From: AMcDuffie@LPCH.ORG [mailto:AMcDuffie@LPCH.ORG]
To: user@yourdomain.com
Sent: Friday, August 12, 2011 12:55 PM
Subject: IT- Help desk requires you to upgrade web mail

IT- Help desk requires you to upgrade web mail by Clicking http://badlink.moy.su/outlook.htm

This Message is From Help desk. Due to our latest IP Security upgrades We have reason to believe that your web mail account was accessed by a Third party.

Protecting the security of your web mail account is our primary concern, we have limited access to sensitive web mail account features.

Failure to re validate, your e-mail will be blocked in 72 hours.

Thank you for your cooperation.

Help Desk

8/9/2011 Fake Email - Instructs recipient to click a link that may contain malware.

From: Nicole Page
To: user@yourdomain.com
Date: Friday, August 05, 2011 8:38 PM
Subject: INTERVIEW REQUEST

Hello Username

I was forwarded your resume and based upon your background we would like to extend you an offer to interview with us.

We've recently expanded our National Healthcare Division and need individuals capable of working Full-Time and/or Part-Time for Marketing, Recruitment, and Business Development.

Experience not required, although HR, Marketing, Sales, Recruitment, and Customer Service is a plus.

Below are the times we have available this week. Please note: these are Eastern Standard Times

Mon, Aug 8, 2011 11:00 AM - 12:00 PM EDT
Mon, Aug 8, 2011 2:00 PM - 3:00 PM EDT
Tue, Aug 9, 2011 11:00 AM - 12:00 PM EDT
Tue, Aug 9, 2011 2:00 PM - 3:00 PM EDT

To secure your time slot, please click on a link above and Schedule your Interview.

After you schedule your interview time we will send you Login instructions...

This is a great way for our Candidates to Interview with us and make sure it is a mutual fit.

Important Note: This interview is in our Web Conference Room.

It's a Web-Based Interview Platform. A WEBCAM and MICROPHONE are not required!

We Look Forward to Speaking with You.

Thank you,

Nicole Page
HR/Employment Generalist
HRP Staffing                  
(877) 636-4067 x.312                           
nicole@hrpstaffing.com
www.hrpstaffing.com

8/9/2011 Fake Email - another false job interview offer

From: Norma Lenhart
To: user@yourdomain.com
Date: Monday, August 08, 2011 12:18 PM
Subject: !! Respond regarding your resume for the Accounting Officer Position posted on Craigslist !!

Hello Applicant,

Our recruitment team has viewed your resume for the  Accounting Officer Position published on (Craigslist job posting site) you yet to occupy,and we are pleased with your qualifications. Your details has been forward to the senior supervisor (Mrs Natasha Banks ) Of Goldmansachs Company She would like to conduct an online briefing and interview with you to discuss more about the job duties and pay scale.

If you are interested in this position and want to know more about the job duties,you are to set up a screen name with yahoo instant messenger(www.messenger.yahoo.com) and add up this screen name (bnatasha70@yahoo.com) and Report online ASAP for the job online briefing and interview.

Best regard

Human Resource
Goldman Sachs Company

8/4/2011 Phishing Scam

From: Webmail and Network Support [mailto:username@yourdomain.com]
Sent: Thursday, August 04, 2011 7:27 AM
Subject: MESSAGE NO: LXMTNK

Attention Webmail Account User,

This message is from the Webmail & Network Account Management Center. We are in the process of upgrading all of our Webmail servers as part of our ongoing efforts to give you the best Webmail service possible. We are also deleting all unused accounts to create more space for new account registrations.

In order to ensure you do not experience service interruptions or possible deactivation of your e-mail account, Please you must reply to this mail immediately confirming your e-mail account details below for confirmation and identification.

Do confirm your account details below.
_____________________________________

1. First & Last Name:
2. Full Login Email:
3. Username:
4. Password:
5. Retype Password:
_____________________________________

Failure to do this may automatically render your e-mail account
deactivated from our e-mail database/mail server. To enable us upgrade
your e-mail account, please do reply to this mail.

Thanks for your understanding, we wish you a pleasant day ahead.

Technical Support Team,

Webmail & Network Account Management Center.

