This morning I was scrambling with a bit of last minute packing before heading out for a few days at a business event in Clearwater Beach, Florida. I grabbed my various electronic devices, and quickly checked my email. When I did, I saw this email with the subject, "Account Re-Activation (Please Reply)"
Dear Webmail Account Users,
This is to inform you that we are having congestion's due to the anonymous registration of webmail accounts so we are shutting down some email accounts and your account is among those to be deleted, so we like to know if you still want this account on our e-mail database/mail server.
To enable us upgrade you account and give you the best of our services please you must reply to this mail and Re- confirms your login information to avoid interruption.
Full Name: ............................... Full Email Login: ...................... Password: ................................ Current Password: ...................
After following the instructions in the sheet, your account will not be interrupted and will continue as normal because series of maintenance process need to be carried out on your mailbox.
Failure to do this will automatically render your e-mail account deactivated from our e-mail database/mail server. To enable us upgrade your email account, please do reply to this mail.
Webmail Regional Mail server Technical Support.
It was obvious to me that this is a "phishing" email, but people fall for these expeditions every day. Help people by showing them why email like this is a scam designed to steal their email credentials. What do you see in this?
Here are a few of the things I see...
First, and foremost, it asks for my account information in the plain text of an email. That's what got me thinking: do people actually fall for this? They must!
Never email a password to anyone. Ever.
What else do I see in this? Well, it's not written to me personally, but to a generic title. Any real business with my account information would auto-fill my name, at least.
How about a webmail company who doesn't ask me to login to my account to make a change? Or at least to use a web page for this interaction?
Of course, the mistakes in the English in the email are keys, too. As are the "From:" address and header, which I haven't included here.
What do you see? How will you warn your friends?