Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share





Issue 85 - September 2008 - Page 3

Pages in this month's issue:
  1. Sun Powered Key Ring Tracking Device Hoax
  2. Photographs of Lions Chewing Car Tyres
  3. Webmail Account Phishing Scam
  4. Katie Fitch Prayer Request Email
  5. Internet Explorer 7 Latest Version Malware Email
  6. World's Largest Swimming Pool
  7. Mysterious Carved Tree Hoax
  8. Montauk 'Monster' Photograph
  9. Video of Lebanese Girl Crying Crystal Tears
  10. Miracle in Egypt - Buried Children Saved By Jesus
  11. Two Cranes Tipping Off Pier Photographs
  12. Astronaut Carving on Salamanca Cathedral Wall
  13. Sunset Over Europe and Africa From Columbia Hoax
  14. Whipped Ocean - Beach Foam at Yamba New South Wales
  15. Burned Cigars Insurance Claim Hoax

Issue 85 Start Menu

Previous Article            Next Article

Webmail Account Phishing Scam

Summary:
Email claims that recipients must "confirm their account" by providing username and password details within three days or their webmail account will be closed (Full commentary below).



Status:
False

Example:(Submitted, August 2008)
Subject: Dear Webmail Subscriber Confirm Your Account.

From: "WEB SUPPORT TEAM"


Dear Webmail Account Owner,

This message is from web mail admin messaging center to all web mail account owners. We are currently upgrading our data base and e-mail account center. We are canceling unused web mail email account to create more space for new accounts.

To prevent your account from closing you will have to update it below so that we will know it's status as a currently used account.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username : .............
Email Password : ................
Date of Birth : .................

Warning!!! Any account owner that refuses to update his or her account within Three days of this update notification will lose his or her account permanently.

Thank you for using web mail
Support Team
Warning Code :ID67565434




Commentary:
This unsolicited email warns the recipient that his or her webmail account will be closed if the account is not updated within three days. The message instructs the user to confirm his or her identity by providing the webmail account username and password and user's date of birth.

However, the message is not from any official webmail "support team" nor will the user's account be closed within three days if the requested information is not supplied. Instead, the message is a rather crude attempt by Internet criminals to fool unsuspecting webmail users into handing over their account details. A victim who complies with the instructions in the phishing scam email will in fact be providing the scammers with the means to directly access his or her webmail account. Once armed with the victim's account details, the scammers can logon to the webmail account, steal any personal information listed therein, and possibly use the account for sending spam or scam emails. The scammers can also harvest any email addresses included in the account's contact list and add them to spammer databases.

Scammers regularly use such ruses to trick recipients into compromising their webmail accounts. However, such scam emails are more commonly targeted at specific webmail providers such as Yahoo. In this case, the scammers have apparently attempted to steal information from users of any webmail service by sending out a generic message that does not name a particular service provider. The message implies that there is some central webmail administrator that oversees all webmail accounts. However, this is simply untrue. There are now thousands of different webmail providers both large and small. Each is independently operated and they are certainly not under the control of some central administrative entity. A legitimate webmail administration message will clearly identify the company that provides the service via company names, links or logos. Generic admin messages that do not identify the name of the service provider are unlikely to be genuine.

Moreover, your webmail provider is very unlikely to request your username and password via email. While some providers may close inactive accounts after a specified period, they will not demand that the user provide sensitive information via email or risk losing their account within a few days. Any unsolicited email that makes such a demand is likely to be fraudulent. In some variants of these scams, the scammers will include a link to a fake website that closely resembles the genuine webmail login page. You should treat as suspect any email that claims that you will lose your account if you do not provide private information via email or a website. Do not reply to such emails or click on any links that they may contain.

Read more information about Phishing Scams

References:
Yahoo Account Phishing Scam Email

Previous Article            Next Article

Issue 85 Start Menu

Pages in this month's issue:
  1. Sun Powered Key Ring Tracking Device Hoax
  2. Photographs of Lions Chewing Car Tyres
  3. Webmail Account Phishing Scam
  4. Katie Fitch Prayer Request Email
  5. Internet Explorer 7 Latest Version Malware Email
  6. World's Largest Swimming Pool
  7. Mysterious Carved Tree Hoax
  8. Montauk 'Monster' Photograph
  9. Video of Lebanese Girl Crying Crystal Tears
  10. Miracle in Egypt - Buried Children Saved By Jesus
  11. Two Cranes Tipping Off Pier Photographs
  12. Astronaut Carving on Salamanca Cathedral Wall
  13. Sunset Over Europe and Africa From Columbia Hoax
  14. Whipped Ocean - Beach Foam at Yamba New South Wales
  15. Burned Cigars Insurance Claim Hoax