attachment file to automatically update your account records*

[Co-operative Bank Logo]

Comment : The attached compressed file is probably some form of malware. No recipient name quoted.
Quoted Originating e-mail : phshing@co-operativebank.co.uk
E-mail dated : 15th June 2012


 


Originator : Cahoo Account Subject : Multiple Error Logins from your account Content :

Dear Customer,
We have been unable to verify your account with us.  

Our Technical Security Observe Multiple Error Logins from your account, Please do verify your account

by clicking the link below to prove account ownership .

[ACCOUNT VERIFICATION]   

Thank you for helping us protect you

Cahoot

Comment : The "[Account Verification]" in this e-mail linked to a website which was obviously not associated with Cahoot. E-mail was not addressed to a recipient. The associated website appears to be an online radio station, base country unknown.
E-mail address quoted : technicalservice@cahoot.co.uk
Date received : 8th June 2012


 

Originator : Cahoot Alert Subject : Important Message to Cahoot customers Content :

Dear Cahoot Customer,

It has come to our notice, that our customer are receiving spam email pretending to come from us.

We therefore implore you to click on [account update].

In other to be protected from unauthorized access to your account information

Regards

Cahoot

Copyright© 2012 Cahoot. All Rights Reserved

Comment : The "[account update]" in this e-mail linked to a website which was obviously not associated with Cahoot. E-mail was not addressed to a recipient. Note spelling mistakes and North American spelling. The associated website was built to just download a file and the Homepage only had a single sentence in French.
E-mail address quoted : spoof@cahoot.co.uk
E-mail blocked by ISP : Yes
E-mail blocked by computer : N/a
Date received : 4th June 2012


 

Originator : Santander : Subject : Santander Account Reinstatement Content :

Santander Account Holder,

Starting from 28 May 2012, we are introducing a new online banking
authentication procedure in order to better protect the private information
of all online banking users.

You are required to confirm your online banking details with us, as you will not be able to
have access to your accounts until this has been done. Once you've completed this you'll be
able to manage your money whenever you want, giving you more control of your finances.

*Proceed Securely Via Attachment*

Comment : The attached compressed file (zipped) probably contains some form of malicious software. E-mail was not addressed to a recipient.
Associated e-mail address : online@santander.co.uk
E-mail blocked by ISP : No
E-mail blocked by computer : Yes
Date received : 27th May 2012


 

Originator : Santander Online Alert
Subject : Santander Important security message
Content :

Dear Customer,

This e-mail has been sent to you by Santander UK to inform you that your account will be deactivated within the next 24 hours due to several unsuccessful login attempts on it.

To prevent this to happen please login securely to our activation link below:

Click here account security

If you have already confirmed your information then please disregard this message.

Regards,

Santander Online Service.

Comment : The "click here" in this e-mail linked to a website which was obviously not associated with Santander. The website was not operational and had a Swedish top-level domain (ie. aname.se). E-mail was not addressed to a recipient.
E-mail address quoted : customer.service@santander.co.uk
E-mail blocked by ISP : Yes
E-mail blocked by computer : n/a
Date received : 25th May 2012


 

Originator : USPS Subject : Print the postal label Content :

Postal notification,

Courier service couldn't make the delivery of your parcel.

Reason deny: It's not right specified size and the weight of parcel.
LOCATION OF YOUR PARCEL:Mesa
DELIVERY STATUS: sort order
SERVICE: Local Pickup
NUMBER OF YOUR ITEM:########## ##
FEATURES: Yes

The label of your parcel is enclosed to the letter.
You should print the label and show it in the nearest post office to get a parcel.

Information in brief:
If the parcel isn't received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $14.89 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for attention.
USPS Services.

Comment : The attached compressed file (zipped) probably contains some form of malicious software.
Associated e-mail address : support@neworleans.com (neworleans.com is associated with a travel company for that city).
Date received : 8th May 2012




Originator :
Littlewoods Subject : Account Security Notification Content :

 

Dear Littlewoods Customer,

Please find below 'Changes to your Terms and Conditions' which details changes that we have made to the terms and conditions and fees and charges that apply to your account.

