Recently my wife received the e-mail that appears here:
From: WEBMAIL ALERT MASSAGE [mailto:firstname.lastname@example.org]
Sent: Monday, January 31, 2011 8:01 AM
Subject: Dear RoadRunner Subscribers
Dear RoadRunner Subscribers,
This mail is to inform all our Subscriber that we will be maintaining and
upgrading our website in a couple of days from now. As a Subscriber you are
required to send us your Email account details to enable us know if you are
still making use of your mailbox.Be informed that we will be deleting all
mail accounts that is not functioning to enable us create more space for
new subscribers, You are to send your mail account details which are as
Notice:Your Email account will be expired after 48 hours, if you do not
re-validate or update your account. Please do co-operate with us so we can
serve you better, contact the administrator!!****
Your Full Names:
Confirm Your Password:
Alternative Email :
To avoid deleting your valid account from our DATA BASE, Please understand
that we doing this maintaince to create space for new subscribers.Failure
to do this will immediately render your email address deactivated from our
database. Thank you for using RoadRunner Webmail.
RoadRunner Email Administrator
Warning Code :ID67565434.
This type of e-mail is known as “phishing”. According to Wikipedia, Phishing is “is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” In other words, someone out there is trying to trick you into giving them personal and potentially damaging information.
If my wife had replied this message with the information requested, she would have given someone access to her e-mail. Some may ask why that is a big deal – after all, it’s not like giving access to a bank account, is it?
A few years ago I had someone hack my e-mail password, without my realizing it. They were then able to go to eBay.com, and recover my eBay password. They then proceeded to begin making orders from eBay. Fortunately, they did not succeed, but you can begin to imagine how potentially damaging this could be. In addition to hacking my eBay account, they might well have been able to hack my PayPal account and proceed with these purchases.
This e-mail is attempting to accomplish the same thing. So the question is, how does one guard against this? The first answer is to be sure you aware of these scams. When people get these and have never heard that they might be a scam, they tend to be very trusting and reply with what is asked.
Secondly, look for tell-tale signs that this is a scam. In the example above, the first sign is the e-mail address that is on the message. email@example.com is not an address that is from Roadrunner. If Roadrunner is requesting information, then you would expect the message is coming from Roadrunner. The second sign is the grammar and spelling in the message. Roadrunner is a reputable company. They would never send out a message that contains things such as missing spaces after punctuation marks (notice the lack of space after a couple of periods and after a colon), poor grammar (notice the sentence “Please do co-operate with us so we can serve you better, contact the administrator!!****”) and misspelling (MASSAGE instead of MESSAGE and maintaince instead of maintenance).
Finally, reputable organizations will NEVER ask you to reply to an e-mail with information, or ask you to click a link to enter information. ALWAYS read the address bar in your web browser, as well, to insure you are on the site you think you are on. Most browsers now also have phishing filters to help users avoid sites known for phishing – be sure those filters are active.
The two links below provide some additional information on phishing, which may be useful.