Scam email messages

This article contains information that will help you protect yourself from fraudulent email notices, commonly referred to as phishing. Phishing is an attempt to acquire personal information for the purposes of identify theft or domain and email hijacking.

We will never ask for any of the following:

- birthdate
- mother's maiden name
- social security number

If you contact us for assistance with your account, we may need to confirm your username, password, or billing details to assist you with managing your Hover services. We will never initiate the first contact with you to gather personal information that you have already provided to us in your Hover account!

Here are some warning signs that an email may be a phishing scam:

- You are being asked for personal information in an unsolicited email, letter, or phone call. If you haven't contacted us for help with your account, we would have no reason to contact you for your account information.

- The email or letter does not refer to you by name. If we send you an email, we'll address it to the name on your account. We won't start an email with "Dear Webmail User" or "Dear Email Account Owner."

- The name of the company sending the letter is not clearly stated. Scammers will often send email messages from "the administrator" or "the helpdesk" because they use the same email template for sending phishing email messages to customers of many different email and Internet services.

General information on how to report Internet scams in several countries may be found at this website:

Below, are examples of email phishing scams that have been sent to our customers recently. If you have any other examples of Internet email scams you've received, please send them to us as a comment at the bottom of this tutorial so it can be shared with other subscribers.

Webmail User Scam

 From: Webmail HelpDesk <>
Sent: Jul 23, 2009 1:03 PM

Dear Webmail User,

This message is from Webmail HelpDesk to all our account owners. We are currently upgrading our Accounts database. We are deleting all unused WebMail account to create more space for new accounts. In other for your account not to be suspended or deleted, you will have to update your account by providing the information listed below:

Confirm Your Webmail Account Details.

Email Address:
User Name:
Date of Birth:

You will be sent a new confirmation alphanumerical password which will be valid during this period and can be changed after the process.

We are very sorry for any inconveniences this might have caused you.

Thanks for your understanding.

Webmail HelpDesk.
Warning!!! Account owner that refuses to update his or her account within seven days of receiving this notice ends up being suspended permanently.

Webmail Administrator Scam

Sent: Oct 6, 2009 7:53 AM
To: undisclosed-recipients:;


Dear Email Account Owner,

This message is from microsoft email maintenance messaging center to all Webmail/email account owners.We are currently upgrading our data base and e-mail account center.We are deleting all un_used
email account to create more space for new accounts. To prevent your account from closing you will have to update it below so that we will know that it's a present used account.

Email Username :

EMAIL Password :

Date of Birth :

Country or Territory :
send all information account section

Warning Code:VX2G99AAJ
Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using Microsoft!



Domain Services Scam

 From: Domain Services []
Sent: Sunday, July 17, 2011 3:28 PM
Subject: Domain Notification: JOHN - DOE This is your Final Notice of Domain Listing - DOMAINNAME.COM
Importance: High


Attention: Important Notice


Complete and return by fax to:

4310 W. 190th St.
Suite # 63546
Torrance, CA 90504
United States of America



Search Engine Submission

Requested Reply
JULY 19,2011


Attn: JOHN - DOE
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it's time to send in your registration and save.

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

Privatization allows the consumer a choice when registering. Search engine subscription includes domain name search engine submission. You are under no obligation to pay the amounts stated below unless you accept this offer. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.

This Notice for: WWW.DOMAINNAME.COM will expire on July 19,2011 Act today!

-------------------------------------------------------------------------------------- ------


Detail of Service:

Reply by Date:

For Domain Name:

Select Term

Your Existing Domain

Period Covered





[ ] 1 year


07/19/2011 - 07/19/2012


[ ] 2 year


07/19/2011 - 07/19/2013


[ ] 5 year


07/19/2011 - 07/19/2016


[ ] 10 year

-Most Recommended-

07/19/2011 - 07/19/2021


[ ] Lifetime (NEW!)

Limited time offer - Best value!




Please ensure that your contact information is correct or make the necessary changes.

Full Name: JOHN - DOE


Email 2: ____________________

Phone: _____________________

Want to receive this notification for other domains you own? simply list them below:

_____________________ _____________________

_____________________ _____________________

Today's Date: _____________________

Signature: _____________________

Payment by Credit Card
( Please do not include your credit card number on this form just fill the information above and fax it to us, once we receive your fax we will send you instructions on how to make a payment by credit card )



-------------------------------------------------------------------------------------- ------

By accepting this offer, you agree not to hold DN liable for any part. Note that THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amounts stated unless you accept this offer. The information in this letter contains confidential and/or legally privileged information from the notification processing department of the DN. This information is intended only for the use of the individual(s) named above. There is no pre-existing relationship between DN and the domain mentioned above. This notice is not in any part associated with a continuation of services for domain registration. Search engine submission is an optional service that you can use as a part of your website optimization and alone may not increase the traffic to your site. If you do not wish to receive further updates from DN send an email to and in the subject line only put remove to unsubscribe. If you are not the intended recipient, you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance on the contents for this letter is strictly prohibited. * 100% satisfaction guaranteed, you may request a refund within 30 days.