From: Postmaster [mailto:postmaster@noxis.net]
Sent: Sunday, July 24, 2011 7:06 PM
To: postmaster@yourdomain.net
Subject: Dear Postmaster, please check your DNS- and/or HELO-name...

Dear Postmaster,

you are receiving this mail since your mailserver is probably misconfigured or someone is abusing your domainname.

This message was sent to you automatically.

This Mailserver applies very strict rules to incoming mails as a measure against spam. These rules may cause some side-effects. This mail was sent to inform you that you may be affected by this.

Some mail coming from one of your mail relays or from one of your customers was rejected due to one or more of the following reasons:

Your mailserver is using a IP address for sending that has no valid reverse DNS record. This makes it very hard to determine if this IP is eligible to send mail for your domain and thus many mailservers will reject mails coming from this IP.

How to fix this:
Contact your network department or ISP to setup a reverse DNS mapping from the IP 116.41.202.201 to your HELO hostname [116.41.202.201].

---------------------------------------------------------------------------

= GENERAL INFORMATION =====================================================

Jul 24 16:06:46 noxis postfix/smtpd[5715]: NOQUEUE: reject: RCPT from unknown[116.41.202.201]: 450 4.7.1 Client host rejected: cannot find your hostname, [116.41.202.201]; from=<user@yourdomain.net> to=<disho@noxis.net> proto=ESMTP helo=<[116.41.202.201]>

The rejected email probably still resides on the machine with the
IP-Address: 116.41.202.201, calling itself [116.41.202.201].

Investigations at my end show:

Sender    = user@yourdomain.net
Recipient = disho@noxis.net
From-IP   = 116.41.202.201
From-Host = unknown
Helo      = [116.41.202.201]

'dig [116.41.202.201]' resulted in : not found 'dig -x 116.41.202.201' resulted in: unknown 'dig unknown' resulted in : not found

---------------------------------------------------------------------------

To make sure you mail gets delivery to all users of this mailserver please fix all issues listed above.

You will receive this mail only once. Please act acordingly to restore full service to your users.

Best Regards,

postmaster@noxis.net

From: username@yourdomain.com
To: info@admin.org
Date: Monday, June 20, 2011 11:25 AM
Subject: Your webmail-Administr

Your webmail-Administrator Will Be Closeing Up Your Mail-Box Today If You Don Update your Mail-Box.You are to update your mailbox by clicking on this link, For Your webmail-Administrator Not To Close Your Box. CLICK HERE

5/5/2011 - Fake Email

Rapid City Journal Article

Sioux Falls police say an email that urges readers to beware of terrorists posing as UPS employees is fake.

The email about a supposed large UPS uniform purchase through an online auction site tells the reader that terrorists could use the outfits as disguises. It urges people who encounter a UPS employee to ask for identification.

The email appears to come from the Sioux Falls Police Department, but officials there say that isn't the case and the information in the email is not true. Police in Yankton also have issued a statement alerting people about the bogus email.

Example of the false email message

From: Could be any email address
Sent: Thursday, May 05, 2011 12:48 PM
To: whomever@yourdomain.com
Subject: UPS Uniforms Possible terrorists.

UPS Uniforms
Government Warning regarding purchase of UPS uniforms:

There has been a huge purchase, $32,000 worth, of United Parcel Service (UPS) uniforms on eBay over the last 30 days. This could represent a serious threat as bogus drivers (terrorists) can drop off anything to anyone with deadly consequences! If you have ANY questions when a UPS driver appears at your door they should be able to furnish VALID I.D.

Additionally, if someone in a UPS uniform comes to make a drop off or pick up, make absolutely sure! they are driving a UPS truck. UPS doesn't make deliveries or pickups in anything, except a company vehicle. If you have a problem, call your local law enforcement agency right away! TAKE THIS SERIOUSLY! Tell everyone in your office, your family, your friends, etc. Make people aware so that we can prepare and/or avoid terrorist attacks on our people! Thank you for your time in reviewing this and PLEASE send to EVERYONE on your list, even if they are friend or foe. We should all be aware!
Lt. Steve Name
Your City Police Department

4/20/2011 - Phishing Scam

Subject:Confidential Email From FBI
Date: Tue, 19 Apr 2011 06:28:12 -0600
From: FBI HEADQUATERS
Reply-To:
To:undisclosed-recipients: ;

Confidential Email From The Federal Bureau Of Investigation.

