Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Compuserve Database Upgrade Phishing Scam

Email, purporting to be from online service provider CompuServe, claims that the recipient must reply immediately with his or her CompuServe login details or risk having the account closed.

Brief Analysis
The email is not from CompuServe. In fact the message is a phishing scam designed to steal login and other personal information from CompuServe customers. If customers fall for the ruse and send their details as instructed, the Internet criminals running the scam will then be able to hijack their account and use it for other fraudulent activities.

Bookmark and Share
Detailed analysis and references below example.

Last updated: 31st May 2010
First published: 31st May 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Subject: Important Notice to all Users

Dear Compuserve Customer,

To complete your web mail account, you must reply to this email immediately

This message is from customer service support team, messaging center to all email account owners.

We are currently upgrading our data base and e-mail account center We are deleting all unused email accounts to create more space for new accounts. to prevent your account from being closed, you will have to update it below so that we will know that it's a present used account.

confirm your identity below.

User name : ..............
EMAIL Password :..............
Date of Birth : ..............
Country or Territory :.......

Await Your Response............

We are sorry for any inconvenience as soon as your mail is being upgraded it will perform as normal and it will be more enhanced.

Yours Sincerely,
Compuserve Web Support Service.

Detailed Analysis
According to this email, which claims to be from large Internet and email service provider CompuServe, the company is upgrading its database and will be shutting down all unused accounts during this upgrade process. The message warns recipients that, unless they reply immediately and provide their account username and password along with other personal details, their accounts will be closed.

However, the email is not from CompuServe and the claims in the message are lies designed to trick CompuServe account holders into divulging their account details to Internet based criminals. A CompuServe user who complies with the request in the scam email and provides his or her account details, will actually be sending this sensitive information directly to these criminals. Once they receive these details, the scammers will then be able to hijack the victim's account and use it for their own nefarious purposes.

Immediately after they have logged on to the compromised account for the first time, the scammers will usually change the account password so that the real owner of the account will no longer have access. Typically, the scammers will then use the hijacked account to send further scam emails to all of the people on the account's contact list. These scam emails will claim that the sender is stranded in a foreign country without access to money due to some mishap such as a robbery. The scammers will ask for an "urgent" bridging loan to help them to return home.

Because the email comes from the account of a person that the recipient knows, he or she may be more inclined to believe the claims in the message and send the money as requested. To further the illusion, the bogus request email is likely to include the real name and normal email signature of the owner of the hijacked account. In their initial emails, the scammers usually ask for personal details such as the user's name, birth date and country of residence so that such details can be incorporated into the second round of scam emails. Of course any money sent will be pocketed by the criminals operating the scam. If a recipient is fooled in to sending money as requested, further requests for money are likely to follow. Meanwhile, the real owner of the hijacked account may not even be aware that his or her name and account are being used in an attempt to defraud his or her friends. And even when the original victim does become aware that the account has been hijacked, he or she will not be able to access the account to inform contacts of the fraud attempts because the scammers have changed the password.

A typical example of the secondary friend stranded in a foreign country scam email is included below:
Subject: Sad news

How are you doing today? This has had to come in a hurry and it has left me in a devastating state.I had to come down to UK for an urgent situation, unfortunately for me Robbers attacked the Hotel I lodged. They made away with my entire luggage, all my money and contact dairy. I had spoken to my Embassy, they only cleared me of my traveling documents. I didn't bring my phone here and the hotel telephone lines were disconnected during the robbery, so I have access to only emails. Please can you send me USD2,300 as early as possible so I can return home. I will refund it immediately i get back. Western Union seems to be the safest and quickest option for now, please send to the details below:

[Contact details removed]

Please as soon as you are done sending it, write out the transfer details ,including (MTCN) or scan the receipt and send it to me. Thank you so much as I would be waiting to hear from you.

Thanks Carla
CompuServe will not ask its customers to provide login details and other personal information by replying to an email. The company does not need customers to reply to an email to ascertain if a particular account is still active. These facts are true not only for CompuServe but for other service providers as well. Criminals have used the same tactics to target users of other major service providers, including Hotmail, Yahoo, BT Internet and a number of others. Some versions take a more generic approach and just target webmail users in general.

There are a great many variations of this phishing scam. Internet users should not trust any email that asks them to reply with account login details. No legitimate service provider is ever likely to request login credentials and other sensitive personal information in this manner.

Bookmark and Share

Friend Stranded in Foreign Country Scam Emails
Hotmail Account Closure Phishing Scam
Yahoo Account Phishing Scam Email
Btinternet Email Account Phishing Scam
Email Exceeded Storage Limit Phishing Scam
Webmail Account Phishing Scam

Last updated: 31st May 2010
First published: 31st May 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer