2015 e-scams-ISP Alerts

2015 e-scams

The following email messages are examples of actual email phishing scams or attempts to deliver a virus via email. Most of these examples appear to have been sent by your Internet Service Provider (ISP).

You may also receive this type of email scam that appears to have been sent by Facebook, Twitter, Amazon, Ebay, Paypal, or a familiar 
credit card or bank.

If you do receive one of the following emails or a similar email message 
in your inbox, please avoid opening any attachments and delete 
the email.

NOTE: If you receive a questionable email and it is not listed here, do not assume that the email is valid. This list is simply a small sample of the large amount of scam emails that are circulating.

12/23/15 Malicious Link

Dear ISP Member,

Some of your incoming emails are currently being rejected as your storage limit of 30MB has being exceeded; click below to increase storage on your next signin.

 www.yourisp.net/storage [1]

 Thank you for using our mail system.

 Online Services Team.

© Copyright Your ISP 2012. All rights reserved.

12/11/15 Malicious Attachment

Good morning,

Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice. If you have any questions please let us know.

Thank you!

Mr. Katrina Nelson
Accounting Specialist| Bank of America, N.A., Cabot Oil & Gas Corp.

12/11/15 Malicious Attachment

The message below is embedded in email which includes a malware infected attachment titled resolutioncenter.htm. Do not click the attachment, delete the email.

12/04/15 Malicious Link

From: Loan Desk Help [mailto:spammer@endtomemoryloss.com] 
Sent: Friday, December 4, 2015 8:56 AM
To: customer@yourdomain.net
Subject: Shop Early

Approval Status: Pre-Approved
Approval Date: December 3, 2015
Advance Amount: 1,475.00
Approved For: customer@yourdomain.net

We all know how much of a pain waiting in those long holiday shopping lines is.
So let us help you Avoid the hassle of long lines and get a Head Start on your Holiday Shopping!

You've been pre-approved for an advance in the amount of 1475.

Enjoy no stress worry free days, on us!
Please go here: http://keep.endtomemoryloss.com/
Start your early Holiday Shopping today
Please go here: http://keep.maliciouslink.com/
To unsubscribe from this email, click here http://keep.maliciouslink.com
Blue Global, LLC. 7302 East Helm Drive, Suite 2005 Scottsdale, AZ 85260 ===========================================
  Do you Want to Stop Receiving These?  http://keep.maliciouslink.com   here    or use the traditional way and send a letter to :   
11997 j ave fayette ia 52142-9284

11/05/15 Infected Attachment

Subject: Document from AL-KO
To: customer@yourisp.net
From: info@spammer.co.uk
Date: Thu, 5 Nov 2015 16:04:30 +0530

This document is DOC created by Osiris OSFAX(R) V3.5.
It can be viewed and printed with Microsoft Word(R)

The attached document if opened will download malware and/or a virus.

10/28/15 Infected Attachment

From: Worldwide Winning Notification <web81@alquds.com>
Subject: Congratulations !
To: customer@yourisp.com

There is no message included in the body of this message, it's blank.

There is a malicious attachment titled Winning Notification_!!!.rtf (3MB)

10/15/15 Malicious Link

From: You ISP <account.verification@yourisp.net>
Date: October 15, 2015 at 6:04:42 PM CDT
To: <customer@yourisp.net>
Subject: Webmail Account Closure Alert!
Reply-To: <user_support@bip.net>

Dear User,

Please, be informed that due to congestion on our webmail server, all unverified accounts will be closed within the next 48hours to decongest the server. To confirm this account ( customer@yourisp.net ) is owned by you, you are required to fill in your details below and send back to us for validation. This information is needed to verify you own the account and avoid automatic account deactivation or loss of important messages. Only verified accounts will be active after the verification exercise to remove suspected accounts.
Kindly click "Reply" before completing the below required.

Full Name: 
Email Address: customer@yourisp.net
Confirm Password: 

Warning Code: VX2G99AAJ

Thanks For Your Co-operation.

Maintenance Team
Your ISP logo here

10/15/15 Malicious Link

From: Chase <Onlinealerts@secureserver.com>
Date: October 15, 2015 at 3:54:04 PM MDT
To: <customer@yourisp.com>
Subject: Confirm your account information
Reply-To: <replyto@falselink.com>

Dear Customer,

We recently detected numerous failed attempts to provide the correct answers to your security questions. 