Please click here to read through this contents carefully and keep it in a safe place for your future reference. As an added precaution, we will need you to provide some details which identifies you to littlewoods.
 
If you have any questions or need any further information please contact your local branch.


Regards.
Littlewoods Managing Director/Chief Executive

Comment : The "click here" in this e-mail linked to the website :4thdimensiongambia.com obviously not Littlewoods. E-mail was not addressed to a recipient.
E-mail address quoted : account-alert@little.co.uk
Date received : 7th May 2012


 

Originator : Intelligent Finance Subject : Account Security Notification Content :

DEAR CUSTOMER,

Your Intelligent Finance Account security validation has expired,
this maybe as a result of wrong or incomplete data entered
during the last update.

It's strongly required that you should validate your Account
Ownership Security on the link below.

CLICK HERE to validate your account.

Thank you for helping us serve you better.

Customer Service
Intelligent Finance

Comment : The "click here" link in this e-mail was not working, but I again suspect it would direct to a bogus website. E-mail was not addressed to recipient.
E-mail address quoted : account-service@if.com
Date received : 7th May 2012




Originator : Fredric Oconnell Subject : Your USPS postage charge Content :

 

Acct #: 1459091Dear client:This is an email confirmation for your order of 3 online shipping label(s) with postage. Your credit card will be charged the following amount:Transaction ID: #7384973Print Date/Time: 03/11/2012 02:30 AM CSTPostage Amount: $38.87Credit Card Number: XXXX XXXX XXXX XXXX Priority Mail Regional Rate Box B # 1751  8538  3547  5330  2610  (Sequence Number 1 of 1)
 
 
If you need further information, please log on to usps.com/clicknship and go to your Shipping History* or visit our Frequently Asked Questions * .Refunds for unused postage-paid labels can be requested online up to 10 days after the print date by logging on to your Click-N-Ship Account*.Thank you for choosing the United States Postal ServiceClick-N-Ship: The Online Shipping SolutionClick-N-Ship has just made on line shipping with the USPS even better.New Enhanced International Label and Customs Form: Updated Look and Easy to Use!

This is an automatically generated message. Please do not respond

Comment : There were four website links* within this e-mail, each implied that they were associated with the USPS. The underlying software code did not link to USPS, but would direct to a website providing advice on mobile phones. The name of the re-directed page on that website implied that it was a mock-up of the USPS Homepage.
E-mail dated : 3rd May 2012


 

Comment : From researching the previous two phishing e-mails I came across the following warning on the usa.com website :

Recently we have seen a fraudulent scam using an email address @USA.com where a party acts as the US Immigration Service and requests funds via Western Union. We have requested that Mail.com terminate several such email addresses at USA.com and we have reported the scam to the authorities.

If you see such a scam please notify us and or Mail.com and also we suggest that you reach out to the Internet Crime Complaint Center (IC3), which is a partnership between the FBI and the National White Collar Crime Center to further report this fraudulent activity.

As this is an immigration scam it probably has a Sister scam dealing with US Visas and ESTA registration. Always use official US websites when dealing with Visas and ESTA. The US only charge a nominal fee for for these services and no agent is required.



Originator : Citibank International Subject : Good News from Citibank of New York Content : Identical to the content shown in previous phishing example.

 


Comment : The same as the previous phishing example, apart from "the CEO" for major US bank is now using an "one.co.il" (Isreal) e-mail address !


