Scam email messages

This article contains information that will help you protect yourself from fraudulent email notices, commonly referred to as phishing. Phishing is an attempt to acquire personal information for the purposes of identify theft or domain and email hijacking.

We will never ask for any of the following:

- birthdate
- mother's maiden name
- social security number

If you contact us for assistance with your account, we may need to confirm your username, password, or billing details to assist you with managing your Hover services. We will never initiate the first contact with you to gather personal information that you have already provided to us in your Hover account!

Here are some warning signs that an email may be a phishing scam:

- You are being asked for personal information in an unsolicited email, letter, or phone call. If you haven't contacted us for help with your account, we would have no reason to contact you for your account information.

- The email or letter does not refer to you by name. If we send you an email, we'll address it to the name on your account. We won't start an email with "Dear Webmail User" or "Dear Email Account Owner."

- The name of the company sending the letter is not clearly stated. Scammers will often send email messages from "the administrator" or "the helpdesk" because they use the same email template for sending phishing email messages to customers of many different email and Internet services.

General information on how to report Internet scams in several countries may be found at this website:

http://www.consumerfraudreporting.org/reporting.php

Below, are examples of email phishing scams that have been sent to our customers recently. If you have any other examples of Internet email scams you've received, please send them to us as a comment at the bottom of this tutorial so it can be shared with other subscribers.

Webmail User Scam

 From: Webmail HelpDesk <info@helpdesk.com>
Sent: Jul 23, 2009 1:03 PM
Reply-To: supportweb@mail2world.com

Dear Webmail User,

This message is from Webmail HelpDesk to all our account owners. We are currently upgrading our Accounts database. We are deleting all unused WebMail account to create more space for new accounts. In other for your account not to be suspended or deleted, you will have to update your account by providing the information listed below:

Confirm Your Webmail Account Details.

Email Address:
User Name:
Password:
Date of Birth:

You will be sent a new confirmation alphanumerical password which will be valid during this period and can be changed after the process.

We are very sorry for any inconveniences this might have caused you.

Thanks for your understanding.

Webmail HelpDesk.
Warning!!! Account owner that refuses to update his or her account within seven days of receiving this notice ends up being suspended permanently.

Webmail Administrator Scam

From: WEBMAIL ADMINISTRATOR. <info@webmail.org>
Sent: Oct 6, 2009 7:53 AM
To: undisclosed-recipients:;
Reply-To: webmailteamupdat@sify.com

 

Dear Email Account Owner,

This message is from microsoft email maintenance messaging center to all Webmail/email account owners.We are currently upgrading our data base and e-mail account center.We are deleting all un_used
email account to create more space for new accounts. To prevent your account from closing you will have to update it below so that we will know that it's a present used account.

CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username :

EMAIL Password :

Date of Birth :

Country or Territory :
send all information account section

webmailteamupdat@sify.com

Warning Code:VX2G99AAJ
Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using Microsoft!

 

Regards
WEBMAIL ADMINISTRATOR.

Domain Services Scam

 From: Domain Services [mailto:domain_services@ymail.com]
Sent: Sunday, July 17, 2011 3:28 PM
To: WALLY@DOMAINNAME.COM
Subject: Domain Notification: JOHN - DOE This is your Final Notice of Domain Listing - DOMAINNAME.COM
Importance: High

 

Attention: Important Notice

DOMAIN SERVICE NOTICE

Complete and return by fax to:
1-310-579-8660

4310 W. 190th St.
Suite # 63546
Torrance, CA 90504
United States of America

ATT: SCOTT - WALLACE
ADMINISTRATIVE CONTACT
-
WALLY@DOMAINNAME.COM
2500 COMMERCIAL STREET - - VANCOUVER - BC - V5N4E8
CA
1.6048883333

WWW.DOMAINNAME.COM

Domain Name: DOMAINNAME.COM
Search Engine Submission

Requested Reply
JULY 19,2011

PART I: REVIEW SOLICITATION

Attn: JOHN - DOE
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it's time to send in your registration and save.

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

Privatization allows the consumer a choice when registering. Search engine subscription includes domain name search engine submission. You are under no obligation to pay the amounts stated below unless you accept this offer. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.

This Notice for: WWW.DOMAINNAME.COM will expire on July 19,2011 Act today!