Therefore, we have temporarily suspended online access to your account and we need to go through some verification.

To begin please download the attached file below to proceed to verification as soon as possible.

Chase safeguards your account whenever there is a possibility that someone else is attempting to sign in. 

Please understand that this form must be completed within 24 hours.

This is our security measure intended to help and protect you and your account.

Thank you for your cooperation and we deeply apologize for any inconvenience this may cause you.

Chase Customer Service.
Malicious Link Here

9/6/15 Malicious Link

From: Your ISP Verification Centre <noreply@venturecomm.net>
Date: September 26, 2015 at 3:00:50 AM CDT
To: <customer@yourisp.net>
Subject: Your ISP Mail Alert !!
Reply-To: <no-reply@yourisp.net>

Dear valued customer,
This will be your last notification so verify your account now with this link http://maliciouslink.com/
Thank you for using Your ISP mail!
Copyright 2015Your ISP

9/6/15 Malicious Link

From: Your ISP Verification Centre [mailto:no-reply@yourisp.net] 
Sent: Sunday, September 06, 2015 11:57 PM
To: customer@yourisp.net
Subject: Your ISP Mail Alert !!

Dear valued customer,
Due to congestion in our mail server, all unverified accounts would be shut down. To confirm this account (customer@yourisp.net) is active, please click on this link  http://maliciouslink.trilink.com/
Thank you for using Your ISP mail!
                                                          Copyright © 2015 Your ISP

9/1/15 Ransomware attachment

From: eFax Document
To: customer@yourISP.com
Subject: New Fax: id-32690

(attached document titled eFax-message-id32690.doc (32kb)

You have received new efax from HP47752. File is scanned image in DOC format.

8/17/15 Malware infected link

From: Admin [mailto:noticesh3@suddenlink.net] 
Sent: Monday, August 17, 2015 7:20 AM
To: Recipients
Subject: Mail Box Alert!!!

Dear user,
Your mailbox is almost full.
Current sizeMaximum size

Your mailbox might be close kindly click activate to add more MB to your mailbox.

Copyright © 2015 Email! Inc. All rights reserved.

8/15/15 Malware infected link
Final step... 

Confirm your email address to complete your Twitter account. It's easy just click on the button below. 

      Confirm now       

             Settings | Help | Opt-out | Not my account 

Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103 

8/12/15 Malware infected link

Hi User,
We noticed an attempt to sign in to your account from an unrecognized device in Nigeria west Africa. 

If this was you, you're all set!
If you haven't recently signed in from an unrecognized device and believe someone may have accessed your account, please visit this link 
https://maliciouslink/a/13570 to update your account recovery information.

Thanks for taking these additional steps to keep your account safe.

Admin ©2015.

8/12/15 Malware infected link

From: your company administrator 
Sent: Wednesday, August 12, 2015 3:31 PM
To: customer@yourdomain.com
Subject: UPGRADE!

Dear User,
Your mailbox quota utilization has exceeded 85%. You may not be able to receive all new emails.
Please we advised you update your emails account to avoid this.You can now increase your mail service quota storage and/or number of accounts(s). Just visit 
https://maliciouslink.com/  for details or contact us on 101.

Admin @2015

7/30/15 Malware infected attachment

From: Your Internet Service Provider Support Centre [mailto:evcentre@yourdomain.net] 
Sent: Thursday, July 30, 2015 6:07 PM
To: customer@yourdomain.net
Subject: Verify Your Your Internet Service Provider Email Account

Attn: Your Internet Service Provider User,
All unverified accounts would be shut down so to verify this account, please complete your email verification below with the necessary details.
*Email address: customer@yourdomain.net
*Reconfirm Password:
Thank you for using Your Internet Service Provider Mail!
                                          © 2015 Your Internet Service Provider

7/28/15 Malware infected attachment

From: "Isaiah Nieves" <fjgaston1@ono.com>
Sent: Tuesday, July 28, 2015 3:25 AM
To: <customer@yourdomain.com>
Subject: Isaiah Nieves


This is to inform your company that your company's address was given incorrectly while processing the previous tax form for previous year.

In order to avoid huge fine fees during the next tax period please 
call our expert as soon as you read the document in attachment.