Originator : Citibank International Subject : INSTANT COMPENSATION ANNOUNCEMENT VALUED AT USD 14.3 MILLION Content :


CITIBANK INTERNATIONAL PLC NEW YORK
DIRECTOR, FOREIGN OPERATIONS DEPARTMENT
ADDRESS: HEADQUARTERS, 399 PARK AVE.NEW YORK UNITED STATE OF AMERICA
OUR REF: CUS/SNT/STB
 
MR. JEFF PETERSON
E-MAIL: jeff_peterson@aol.com
 
 
INSTANT COMPENSATION ANNOUNCEMENT VALUED AT USD 14.3 MILLION
IT IS MY MODEST OBLIGATION TO WRITE YOU THIS LETTER AS REGARDS THE AUTHORIZATION OF YOUR OWED PAYMENT THROUGH OUR MOST RESPECTED FINANCIAL INSTITUTION(CITIBANK PLC). I AM MR. JEFF PETERSON, THE CHIEF EXECUTIVE OFFICER, FOREIGN OPERATIONS DEPARTMENT CITIBANK OF NEW YORK, THE BRITISH GOVERNMENT IN CONJUNCTION WITH US GOVERNMENT, WORLD BANK, UNITED NATIONS ORGANIZATION ON FOREIGN PAYMENT MATTERS HAS EMPOWERED MY BANK AFTER MUCH CONSULTATION AND CONSIDERATION TO HANDLE ALL FOREIGN

PAYMENTS AND RELEASE THEM TO THEIR APPROPRIATE BENEFICIARIES WITH THE HELP OF A REPRESENTATIVE FROM FEDERAL RESERVE BANK OF NEW YORK.
 
AS THE NEWLY APPOINTED/ACCREDITED INTERNATIONAL PAYING BANK, WE HAVE BEEN INSTRUCTED BY THE WORLD GOVERNING BODY TOGETHER WITH THE COMMITTEE ON INTERNATIONAL DEBT RECONCILIATION DEPARTMENT TO RELEASE YOUR OVERDUE FUNDS WITH IMMEDIATE EFFECT; WITH THIS EXCLUSIVE VIDE TRANSACTION NO.: WHA/EUR/202, TRANSFER ALLOCATION NO.: 

CITIBANK/X44/701LN/WGB/GB, PASSWORD: xxxxxx, PIN CODE: yyyyy, IMMEDIATE CITIBANK SECRET CODE: zzzzzzz.HAVING

RECEIVED THESE VITAL PAYMENT NUMBERS, YOU ARE INSTANTLY QUALIFIED TO RECEIVE AND CONFIRM YOUR PAYMENT WITH US WITHIN THE NEXT 96HRS.
 
BE INFORMED THAT WE HAVE VERIFIED YOUR PAYMENT FILE AS DIRECTED TO US AND YOUR NAME IS NEXT ON THE LIST OF OUR

OUTSTANDING FUND BENEFICIARIES TO RECEIVETHEIR PAYMENT BEFORE THE END OF THIS SECOND TERM OF THE YEAR 2012. BE ADVISED THAT BECAUSE OF TOO MANY FUNDS BENEFICIARIES DUE FOR PAYMENT AT THIS SECOND QUARTER OF THE YEAR, YOU ARE ENTITLED TO RECEIVE THE SUM OF FOURTEEN MILLION THREE HUNDRED THOUSAND US DOLLARS  (14,300,000.00 US DOLLARS) ONLY, AS PART PAYMENT SO AS TO ENABLE US PAY OTHER ELIGIBLE BENEFICIARIES.
 
TO FACILITATE WITH THE PROCESS OF THIS TRANSACTION, PLEASE KINDLY RE-CONFIRM THE FOLLOWING INFORMATION BELOW:
 
 
1) YOUR FULL NAME: -----
2) YOUR FULL ADDRESS: ------
3) YOUR CONTACT TELEPHONE AND FAX NO: -----
3) YOUR PROFESSION, AGE AND MARITAL STATUS: -----
4) ANY VALID FORM OF YOUR IDENTIFICATION/DRIVEN LICENSE: -----
5) BANK NAME: ------
6) BANK ADDRESS: ------
7) ACCOUNT NAME: -----
8) ACCOUNT NUMBER: -----
9) SWIFT CODE: ------
10) ROUTING NUMBER: -----
 