ISP Renewal Scam

Be aware of email renewal notices from a company called "ISP Renewal." It is an attempt to have you transfer your domain at an exorbitant renewal rate!

Here is an example email from ISP Renewal:

From: ISP Renewal []
Sent: Saturday, October 10, 2009 5:18 PM
To: Cresote, Demetri
Subject: Reminder

The domain name <>; is about to expire 2009-11-20.

If you wish to continue using your domain name please click on the link below.

Click here to renew.

Once the payment has been completed the above mentioned domain name will automatically be renewed and a conformation will be sent.


Additional information
ISPRenewal consults companies about their ownership of domain names on the internet. We supply information to companies about to their domain portfolios, administer domain addresses and when a domain name is due to expire we inform businesses that it is time to renew a domain name. If you wish to assign ISPRenewal to extend your domain, please click on the link above. If you do not not wish renew your domain, you may disregard this e-mail. Note! No changes will be made in the WHOIS information if you choose to your domain with us. You will still have your current Domain Service Provider. You may also request your resent Domain Service Provider to extend your domain. If you have any enquiries, do not hesitate to contact our customer service center at +44(0)20 33 55 4951 visit us on the web.

Domain Registry of America / Domain Registry of Canada

You may receive a domain renewal letter from the Domain Registry of America or their sister company the Domain Registry of Canada, as pictured above.  This letter is a solicitation to transfer your domain registration services away from Hover, and at a much higher price than we charge!  You can disregard any letters in the mail from either of these companies and continue to renew your domain registration services through Hover.

To save trees and reduce the cost of your services, we do not send renewal letters by standard letter mail.  Before your domains expire, we will send you several email notices.  We may even call you to ensure that your domain names have not expired without your knowledge.


CIRA .CA Registry Fake Phishing Email


The following email was sent recently to some .CA domain owners.  It is a fake and not really from CIRA:

From: .CA Internet Registry Authority <>
Date: Fri, Apr 29, 2011 at 10:51 AM
Subject: is expired
To: <Your Domain Email Contact>

Customer Number for this Account:25119222

The domains listed below expired on April 25, 2011.

This is your last chance to renew your domain name(s)!You must renew
by May 1st, 2011
or the domains listed below will be cancelled.
RENEW NOW: http://WWW.CIRA.COM@ %20Internet%20Registration%20Authority%20-%20Home.php?

Please note:If you do not renew your domain(s) during the 3-day
Renewal Grace Period, you may incur a fee of $80.00 in addition to the
domain renewal fee. During this time, the domain name(s)
will be moved to parked nameservers and any Website or email services
associated with the domain name(s) may stop working. For further
information about Domain Renewals, review the Domain
Registration Agreement here.

IMPORTANT:The registry will hold the name in a Redemption Period for
30 days. During this time, the domain name will be removed from the
zone files (the list of domains currently in the global
DNS); therefore, any web site or email services associated with the
domain name will stop working. The original domain registrant may
retrieve the domain name from deletion during this period for a
fee of $80. Thanks for choosing a .ca domain name!

CIRA.CA (Canadian Internet Registration Authority)


Have more questions? Submit a request


  • 0
    Greg Jewell

    Just got this email even though I have never opened a help ticket;

    When replying, please ensure your reply is above this line

    | Customer Service is available from 8am - 8pm (EST) Mon-Fri No-hold toll free: 1.866.731.6556 email:



    We've received your help request. Your reference number is #598701.

    To add additional comments, you can simply reply to this email or view the request online.


    More helpful links:    Blog   |   Help & Forums   |   Twitter    |   Facebook

    You have been sent this message because you recently opened a help request with Hover.



    Mesage details;

    Return-Path: Delivered-To: X-FDA: 66753046122.01 X-Panda: scanned! X-Filterd-Recvd-Size: 6020 Received: from ( [])  by (Postfix) with ESMTP  for <>; Wed, 10 Oct 2012 15:29:20 +0000 (UTC) Received: from ([]:59462  by with esmtp (Exim 4.69)  (envelope-from <>)  id 1TLyDo-00057N-Fr  for; Wed, 10 Oct 2012 15:29:20 +0000 Date: Wed, 10 Oct 2012 15:29:20 +0000 From: Hover Help Center <> Reply-To: Hover Help Center <> To: Greg <> Message-Id: <> In-Reply-To: <> Subject: Request received: Send function on your email@domain.tld email has been temporarily suspended (ticket #598701) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=mimepart_5075945073e1b_9c11cb2a7c6137272 X-Delivery-Context: event-id-8126553673 X-Mailer: Zendesk Mailer Auto-Submitted: auto-generated


  • 0
    Courtney Mathieson

    Hi Laura,

    Thanks for reaching out to us about this.

    Yes, this email is actually part of a known scam that is currently making the rounds.

    They seem to be using a stolen list of emails and password which may have come from another service you used in the past. Typically, this is a retail company log in that happened to use this email address and the same password (So it is possible it is linked to the service you mentioned, Ancestry). Here is more on this scam making the news:

    But to be extra diligent, we do recommend that you set a new stronger password for any accounts you have used that email/password combination for. I know you mentioned that you believe it was only the one, but if any other accounts use a similar password, I would reset those as well to err on the side of caution. 