-------------------------------------------------------------------------------------- ------

DETAIL OF SERVICE: ANNUAL WEBSITE SEARCH ENGINE SUBMISSION FOR DOMAIN NAME WWW.DOMAINNAME.COM

Detail of Service:
SEARCH SUBMISSIONS

Reply by Date:
07/19/2011

For Domain Name:
.COM

Select Term

Your Existing Domain

Period Covered

Price

 

DOMAINNAME.COM

   

[ ] 1 year

 

07/19/2011 - 07/19/2012

$75.00

[ ] 2 year

 

07/19/2011 - 07/19/2013

$119.00

[ ] 5 year

 

07/19/2011 - 07/19/2016

$199.00

[ ] 10 year

-Most Recommended-

07/19/2011 - 07/19/2021

$295.00

[ ] Lifetime (NEW!)

Limited time offer - Best value!

Lifetime

$499.00

 

Please ensure that your contact information is correct or make the necessary changes.

Full Name: JOHN - DOE

Email: WALLY@DOMAINNAME.COM

Email 2: ____________________

Phone: _____________________

Want to receive this notification for other domains you own? simply list them below:

_____________________ _____________________

_____________________ _____________________

Today's Date: _____________________

Signature: _____________________

Payment by Credit Card
PLEASE COMPLETE AND RETURN BY FAX: 1-310-579-8660
( Please do not include your credit card number on this form just fill the information above and fax it to us, once we receive your fax we will send you instructions on how to make a payment by credit card )

 


DOMAINNAME.COM

-------------------------------------------------------------------------------------- ------

By accepting this offer, you agree not to hold DN liable for any part. Note that THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amounts stated unless you accept this offer. The information in this letter contains confidential and/or legally privileged information from the notification processing department of the DN. This information is intended only for the use of the individual(s) named above. There is no pre-existing relationship between DN and the domain mentioned above. This notice is not in any part associated with a continuation of services for domain registration. Search engine submission is an optional service that you can use as a part of your website optimization and alone may not increase the traffic to your site. If you do not wish to receive further updates from DN send an email to domain_services@ymail.com and in the subject line only put remove to unsubscribe. If you are not the intended recipient, you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance on the contents for this letter is strictly prohibited. * 100% satisfaction guaranteed, you may request a refund within 30 days.

 

ISP Renewal Scam
 

Be aware of email renewal notices from a company called "ISP Renewal." It is an attempt to have you transfer your domain at an exorbitant renewal rate!

Here is an example email from ISP Renewal:

From: ISP Renewal [mailto:renewal@onlinereminder.org]
Sent: Saturday, October 10, 2009 5:18 PM
To: Cresote, Demetri
Subject: Reminder

The domain name www.awesomeroofandtile.com <http://www.awesomeroofandtile.com>; is about to expire 2009-11-20.

If you wish to continue using your domain name please click on the link below.

Click here to renew.
--------> http://www.domainrenewal-online.org/for.php? d=www.awesomeroofandtile.com

Once the payment has been completed the above mentioned domain name will automatically be renewed and a conformation will be sent.

________________________________

Additional information
ISPRenewal consults companies about their ownership of domain names on the internet. We supply information to companies about to their domain portfolios, administer domain addresses and when a domain name is due to expire we inform businesses that it is time to renew a domain name. If you wish to assign ISPRenewal to extend your domain, please click on the link above. If you do not not wish renew your domain, you may disregard this e-mail. Note! No changes will be made in the WHOIS information if you choose to your domain with us. You will still have your current Domain Service Provider. You may also request your resent Domain Service Provider to extend your domain. If you have any enquiries, do not hesitate to contact our customer service center at +44(0)20 33 55 4951 visit us on the web.

Domain Registry of America / Domain Registry of Canada

You may receive a domain renewal letter from the Domain Registry of America or their sister company the Domain Registry of Canada, as pictured above.  This letter is a solicitation to transfer your domain registration services away from Hover, and at a much higher price than we charge!  You can disregard any letters in the mail from either of these companies and continue to renew your domain registration services through Hover.

To save trees and reduce the cost of your services, we do not send renewal letters by standard letter mail.  Before your domains expire, we will send you several email notices.  We may even call you to ensure that your domain names have not expired without your knowledge.