Best regards
 Isaiah Nieves
Tax Inspector

6/15/15 Phishing Email

From: "False name info" <suspiciousemail@domain.com>
Date: May 8, 2015 at 2:27:21 AM MDT
To: user@yourdomain.com

Account Holder,
 This is to inform you that Oxfam (UAE) has awarded the user of this email account a cash grant of $250,000.00 usd, (Two hundred and fifty thousand dollars)Please contact  with your Qualification Number[OXG /101/231/BDB] as soon as possible.Via emai:(malicousemail@gmail.com) 

6/13/15 Malware - phishing link

From: Webmail Administrator [mailto:upgradenweb1011@live.com] 
Sent: Saturday, June 13, 2015 1:21 AM
To: user@yourdomain.com
Subject: Account Alert

ACCOUNT: http://webmailupgrade1015.maliciouslink.com/ 

5/28/15 Phishing Email 

"Wei Chen" <wei.chen@mail.com>

Date: May 27, 2015 at 4:17:19 AM MDT
Subject:Foreign Partnership Quest.

I am soliciting your assistance to move an investment profit funds worth USD$48.8M from my Bank. This is genuine and I hope it will appeal to you. I need your consent to provide details.

Wei Chen

5/28/15 Phishing Email (malicious link)

Subject: Re: Attention!!
Date: 2015-05-28 03:48
 From: ",Admin" <rebecca5@prtel.com>
To: customer@yourdomain.com

Dear WEB user your email has exceeded the storage limit set. You will 
not be able to send or receive messages.
  To activate, click on the link and complete the information required;
The account must be reactivated with in 24 hours to regenerate new 
  support Helpdesk

5/21/15 Phishing Email (malicious link)

From: "Carrie E. Bartlett" <bartlettce@domain.com>
Date: May 8, 2015 at 2:27:21 AM MDT
To: "customer@yourdomain.com

Account Holder,
 This is to inform you that Oxfam (UAE) has awarded the user of this email account a cash grant of $250,000.00 usd, (Two hundred and fifty thousand dollars)Please contact  with your Qualification Number[OXG /101/231/BDB] as soon as possible.Via emai:(false email@gmail.com) 

5/02/15 Phishing Email - You may also receive a phone call stating information much like what is in the message below.

From: ryan smith
To: customer@yourdomain.com
Subject: Hacking Problem

Hi, This is David Jones, Technical head Windows Department informing you that your computer ip address has been hacked by the hackers, due to which maximum information of the computer getting broadcasted in the internet and any one can misuse this informations any point of time and according to USA Data Protection Act you should secure data and information by yourself. Regarding this problem on of the technician will get back to you very soon or else you can directly contact us at 315-636-4392. Thanks, Regards, David Jones (Windows Technical Head)

5/01/15 Phishing Email

Attention e-mail account user,

In an effort to enhance e-mail account security starting today, all user accounts both old and new accounts will be subject to a quarterly verification process. Every 90 days, users will receive e-mail notifications containing instructions on how to verify the validity of their e-mail accounts. Click Here <http://maliciouslink.com>. The grace period for completing e-mail account verification will be 5 days. At the end of the 5-day period, all unverified accounts will be deactivated.
Deactivated accounts will be periodically deleted. After an account is deleted, new registration will be required to regain access to an account.


4/13/15 Phising Email

Subject: Warning...
Date: 2015-04-13
From: Admin Helpdesk (ahmed.alramady@aiesec.net)

Dear domain.net User,

You have reached the storage limit for your Mailbox.  for your e-mail access restoration Please  CLICK HERE and update your account

Gwtc.net System Administrator.

4/3/15 Virus infected spam

Date: 2015-04-03 01:02 
From: impandex@zastava-arms.rs 
To: customer@yourdomain.net 

On 2 April 2015 at 09:23, automatic home <info@zastava.com

Dear Customer, 

Kindly reconfirm  us with  the status of the PO we are a bit 
confused with your payment information as stated in the 
enclosed attached Order. 

With Regards 

Sales Manager 
Further Inquires please: 
Company: Energy supply LTD.INDIA 
Invoice Request Number: M0P1YY1 
Carrier: MAERSK LINE xxll112**12 
Invoice Type: International Delivery Charges 
Cargo Destination: Within Europe & Africa&Asia 
Bill of Lading Number: 864822292 
Consignee Name: XYZ TRANSPORT LTD 
TRA License Number: 11613 

Important Note:- 

Seat availability and rates are subject to change without any 
prior notice.Please note that the above mentioned Fares are only 
Guaranteed for Today. Hence Please advise us at the earliest for 
confirming the same. 