 
 
AS SOON AS WE RECEIVE THE ABOVE MENTIONED INFORMATION, YOUR PAYMENT WILL BE PROCESSED AND RELEASED TO YOU WITHOUT ANY FURTHER DELAY. BE ALSO INFORMED THAT YOU ARE NOT ALLOWED TO COMMUNICATE WITH ANY OTHER PERSON(S) OR OFFICE ANY LONGER SO AS TO AVOID CONFLICT OF INFORMATION, YOU ARE REQUIRED TO PROVIDE THE ABOVE INFORMATION FOR YOUR TRANSFER TO TAKE PLACE THROUGH BANK TO BANK TRANSFER DIRECTLY FROM CITIBANK.
 
WE LOOK FORWARD TO SERVING YOU BETTER.
MR. JEFF PETERSON,
(CEO)CHIEF EXECUTIVE OFFICER

Comment : Suspicious: the originator who states they are the CEO for major bank is using an "aol" e-mail address to carry out business; a major bank wants to "give away" $14m, I think not ! US companies operating within the USA do not use "plc" in their title.

As always, do not provide any personal information to someone you do not know or has no reason to have your personal details.

The e-mail quoted in the text : citibank@usa.com has nothing to do with Citibank. "USA.com" appears is a bonafide travel / information organisation within the USA, but it does not manage e-mail addresses ending with "usa.com". It appears that "usa.com" e-mail addresses are freely available to anyone to appy for.
E-mail dated : 3rd May 2012


 

Originator : Delgado Head Subject : Your parcel is given for the safekeeping Content :

Notification, Your parcel can't be delivered by courier service.

Reason deny: Postal code isn't valid.
LOCATION:Riverside
PARCEL STATUS: sorting
SERVICE: Expedited Shipping
ITEM NUMBER:U############ NU
INSURANCE: No

Postal label is enclosed to the letter.
Print your label and show it in the nearest post office of USPS

Attention!
If the parcel isn't received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $13.87 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for attention.
USPS Global Services.


Comment : The "label" was in a zipped attachment, which probably contained some form of malicious software. Even though this e-mail was meant to be from a "Delgado Head" the reply e-mail name was completely different; also note the odd grammar and punctuation used.
Website associated with originating e-mail : buildingpost.com (this website has not been allocated to anyone).
E-mail dated : 30th April 2012


 

Originator : Casey Chandler Subject : It.s denied at the parcel delivery Content : Delivery information,

We couldn't deliver your parcel.

Reason The size of parcel is exceeded.
LOCATION:Providence
STATUS OF YOUR PARCEL: sorting
SERVICE: Expedited Shipping
NUMBER OF YOUR ITEM:U*********** NU
INSURANCE: No

The label of your parcel is enclosed to the letter.
Print your label and show it at the post office.

Information in brief:
If the parcel isn't received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $6.99 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you.
USPS Customer.

Comment : The "label" was in a zipped attachment, which probably contained some form of malicious software. Even though this e-mail was meant to be from a "Casey Chandler" the reply e-mail name was completely different; also note the odd grammar and punctuation used.
Website associated with originating e-mail : packagepost.com (this website has not been allocated to anyone)
E-mail dated : 30th April 2012


 

Originator : online@co-operative.co.uk Subject : System requires further account verification Content :

Dear Customer,

We regularly screen activities in the Co-operative online banking system,
During this process we encountered difficulties in your account verification,
As a result of this our system requires further account verification.

*Proceed securely via attachment file to automatically update your online account records*

Comment : No recipient name quoted in heading or salutation.
Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : Co-operative Bank
E-mail dated : 27th April 2012 ( Received twice )


 

Originator : co-opretivebank.co.uk Subject : New Account Review Document Subject :

Dear Co-operative Bank Customer,

We were unable to verify your account information during our regular database verification process.
However, failure to update your records might result in your account being suspended.
Please note that your updating of information, will not interrupt your services.