 

CIRA .CA Registry Fake Phishing Email

 

The following email was sent recently to some .CA domain owners.  It is a fake and not really from CIRA:


From: .CA Internet Registry Authority <cira@email.com>
Date: Fri, Apr 29, 2011 at 10:51 AM
Subject: domainname.ca is expired
To: <Your Domain Email Contact>

Customer Number for this Account:25119222
domainname.ca

The domains listed below expired on April 25, 2011.

This is your last chance to renew your domain name(s)!You must renew
by May 1st, 2011
or the domains listed below will be cancelled.
domainname.ca
RENEW NOW: http://WWW.CIRA.COM@67.19.214.98/~casupppo/CIRA%20-%20Canadian %20Internet%20Registration%20Authority%20-%20Home.php?dom=domainname.ca

Please note:If you do not renew your domain(s) during the 3-day
Renewal Grace Period, you may incur a fee of $80.00 in addition to the
domain renewal fee. During this time, the domain name(s)
will be moved to parked nameservers and any Website or email services
associated with the domain name(s) may stop working. For further
information about Domain Renewals, review the Domain
Registration Agreement here.


IMPORTANT:The registry will hold the name in a Redemption Period for
30 days. During this time, the domain name will be removed from the
zone files (the list of domains currently in the global
DNS); therefore, any web site or email services associated with the
domain name will stop working. The original domain registrant may
retrieve the domain name from deletion during this period for a
fee of $80. Thanks for choosing a .ca domain name!
Sincerely,


CIRA.CA (Canadian Internet Registration Authority)

 

Have more questions? Submit a request

7 Comments

  • 0
    Avatar
    Rhonda McReynolds

    Received following today -

    | Subject:
    | WEBMAIL ALERT!!
    |
    | From:
    | WEBMAIL ACCOUNT AND RACTIVATION prevenir@inen.sld.pe
    |
    |
    | Sent:
    | Jul 19, 2012 07:31:26 AM
    |
    | To:
    | undisclosed-recipients:;
    |
    | Reply-To:
    | web.center@accountant.com
    |

    Dear: Webmail Member,

    As part of our continuous effort in providing a higher level of service,we are notifying every Webmail account owners about the congestion due to the anonymous registration of accounts. To solve this problem, we are shutting down some unused accounts within 24 hours.

    To avoid shutting down your account, verify and inform us if you still want to use the account by completing the form with the required information and you must reply to this email immediately, and provide the following details of your account:

    ***********************************************

    CONFIRM YOUR EMAIL IDENTITY BELOW

    Email Username : ......... .....

    EMAIL Password : ...............

    Date of Birth : ................

    Country or Territory : .........

    ************************************************

    Violating any Webmail policy or guideline.

    You are responsible for any misuse of our services that occurs through your account.

    For Help and Support, contact the Technical Support help desk at:

    web.center@accountant.com

    After following the instructions in the above, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences we may cause you.

    Warning! Account owners that refuses to update his or her account after 5 working days of receiving this warning will lose his or her account permanently.

  • 0
    Avatar
    Greg Jewell

    Just got this email even though I have never opened a help ticket;


    When replying, please ensure your reply is above this line

    |
    Hover
    | Customer Service is available from 8am - 8pm (EST) Mon-Fri No-hold toll free: 1.866.731.6556 email: help@hover.com
    |
    |
     
    |

    |

     

    We've received your help request. Your reference number is #598701.

    To add additional comments, you can simply reply to this email or view the request online.

    |

    |
    More helpful links:    Blog   |   Help & Forums   |   Twitter    |   Facebook
    |
    |

    You have been sent this message because you recently opened a help request with Hover.

    |

    Message-Id:C9G5CMN8_507594506ac1f_9c11cb2a7c6137075_sprut

    Mesage details;

    Return-Path: help@hover.com Delivered-To: greg@jewell.net X-FDA: 66753046122.01 X-Panda: scanned! X-Filterd-Recvd-Size: 6020 Received: from out.sys.zendesk.com (out.sys.zendesk.com [184.106.12.190])  by imf01.hostedemail.com (Postfix) with ESMTP  for < greg@jewell.net>; Wed, 10 Oct 2012 15:29:20 +0000 (UTC) Received: from out.sys.zendesk.com ([192.168.102.108]:59462 helo=zendesk.com)  by out.sys.zendesk.com with esmtp (Exim 4.69)  (envelope-from < help@hover.com>)  id 1TLyDo-00057N-Fr  for greg@jewell.net; Wed, 10 Oct 2012 15:29:20 +0000 Date: Wed, 10 Oct 2012 15:29:20 +0000 From: Hover Help Center < help@hover.com> Reply-To: Hover Help Center < help@hover.com> To: Greg < greg@jewell.net> Message-Id: < C9G5CMN8_507594506ac1f_9c11cb2a7c6137075_sprut@zendesk.com> In-Reply-To: < C9G5CMN8@zendesk.com> Subject: Request received: Send function on your email@domain.tld email has been temporarily suspended (ticket #598701) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=mimepart_5075945073e1b_9c11cb2a7c6137272 X-Delivery-Context: event-id-8126553673 X-Mailer: Zendesk Mailer Auto-Submitted: auto-generated