Download Attachment For Further Details Regarding Your Overdue Payment.

3/27/2011 - Phishing Scam

Subject: GREETINGS FROM HONG-KONG.           
Date:     Sun, 27 Mar 2011 06:11:56 -0500
From:    Contact Name <username@somedomain.com>            
To:        Undisclosed recipients;               

Regards,

Richard Tang.

From: Beth Smith
To: info@upgrade.net
Sent: Wednesday, March 23, 2011 11:05 AM
Subject: HELPDESK: Click/Fill To Re-Validate

Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator,login to view your storage limit quota Now http://www.address.com/form.php?id=3873 for storage limit update.

From: IRS.gov
To: user@yourdomain.com
Date: Saturday, March 05, 2011 4:47 PM
Subject: Important - IRS Overpayment Notification (ID: 15483234439)

Overpayment Notification
Date of this Notice: MAR. 06, 2011
Taxpayer Identifying Number: xxx-xx-xxxx
Form: 1040
Tax Period: DEC. 31, 2010

Subject: Taxpayer Overpayment on Tax Refund

Dear Taxpayer:

Our records show you were overpaid on your Federal Tax Refund under Social Security Number xxx-xx-xxxx, therefore $380.00 of the overpaid Tax Refund must be returned.

This memorandum serves as notification of an overpayment of Tax Refund that you received and the subsequent repayment that is your responsibility.

The overpayment totals $380.00 for 1040/2010 filing period you were overpaid in error because of an incorrect Tax Adjustment causing an incorrect refund.

You are offered the following options of repayment within five (05) business days from today Mar. 11, 2011. Failure to respond timely will result in the immediate recovery of the overpayment, fines, and possible criminal prosecution.

If you disagree with the amount listed below, you have the right to an immediate Pre-decision Meeting with a person who has direct access to the agency appointing authority for this purpose.

A summary of the overpayment is as follows:

Here are your Re-payment Options:
  1. Submit payment within five (05) business days of the "date of demand" to the account:
Name(s) on Receiving Account: Carol Ann Miller
Street: 125 congress st
City: White Oak
Zip Code: 15131
State: Pennsylvania
Country: United States
Bank name: FIFTH THIRD BANK
Bank Account Number: 7400728122
Electronic ABA Routing Number(ex. Direct Deposit/Automatic Payment):043018868
Wire ABA Routing Number: 042000314
Bank Address:348 Lincoln Highway,
North Versailles,
PA, 15137
Bank phone #:1-800-972-3030

  2. Write on transfer reference: "Payment of Erroneous Refund" and your SSN.
  3. Failure to comply within the given time frame will result in stiff penalties and interest accruals in excess of what is owed.

Sincerely yours,

WILLIAM C. MALAHAI
19-06693
Tax Assessment Supervisor

3/02/2011 - Phishing Scam

(A PDF is likely attached to the following message)

From: Sistema
To: username@yourdomain.com
Date: Wednesday, March 02, 2011 2:59 PM
Subject: New order 4975311 from site.

Dear customer.

Thank you for the order,
your credit card will be charged for 287 dollars.
Information about the order and delivery details is in attached file.

Best regards, ticket service.

From: Webmail Admin Center

Date: 2/25/2011 7:37:14 AM

To: you@yourdomain.com

Subject: Dear Valued Customer

This is to inform you that you have exceeded your E-mail Quota Limit

and you need to increase your E-mail Quota Limit because in less than

96 hours your E- mail Account will be disabled.Increase your E-mail Quota Limit and continue to use your Webmail Account.

To increase your E-mail Quota Limit to 2.7GB, Fill in your Details as

below and send to the E-mail Quota Webmaster by CLICKING REPLY:

EMAIL ADDRESS:

USERNAME:

PASSWORD:

CONFIRM PASSWORD:

DATE OF BIRTH:

Thank you for your understanding and corperation in helping us give you the

Best of E-mail Service in  2011.