*Proceed securely via attachment file to automatically update your online account records*

Comment : the originators name spelling mistake. No recipient name quoted in heading or salutation.
Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : Co-operative Bank
E-mail dated : 24th April 2012


 

Originator : Santander e-banking Subject. : New Santander Bank Account Review. Content :

Dear Customer, We regularly screen activities in the Santander online banking system,
During this process we encountered difficulties in your account verification,
As a result of this our system requires further account verification.

*Proceed securely via attachment file to automatically update your online account records*

Comment : Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : santander.co.uk
E-mail dated : 15th April 2012


 

Originator : es-tatement@santander.co.uk Subject : New Santander Bank Account Review. Content :

Dear Santander Bank Customer,

YOUR ACCOUNT HAS BEEN FLAGGED AS ONE OF THE NUMEROUS ACCOUNTS THAT NEEDS TO BE REVIEWED.
The main reason for this action are:

* Billing / Payment Issues.
* Invalid log on attempts by a suspected third party user.

Proceed Securely via attachment to resolve this issue


Comment : Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : santander.co.uk
E-mail dated : 12th April 2012


Originator : US Airways. Subject : Reservations. Content : You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying internationally). After that, all you need to do is print your boarding pass and head to the gate.

Confirmation Code : ######
Check-in online : Click link

Flight : ####
City of Departure and time : City name ##:##pm
Departure date : ##/##/2012

Comment : The "Click link" would take you to a website based in Romania. Landing on that website would identify to the originator your IP address (###.###.###.###) and may even lead to malicious software being downloaded to your PC / laptop.

Website associated with originating e-mail : myusairways.com (does not appear to exist)
E-mail dated : 9th April 2012


 

Originator : Walter Smith. Subject : Earn £40 working during your free time. Content : Here is an opportunity for you to work from home, work place or school and earn ?40 weekly... the job will  only take maximum of 1hr of your time daily and it's between Monday and  Friday... kindly get back to us  ASAP if you care to know more about the job offer.

Walter Smith
& Development Manpower
rich.investments.incorporation

Comment : This e-mail can probably be defined as spam and phishing. If "taken in" and replied you would probably be asked to puchase a start up kit. You would then be asked for your credit or debit card details. The fraudsters would then start to draw on your account. Alternatively, they could ask for your bank details so they can "pay your salary", then they would draw on your account.

Website associated with originating e-mail : none (e-mail sent from a gmail account)
E-mail dated : 8th April 2012


 

Originator : co-operativebank.co.uk Subject : New Co-operative Bank Account Review. Content :

Dear Customer,

YOUR ACCOUNT HAS BEEN FLAGGED AS ONE OF THE NUMEROUS ACCOUNTS THAT NEEDS TO BE REVIEWED.
The main reason for this action are:

* Billing / Payment Issues.
* Invalid log on attempts by a suspected third party user.

(*Download the attachment Zip within this mail,fill the form to update your online account records*)

Comment : Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : co-operativebank.co.uk
E-mail dated : 7th April 2012


 

Originator : Antoine Caldwell. Subject : USPS postage invoive. Content :

Acct #: *******

Dear client:

This is an email confirmation for your order of 1 online shipping label(s) with postage. Your credit card will be charged the following amount:

Transaction Number: #*******
Print Date/Time: 03/**/2012 **:** AM CST
Postage Amount: $35.68
Credit Card Number: XXXX XXXX XXXX XXXX

Priority Mail Regional Rate Box B # 9***  ****  1841  ****  9***  (Sequence Number 1 of 1)

If you need further assistance, please log on to usps.com/clicknship {even though the name states usps the underlying program is to a bogus website } and go to your Shipping History {link to same bogus website} or visit our Frequently Asked Questions {link to same bogus website}.

You can refund your unused postage labels up to 14 days after the print date by logging on to your Click-N-Ship Account.

Thank you for choosing the United States Postal Service

Click-N-Ship: The Online Shipping Solution

Click-N-Ship has just made on line shipping with the USPS even better.