     

  • 0
    Avatar
    Tyson Acker

    Hi Greg - that's not a scam email.  We opened the support request to let you know about an issue with email sent using your account credentials. Please give us a call or send us an email from another account so we can elaborate on the details.

  • 0
    Avatar
    Rex Espiritu

    Dear Hover Customer,

     

    We are writing to let you know that we reset your password today. If you are unable to log into your Hover account, you will need to use the “I forgot my password” option on the  sign in page to change your password.

     

    We did this as a precautionary measure because there appears to have been a brief period of time when unauthorized access to one of our systems could have occurred. We have no evidence at all that any Hover accounts have been accessed, but even the possibility that this could have happened moved us to err on the side of extreme caution.

     

    We apologize for the inconvenience.

     

    Sincerely,

     

    The Hover Team

  • 0
    Avatar
    Stuart Allen

    I got this email.  I'm not sure whether it's a phishing email.  I tried resetting my password but the "new" password doesn't work and my "old" password does. Can you help me make sure my account is secure?  Thank you, Stuart Allen

     

  • 0
    Avatar
    Darr Hoag

    I got the same email... I didn't follow any of the links in it because when I examined the underlying links, none pointed to hover.com per se.

    As you can see for yourself if you 'float' your cursor over the links in the email above, the 'View Online' link actually points to

    http://us1.campaign-archive1.com/?u=ba0da0e3ae7f8baccdbf18486&id=0d6fa2d25e&e=bb212e0cd7  (campaign-archive1.com, not hover.com)

     

    The "www.hover.com" link actually points to

    http://hover.us1.list-manage.com/track/click?u=ba0da0e3ae7f8baccdbf18486&id=fc14d2ec10&e=bb212e0cd7 (list-manage.com, not hover.com)

    BIG WARNING FLAG - there is no good reason for ANY reputable website to disguise a link to their own main domain with a link to some other site.

     

    The 'unsubscribe from this list' link points to

    http://hover.us1.list-manage.com/unsubscribe?u=ba0da0e3ae7f8baccdbf18486&id=385242311b&e=bb212e0cd7&c=0d6fa2d25e (again - list-manage.com, not hover.com)

    and

    The 'Update subscription preferences'' link

    http://hover.us1.list-manage2.com/profile?u=ba0da0e3ae7f8baccdbf18486&id=385242311b&e=bb212e0cd7 (list-manage2.com, not hover.com)

    Conclusion - fake/scam email.

    If you followed any links in that email or used any links in it to change your password, you should manually enter hover.com in your browser's address bar, log in, and change your password to something secure. e.g. 8 characters or more consisting of mixed case alpha, plus numbers, plus special characters like !@#$%^&()-_+=[]{}<>

    like_ 

    _t#1s1S4fa!rlySecuRePa$$w0rD!

    Though that's not really a "secure password"  - a secure password should not be derived from dictionary words, even with '1337/h4x0r' (elite/hacker speak) spelling substitutions (though some would argue 5 or more dictionary words strung together magically makes it secure).

    note: I'm just a peon renter of email addresses from Hover/Tucows, and do not intend this message to imply that I'm somehow otherwise connected to nor represent Hover.

  • 0
    Avatar
    Rachel Fitzmaurice

    Hi Rex, Stuart and Darr, 

    I edited the above posts to remove sensitive personal information as this is a public Forum.

    The email you guys are referring to did actually come Hover, despite the links not going directly to Hover. On August 4, 2015, as the email says, we did this as we were erring on the side of extreme caution when an unrelated system may have had unauthorized access. No Hover accounts were accessed but you will still need to reset your passwords. If you would like to read more about it check out the Incident Report here.

     

Please sign in to leave a comment.
Powered by Zendesk