Hope that everything mentioned is clear and in order. Please feel 
free to contact for any further assistance on the same. 

Our office  timings - 8.00AM - 12.00PM / 4.00PM -8.00PM 

Thanks & Regards, 

Binu Antony 
Senior Travel Consultant, 
Cleopatra Travels, 
P.O.Box 989 
Tel: 44444403, 44368128, 44437788, 44329282 
Fax: 44329301/44444010 
Mobile:  +974 55707334 
Email - user1985@gmail.com 

Binu Antony <user1985@gmail.com
-----------------------     1:07 AM (4 hours ago) 

2/1/15 General Spam

From: testing [mailto:testing@newsfeedback.us] 
Sent: Saturday, January 31, 2015 10:24 AM
To: user@sbtc.net
Subject: test html


Sample Clickthru
Sample view

Sample Unsub
Variables 1 01 |resak@sbtc.net| Email Address
2 02 |145517| Email Mailing ID ( ROBOMAIL ASSIGNS THIS ONE )
3 03 || Personalization field 2
4 04 || Personalization field 3
5 05 || Personalization field 4
8 cb |-----293005401398P113BE6| Randomized from the Content-Boundry template
9 CX || where X can be 0 to 9, a random line from the wordX files, but stays constant through the email
10 rX || where X can be 0 to 9, a random line from the wordX files, but variable through the email
11 rw |crocein| A random line from the word0 file
12 r0 |coco| A random line from the word0 file
13 dd |sbtc.net| The domain part of the To: address
14 db |31 Jan 2015 21:53:40 +0500| Date with no time
15 dh |Sat, 31 Jan 2015 21:53:40 +0530| Complient Date: header formatted date
16 dD |Sat| Current Week Day Name
17 dM |Jan| Current Month Name
18 dm |1| Current Month Number
19 dn |31| Current Day of the Month Number
20 dy |2015| Current Year
21 fr || The next line from the "from" file.
22 ho |combine.newsfeedback.us| full hostname for sending ip
23 hd |newsfeedback.us| 2nd level domain of sending ip hos

24 HX || where X can be 1 to 9, substitue X random Hexidecimal numbers
25 ip || sending IP address
26 NX || where X can be 1 to 9, substitue X random number
27 m0 |403| The unique robomial mailing id for that campaign
28 qd |201501312153| Qmail style Message ID timestamp
29 rw |honourableness| A random line from the word0 file
30 rx |deadhead| where X can be 1 to 9, a random line from the wordX file
31 su || The next line from the "subjects" file
32 tm |1422721420| The unix timestamp
33 uu |resak| The user part of the To: address
34 yX || where X can be 1 to 9, substitute X random lower case letters
35 YX || where X can be 1 to 9, substitute X random upper case letters and numbers
36 XX |8F0RP139QQ| where X can be 1 to 9, substitute X random upper case letters and numbers constant per email
37 x0 |erfnx^fogp(arg| rot13 of email address
38 rd || rotate domain 

1/30/15 Phishing spam

From: VENTURECOMM <ksacket3@kent.edu>

Date: January 30, 2015 at 1:47:26 PM CST
To: undisclosed-recipients:;
Subject:Dear Email user

Dear VENTURECOMM Email user,

   Due to database maintenance equipment that is happening in our VENTURECOMM mail message center. Our VENTURECOMM

 message center must be reset due to the large number of spam messages we receive daily in our database. The maintenance of quarantine will help us avoid this dilemma every day and with the new improved software will provides our VENTURECOMM

Email users with a secure mail system and new security system to protect our users from getting their VENTURECOMM

 accounts being hacked.

   To validate your VENTURECOMM Email mailbox, kindly CLICK HERE  to visit the Mris customer secure LINK specified on this email and fill out the account validation form to validate your VENTURECOMM email powered account:


Copyright © 2015 Metropolitan Regional Information Systems

1/28/15 Phishing spam

Subject: Mail Service Team
Date: 2015-01-27 08:08
From: "Wang, Yanhua" <Y.Wang@uva.nl>

To provide you with the best possible support and improving your overall
mail experience, we have detected your mail settings is out of date. We
want to upgrade all email account scheduled for today. CLICK the link to
upgrade your account or copy and paste it in your browser,otherwise your
account will be suspended.
If your settings is not updated today, your account will be inactive
and cannot send or receive message any longer.
Mail Service Team.