New Enhanced International Label and Customs Form: Updated Look and Easy to Use!

Comment : The bogus website links are automatic file download ones. This means that as soon as you click on it, it will immediately attempt to download software to your computer. This will probably be malicious. My ISP's spam filter did not filter this e-mail out, probably because it was seen as coming from and individual and not a organisation (bank etc). The filering of this email was left to my own security software on my computer.
Website associated with originating e-mail : usps.com
E-mail dated : 27th March 2012


 

Originator : co-operativebank.co.uk Subject : Payment Accepted - Confirmation Pending. Content : Dear Co-operative Bank Customer, There is a pending transfer into your Bank Account. For security reasons, we will like you to confirm your account status to us before the transfer can be completed. To confirm your account status to us for safety and security update, please click on the Confirm Transfer link below to start the confirmation process. We appreciate your support and co-operation for your prompt attention to this matter. The Co-operative Bank p.l.c. Security Support.

Comment : Push button provided to "complete transfer" hides the bogus link, this looks like it goes to a spoof Co-op bank homepage to obtain password details and/or malicious software. The root of the link is a college essay advice website.
Website associated with originating e-mail : co-operativebank.co.uk
E-mail dated : 25th March 2012


 

No phishing e-mails for 10 days !


 

Originator : online.lloydstsb. Subject : Newly implemented security upgrade. Content : Dear LloydsTSB Customer, Due to on-going maintenance upgrade at LloydsTSB Bank plc, all customers are required to update their information to the new security system. Restricted account(s) will not be able to receive payments, send payments or withdraw funds. (Proceed carefully below Via Attachment).

Comment : Attachment probably contains malicious software.
Website associated with originating e-mail : lloydstsb.com
E-mail dated : 15th March 2012


Originator : IRS (US Tax service ). Subject : Your Tax appeal motion is rejected. Content : Dear business tax payer, Hereby you are notified that your Income Tax Return Appeal id#2144984 has been DECLINED.  If you consider that the IRS did not properly investigate your case due to a misunderstanding of the situation, be prepared to re-submit your appeal. You can access the rejection file and re-submit your appeal using the following link
Click on link for details.

Comment : E-mail was sent to multiple recipients, all with the same tax reference ? Linked website (which wasn't IRS) probably contains malicious software.
Website associated with originating e-mail : irs.gov
E-mail dated : 14th March 2012



Originator
: FedEx Support. Subject : FEDEX Shipment Status NR-2181. Content : Dear Customer, The delivery service couldn't deliver your package. The package weight exceeds the allowable free-delivery limit.  You have to receive your packagen personally. Print out the "Invoice Copy" attached and collect the package at our office. Please read carefully the attached information before receiving your package. Click on attachment for details.

Comment : Attachment probably contains malicious software.
Website associated with originating e-mail : fedex.com
E-mail dated : 10th March 2012


Originator : FedEx. Subject : Your package is available for pickup. Content : This is a post notification, The delivery service couldn't deliver your package.The package weight exceeds the allowable free-delivery limit. You have to receive your packagen personally. Print out the "Invoice Copy" attached and collect the package at our office. Click on attachment for details.

Comment : Attachment probably contains malicious software. Website associated with originating e-mail : fedex.com
E-mail dated : 8th March 2012


 


Originator : Better Business Bureau. Subject : BBB case ID #######. Content : The Better Business Bureau has received a complaint from one of your customers, etc, etc. Click on attachment for details.

Comment : Attachment probably contains malicious software. The e-mail also had a link to the website "bercoexpressdelivery.com"; this website exists, but doesn't have any content. There is a company called Berco delivery,based in South Africa. The business address quoted within the e-mail was "Arlington, Virginia, USA. The e-mail had multiple recipients.
E-mail dated : 7th March 2012


Originator : Intuit Inc. Subject : Please confirm your Intuit.com Invoice. Content : Thank you for buying your accounting software from Intuit Market. We are working on and will message you when your order ships. If you ordered multiple items, we may deliver them in more than one delivery (at no extra cost to you) to provide faster processing time. If you have questions about your order, please call 1-800-955-####. Press on link to complete order.

