Want to get paid for a vulnerability similar to this one?
Contact us at: email@example.com
Sometimes phishers are after more than your bank account or credit cards. These days a lot of them want your email account. They can use it to send spam, to your friends, and those friends will trust a message from you. (That’s a more reliable form of social engineering to get them to install malware on their computers. Or give up their bank accounts and credit card numbers …)
> Dear user
> Your email has exceeded 2 GB, which is created by Webmaster, you are currently
> running at 2.30GB, you can not Send or receive new messages until you check your
> account.Complete the form below to verify your account.
Sometimes the email phishers will send you this “over quota” message. Other times it may be that you are, supposedly, sending out malware or spam yourself.
> Please complete the details below to confirm your account
> (1) E-mail:
> (2) Name:
> (3) Password:
> (4) Confirm Password:
Here they just flat out ask you for your user name and password.
Spam isn’t the only thing they can do with your account. These days Web based email accounts can be linked to storage space and other functions. Google accounts are very valuable, since they give the phishers access to Google+ (with lots of personal information about you), YouTube, and Google Drive (which still has Google Docs in it, and can be used to set up phishing Websites).
Again, watch for telltale signs in the headers:
To: Recipients <firstname.lastname@example.org>
From: HELP DESK<email@example.com>
Date sent: Sun, 01 Dec 2013 14:01:47 +0100
Send reply to: firstname.lastname@example.org
It isn’t “to” you, and the “reply” isn’t the same as the “from.”