Issue 121 - December 2011 - Page 25
IT Service Desk 'Scheduled Maintenance & Upgrade' Phishing Scam
Email purporting to be from "IT Service Desk" claims that, due to a scheduled maintenance & upgrade, the user must reply with his or her email username and password to avoid service disruptions.
The email is not from any IT service desk. In fact, the message is a phishing scam designed to trick users into divulging their email login details to Internet criminals.
Detailed analysis and references below example.
Last updated: 5th November 2011
First published: 5th November 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Scheduled Maintenance & Upgrade
IT Service Desk
Attn account User,
Scheduled Maintenance & Upgrade
Your account is in the process of being upgraded to a newset of Windows-based servers and an enhanced online email interface inline with internet infrastructure Maintenance. The new servers will provide better anti-spam and anti-virus functions, along withh IMAP Support for mobile devices that Support IMAP to enhance your usage.
To ensure that your account is not intermittently disrupted but active during and after this upgrade, you are required to kindly confirm your account by stating the details below:
* User name:
This will prompt the upgarde of your account.
Failure to acknowledge receipt of this notification, might result to a temporal deactivation of your account from IT Service Desk database.
Your account shall remain active upon your confirmation of your login details.
IT Service Desk apologize for any inconvenience caused.
IT Service Desk
Copyright 2011, All Rights Reserved.
According to this email, which purports to be from "IT Service Desk", the user's email account is undergoing a scheduled maintenance & upgrade that will result in a new and enhanced email service. The message warns that, in order to avoid possible disruptions or even a "temporal deactivation" of the account, the user must confirm account details by emailing his or her username and password.
However, the email is certainly not from "IT Service Desk" or any legitimate email service provider's support team. In fact, the message is a phishing scam
designed to trick unwary users into submitting their account login details to cybercriminals. If a recipient falls for the ruse and replies with his or her email username and password, the criminals responsible for the scam will be able to use these stolen credentials to access his or her email account. Once they have gained access, the criminals can then change the password to lock out the legitimate account holder and use the account to send spam email and launch further scam campaigns
There have been a number of similar scam campaigns in the last several years. Many such attempts target users of a specific email service provider such as Hotmail
. This version of the scam takes a more generic approach. The message does not name a specific provider which means that the scammers can effectively target customers of a range of service providers. If recipients reply, the scammers can ascertain which service provider they are using by examining their email address. Then, armed with the victim's login details, they can go to the provider's website and login at will.
The message tries to make its claims sound more believable by including technical sounding jargon that supposedly explains why recipients are required to provide their login details. While more computer savvy users may not fall for such a transparent ruse, less experienced users
may be considerably more vulnerable.
No legitimate service provider will ever ask you to send your login details via email. Some versions of the scam use a similar cover story but entice potential victims into providing their details on a bogus website
or via an attached HTML form. If you receive a message that makes such a request, do not reply. Do not follow any links or open any attachments that the email may contain.
Phishing Scams - Anti-Phishing Information
Friend Stranded in Foreign Country Scam Emails
Hotmail Account Closure Phishing Scam
Yahoo Account Phishing Scam Email
Gmail Account Phishing Scam
Bigpond Database Upgrade Phishing Scam
In My Opinion, Most Scam Victims are Naive, Not Stupid
Hotmail Account Deactivation Phishing Scam
Pages in this month's issue:
- Bogus Warning - Scammers Asking for Baby Details to Claim Benefits in Your Children's Names
- False Claim - Cardiff City Football Club Refused to Donate Club Shirt for Fallen Soldier's Coffin
- Summer Chain Email - Blond Hair And Blood Shot Eyes
- Facebook Account Reported Phishing Scam
- Christmas Tree App Virus Hoax
- Sears Supports Reservist Employees Email Forward
- False Claim - Colour Photographs of Hitler Taken by American Life Photographer
- Budweiser Frogs Virus Hoax
- Phone Text Message Lottery Scams
- Skype TopUp Payment PayPal Phishing Scam
- Hoax - Mark Zuckerberg Blames Facebook Porn Attack on the Philippines
- 'DGTFX Virus' Email Account Phishing Scam
- Recent Facebook Porn Attack Highlights Dangers of Misleading 'Security' Warnings
- False - Send Christmas Cards for Recovering Soldiers to Queen Elizabeth Hospital
- Christmas Cards for Recovering American Soldiers
- Starbucks Coffee Free Gift Card Survey Scam
- Facebook 'Virus' Warning - 'Nobody can watch this for more than 15 seconds' Video
- Advance Fee Scam - British National Lottery Promo Programme
- Live Ants In The Brain Hoax
- Hoax - Albany Bread Poisoned by Staff
- PayPal 'Verify to Resolve Account Limitations' Phishing Scam
- Red Bull Car Adverts Money Laundering Scam
- Hoax - Facebook Shutting Down on March 15
- False Warning - Red Dot Inside a Red Square On Chocolate Bars Indicates That Product Contains A Pork Derivative
- IT Service Desk 'Scheduled Maintenance & Upgrade' Phishing Scam
- Abandoned Two Week Old Sydney Baby Prayer Request
- Protest Message - Prison Sentence for Spray Painting Poppy on Mosque
- Protest Message - Dog Named 'Parrot' Shot by Police
- Inaccurate Protest Message - Poundland and Bodyshop Banning Staff From Wearing Poppies
- Apple Store Account Phishing Scam