Comment : The link maybe associated with malicious software. Website associated with originating e-mail : sice.nl (Netherlands); this website deals with environment entertainment ?
E-mail dated : 6th March 2012


 


Originator : Gala Bingo. Subject : Your £40 welcome bonus from Gala - Enjoy the best in Gaming. Content : Promises of £40 free gambling cash for each £10 spent by "punter".

Comment : The e-mail quotes the gala bingo website link, but the actual software instruction is directed to another website "e.loKat.com". This other website is not associated with Gala Bingo.
Website associated with originating e-mail : e.lokat.com. This website shows links to many sources of information, but their long names names imply that they could go to malicious sites or software.
E-mail dated : 3rd March 2012



Originator : Super Free Bingo. Subject : Over £100 Free Bingo. Dated : 1st March 2012
Content : The e mail promises £100 of free bingo money and other offers. The link takes you to a website called "superfreebingo.com" this website advertises 10 different bingo website that offer free trials.

Comment : All of the associated links are to other pages on the same website which includes other links. Clicking on these links starts a download process.
Probably source of malicious software.
Website associated with originating e-mail : wrm6.com . This appears to be a contact website.



Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: abctpa.com does not exist

Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: abcoleman.org exists, but security certificates invalid.

Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: kxl.com exists and is a radio station in Portland, Oregon ! Looks like someone has highjacked their e-mail.

Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: allbanie.com exists, but not related to gambling.

Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: branto.in does not exist.

Originator : Lucky Cash. Subject : Hard to resist bonus offers at Lucky Cash Club. Promise of a $4,000 welcome bonus for gambling on their website. Click on potentially malicious link.
Quoted website for e mail : agiweb.org ( American Geosciences Institute). Looks like someone has hijacked their e-mail.

Originator : Lucky Cash. Subject : Hard to resist bonus offers at Lucky Cash Club. Promise of a $4,000 welcome bonus for gambling on their website. Click on potentially malicious link.
Quoted website for e mail : abc15.com (ABC News channel - Phoenix, Arizona). Looks like someone has hijacked their e-mail.

Originator : Lucky Cash. Subject : Hard to resist bonus offers at Lucky Cash Club. Promise of a $4,000 welcome bonus for gambling on their website. Click on potentially malicious link.
Quoted website for e mail : cv.ua exists, but not related to gambling.




Originator : Better Business Bureau. Subject : Important : BBB complaint activity report. Content  : "Good afternoon, Here with the Better Business Bureau would like to notify you that we have been filed a complaint (ID #######) from one of your customers in regard to their dealership with you. Please open the COMPLAINT REPORT below to obtain more information on this problem and let us know of your position as soon as possible."

Comment : Click on potential malicious attachment.


Originator : BBB. Subject : BBB Notice, re Case ID #######. Content :"Here with the Better Business Bureau notifies you that we have been sent a complaint (ID #######) from your customer related to their dealership with you. Please open the COMPLAINT REPORT below to find the details on this matter and let us know of your point of view as soon as possible. We are looking forward to your prompt reply."

Comment : Click on potential malicious attachment.


 


Originator : FedEx Service. Subject : Fedex Invoice copy NO#3331. Content : "Your package has been returned to the FedEx office. The reason of the return is - Error in the delivery address".

Comment : Click on potential malicious attachment. 




Originator : co-operativebank.co.uk. Subject New Co-operative Bank Account Review. Content : "YOUR ACCOUNT HAS BEEN FLAGGED AS ONE OF THE NUMEROUS ACCOUNTS THAT NEEDS TO BE REVIEWED.
The main reason for this action are: Billing / Payment Issues. Invalid log on attempts by a suspected third party user.

Comment : Click on potential malicious attachment.