    Also, do not respond to the email at all. Please use the Mark as Spam option as this helps to report the email address it was sent from to their service, which in turn will help cut down on these emails circulating in general. After this has been marked as spam you can then delete the email.

    I hope this helps, but please feel free to let us know if anything else should come up.


  • 0
    Tyson Acker

    Hi Greg - that's not a scam email.  We opened the support request to let you know about an issue with email sent using your account credentials. Please give us a call or send us an email from another account so we can elaborate on the details.

  • 0
    Rex Espiritu

    Dear Hover Customer,


    We are writing to let you know that we reset your password today. If you are unable to log into your Hover account, you will need to use the “I forgot my password” option on the  sign in page to change your password.


    We did this as a precautionary measure because there appears to have been a brief period of time when unauthorized access to one of our systems could have occurred. We have no evidence at all that any Hover accounts have been accessed, but even the possibility that this could have happened moved us to err on the side of extreme caution.


    We apologize for the inconvenience.




    The Hover Team

  • 0
    Stuart Allen

    I got this email.  I'm not sure whether it's a phishing email.  I tried resetting my password but the "new" password doesn't work and my "old" password does. Can you help me make sure my account is secure?  Thank you, Stuart Allen


  • 0
    Darr Hoag

    I got the same email... I didn't follow any of the links in it because when I examined the underlying links, none pointed to per se.

    As you can see for yourself if you 'float' your cursor over the links in the email above, the 'View Online' link actually points to  (, not


    The "" link actually points to (, not

    BIG WARNING FLAG - there is no good reason for ANY reputable website to disguise a link to their own main domain with a link to some other site.


    The 'unsubscribe from this list' link points to (again -, not


    The 'Update subscription preferences'' link (, not

    Conclusion - fake/scam email.

    If you followed any links in that email or used any links in it to change your password, you should manually enter in your browser's address bar, log in, and change your password to something secure. e.g. 8 characters or more consisting of mixed case alpha, plus numbers, plus special characters like !@#$%^&()-_+=[]{}<>



    Though that's not really a "secure password"  - a secure password should not be derived from dictionary words, even with '1337/h4x0r' (elite/hacker speak) spelling substitutions (though some would argue 5 or more dictionary words strung together magically makes it secure).

    note: I'm just a peon renter of email addresses from Hover/Tucows, and do not intend this message to imply that I'm somehow otherwise connected to nor represent Hover.

  • 0
    Rachel Fitzmaurice

    Hi Rex, Stuart and Darr, 

    I edited the above posts to remove sensitive personal information as this is a public Forum.

    The email you guys are referring to did actually come Hover, despite the links not going directly to Hover. On August 4, 2015, as the email says, we did this as we were erring on the side of extreme caution when an unrelated system may have had unauthorized access. No Hover accounts were accessed but you will still need to reset your passwords. If you would like to read more about it check out the Incident Report here.


  • 0
    Laura Gilchrist

    Here's an e-mail I received on Tuesday this week (25/09/18). They have given the correct password (redacted) for an account with my hover e-mail address, so I am sure this is as a result of the hacking... it won't be for the reason they've suggested! I don't use the password they've given on any other websites.

    I'm a member of an international hacker group.

    As you could probably have guessed, your account was hacked, I sent message you from it.

    Now I have access to you accounts! You still do not believe it? 
    So, this is your password: xxxxxxxxx, right? 

    Within a period from July 5, 2018 to September 21, 2018, you were infected by the virus we've created, through an adult website you've visited.
    So far, we have access to your messages, social media accounts, and messengers.
    Moreover, we've gotten full damps of these data.

    We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

    But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
    I think you are not interested show this video to your friends, relatives, and your intimate one...

    Transfer $700 to our Bitcoin wallet: 1DzM9y4fRgWqpZZCsvf5Rx4HupbE5Q5r4y
    I guarantee that after that, we'll erase all your "data" :D

    A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

    Your data will be erased once the money are transferred.
    If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

    You should always think about your security. We hope this case will teach you to keep secrets.
    Take care of yourself.

  • 0
    Rhonda McReynolds

    Received following today -

    | Subject:
    | From:
    | Sent:
    | Jul 19, 2012 07:31:26 AM
    | To:
    | undisclosed-recipients:;
    | Reply-To:

    Dear: Webmail Member,

    As part of our continuous effort in providing a higher level of service,we are notifying every Webmail account owners about the congestion due to the anonymous registration of accounts. To solve this problem, we are shutting down some unused accounts within 24 hours.

    To avoid shutting down your account, verify and inform us if you still want to use the account by completing the form with the required information and you must reply to this email immediately, and provide the following details of your account:



    Email Username : ......... .....

    EMAIL Password : ...............

    Date of Birth : ................

    Country or Territory : .........


    Violating any Webmail policy or guideline.

    You are responsible for any misuse of our services that occurs through your account.

    For Help and Support, contact the Technical Support help desk at:

    After following the instructions in the above, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences we may cause you.

    Warning! Account owners that refuses to update his or her account after 5 working days of receiving this warning will lose his or her account permanently.

Please sign in to leave a comment.
Powered by Zendesk