- Originator : personal@co-operativebank.co.uk. Subject : Co-operative Bank plc Payment Notification. Content : "Co-operative Bank p.l.c Payment Notification. For more account information and to view your statements, Proceed securely via attachment"

 

 

Click on malicious attachment.




- Originator : Santander Bank. Subject : Your account security message. Content : Click on bogus link

- Originator : Santander UK PLC. Subject : Santander Account Manager Update Notification. Content : Click on malicious attachment.

- Originator : Santander Online Alert. Subject : Alert - Unauthorized Access to your account. Content : Click on bogus link

- Originator : Santander Bank UK. Subject : A New document has arrived in online banking . Content : Click on malicious attachment.

- Originator : e-Document@Santander.co.uk. Subject : A new document has arrived in Online Banking. Content : Click on bogus link

 


 

- Originator : Mrs Robinson. Subject : From Mrs Robinson. Content : "Dear Friend,

I am Mrs Catherine Robinson a cancer patient and an American Citizen married to late Dr Patrick Robinson who was a very successful businessman and expertrate. I am donating the sum of $5million to you for humanitarian project in your country, i decided to do this donation after listening to an old woman donate her fortune to charity on #########... I want you to use it and help the underprivileged, widows and also invest in real estate or any lucrative business in your country which its profit can also help the less privilege and widows since i cannot do it myself due to my cancer problem, my doctors have revealed that i will not last long. I hope you accept my kind gesture. I wait your reply for details. Madam Catherine "

(29th February 2012)


 

- Originator : UK Lottery Organisation. Subject : Congratulations you are a winner today at Malaysia. Content (slightly long this one ! ):

FROM: UK LOTTERY ORGANIZATION,
OUR REF: UKLO/BT/621830
SPONSORSHIP NUMBER: 444968. GAMING APPROVAL NUMBER: 2233898163.


We happily announce to you the results of UK LOTTERY ORGANIZATION'S FREE TICKET ONLINE DRAWS of January, 2012 held in MALAYSIA. We wish to congratulate you on the success of your email address which came out in the first winnings category and won you the total sum of US$4,600,000 in our free ticket, online and email address computer balloting.

Your e-mail address attached to ticket number UKLP-66-73-203-13 with serial number 5039398064482100 drew this lucky numbers 2-23-29-32-39-40-42 which subsequently won the Lottery and qualified you as an international Winner. You have therefore been approved to claim a total sum of US$4,600,000 (Four Million, Six Hundred Thousand USA dollars) through any of our available payment methods.

Your email address was Reference Numbered to: 56475600545188 and your winnings and payment Batch Number is 074/05/ZY369. For your US$4,600,000 payment process to begin, you will be expected to REPLY with the below listed winnings and personal claims information:

* Your complete official names
* Full address & country name
* Telephone & mobile numbers
* AGE, GENDER, OCCUPATION AND JOB TITLE.
* Free ticket and Lucky numbers
* Reference, Serial and Batch numbers
* Date and venue of draw


After you have replied with the above winnings and personal claims information, our APPOINTED CLAIMS AGENT Mr. Calvin Lee Gibson will get back to you with further details on how you will be paid your won prize of US$4,600,000.00 and you will proceed with him from there on to the end. Congratulations on your winnings


 

Originator : DHL Tracking Service. Subject : DHL Cancellation of the package delivery. Content : "Dear customer.Your package has been sent to your address. Please find a post label attached which contains a track number of your package."
The attachment was a compressed file which probably had malicious content.


 

- Originator : Santander Online Banking. Subject : Log in unsuccessful. Content : Click on bogus link

- Originator : Santander Bank. Subject : Irregular Card Activity. Content : Click on bogus link

- Originator : Santander Alert. Subject : Important information on your Santander Account. Content : Click on bogus link

- Originator : Santander Online Alert. Subject Santander important security message. Content : Click on bogus link

- Originator : Santander Bank UK. Subject : Personal Internet Banking Notice . Content : Click on malicious attachment.

(January 2012)