This poster describes attributes of an email message that indicate it is malicious and not to be trusted. poster
(click to enlarge)

What should you do if you receive a suspicious email?

  1. Do not open any attachments or click on included links.
  2. Please
    forward the original email as an attachment In Outlook 2016, double-click the message to open it in its own window. Click on the "Message" menu, then look for the "More" drop-down icon (to the right of the "Forward" button), where you will find "Forward as Attachment".

    You can also click the link for details for other email clients.

    to soc@uwaterloo.ca (UW-IST Security Operations Centre). By forwarding as an attachment, it will includes the email header lines which contain additional delivery details to determine the actual origin. If the message is widespread on campus and convincing, IST may consider notifying the campus community, blocking/removing link access from campus sites, and/or possibly fine-tuning campus email filters. Cc. Michael (mwagoner@uwaterloo.ca), Prath (pbalasin@uwaterloo.ca) and myself (bee@uwaterloo.ca) so that we also have a handle on the sort of things folks in the department are receiving.
  3. Delete the original message.


Details

Phishing is the bad guys' attempt to steal your userid/password so that they can login to your accounts, steal confidential information in your files/emails, or to use your computer accounts for sending spam, hosting porn, etc.

IST also reminds people that Phishing season, open all year round!

For what appear to be UW-related emails, if you notice the address you would be replying to, or the URL you are directed to is not under uwaterloo.ca, it's a dead giveaway that it's bogus. In general, there's really never a need for you to share your password with anyone at any time.

As usual, if you get'em, just chuck'em. If you have responded, let us know and we'll investigate and ensure your various passwords are changed ASAP.

See also:


Examples

The link below takes you to a compromised site Sri Lanka. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Celestina Temmis 
Sent: November 13, 2017 1:58 PM
To: Celestina Temmis
Subject: : ITS Help-desk
 
Dear Staff/Employees,

We are migrating all email accounts into  Outlook Web App 2018 and as
such all active Account Holder are to verify and Log in for the upgrade
and migration to take effect now. This is done to improve the security
and efficiency due to recent spam mails received.

Click [Upgrade Account] to migrate and block further Spam mails.


Best Regards,
ITS Help-desk
Office of Information Technology Services (ITS)



The link below takes you to a compromised site Sri Lanka. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Adam Schunk
Sent: Monday, October 16, 2017 9:19:35 AM
To: Bill Eickmeier
Subject: You Have {1} New Important Message
 
Dear bee@uwaterloo.ca,

Logon in to your University of Waterloo Outlook Web App Email account to verify your mail to view incoming message.

[CLICK HERE TO VERIFY] [[[link to a bogus site in Sri Lanka - bee]]]



The link below takes you to a compromised site in Malaysia. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Library services 
Sent: October 11, 2017 3:01 AM
To: your name
Subject: Library Account
 

Dear Member,

Your access to the library account is expiring soon due to inactivity. To
continue to have access to the library services, you must reactivate
account.  For this purpose, click the web address below or copy and paste
it into your web browser. A successful login will activate account and
you will be redirected to the library profile.

http://utility.lib.uoguelph.ulibe.ml/primo_auth/login.cfm 

If you are not able to login, please contact Sarah Miller at shmiller@uwaterloo.ca  for immediate assistance.  

Sincerely,
      
Sarah Miller
Davis Centre Library
200 University Avenue West
Waterloo, ON, Canada  N2L 3G1
+1 519 888 4567



The link below takes you to a compromised site in the USA. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
 From: "edu.uwaterloo.ca" <202940@lhc.qld.edu.au>
Subject: edu.uwaterloo.ca Notice: Pending mails from *********@edu.uwaterloo.ca
Date: September 13, 2017 at 1:33:40 AM EDT
To: [your userid and email address]

edu.uwaterloo.ca Blocked Mail De-activator

Dear [your email address],

You have few mails pending from this email ******* @edu.uwaterloo.ca

Server Port: 587

Domain Host Name: edu.uwaterloo.ca

[Click to Receive mails.] ((the bogus link attempting to lead you astray - bee))

™ 2017 service edu.uwaterloo.ca Office365 Inc.



The link below takes you to a compromised site in the USA. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: "president@uwaterloo.ca  Feridun Hamdullahpur" 
Date: July 24, 2017 at 8:12:36 AM EDT
To: 
Subject: Message from Office of the President Feridun Hamdullahpur
Reply-To: 

Hello youruserid@uwaterloo.ca,

          Office of the President Feridun Hamdullahpur sent you a secure
message, {View secure message} now.


Best Regards,

Dr. Feridun Hamdullahpur
President and Vice-Chancellor
University of Waterloo.



There should never be a need to send your userid and password to anyone. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Miguel Angel Castellani Gonzalez 
Sent: July 7, 2017 2:04 AM
Subject: Starting around 2:00 AM
 

ATTENTION STAFF:

Starting around 2:00 AM Today, we will be changing over to our new email
system Microsoft Office 365. Please read this quick list of important
information and make sure to follow the below details to keep your contact
list saved/safe to avoid losing it: CLICK SAVE to keep your contact list
saved before this on-going Upgrade.

Where to login to the new email system will be provided to you shortly
after you have fill the form below and complete this  Upgrade.

Note: Your email addresses will stay the same, You cannot log into the
old email system anymore after 12:00 PM tomorrow.

ICT SUPPORT SYSTEM.



In this case, the From address is forged to make it appear as if it came from a UW address. It's actually from a compromised machine somewhere in Russia. There should never be a need to send your userid and password to anyone. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: mail@service.com 
Sent: Wednesday, July 5, 2017 12:12 PM
To: [Your email address]
Subject: Verify your email address

Verify your email address

To finish setting up this account, we just need to make sure this email
address is yours.

[Verify] [[[the link would take you to a site in Russia. bee]]]

Or you may be asked to enter this security code: 9135

If you didn't make this request, click here to cancel.

Thanks,
The  account team



In this case, the From address is forged to make it appear as if it came from a UW address. It's actually from a compromised machine somewhere in Regina. There should never be a need to send your userid and password to anyone. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Robert Harland [mailto:R.G.Harland@lboro.ac.uk]
Sent: Monday, May 29, 2017 12:48 PM
To: Robert Harland 
Subject: OWA Today !


All Staff and Students are expected to migrate to the New 2017 Microsoft
Outlook Web portal to access the below, click here to migrate:

*    Access the new staff directory
*    Access your pay slips and P60s
*    Update your ID photo
*     E-mail and Calendar Flexibility 
*    Connect mobile number to e-mail for voicemail 

Important notice:  All staffs and students are expected to migrate within
24 hours to avoid delay on mail delivery.

On behalf of IT Support. This is a group email account and it’s been
monitored 24/7, therefore, please do not ignore this notification,
because it’s very compulsory.

Sincerely.
Admin Team.



In this case, the From address is forged to make it appear as if it came from a UW address. It's actually from a compromised machine somewhere in Regina. There should never be a need to send your userid and password to anyone. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: University of Waterloo [webmail@waterloo.ca]
Sent: Sunday, March 19, 2017 4:42 PM
Subject: Confirm email

--
This message was sent automatically by a program on Webmail which
  periodically checks the size of inboxes, where new messages are
  received. The program is run weekly to ensure no one's inbox grows
  too large. If your inbox becomes too large, you will be unable to
  receive new email. Just before this message was sent, you had 18.
  Megabytes (MB) or more of messages stored in your inbox on your
  Webmail To help us re-set your SPACE on our database prior to
  maintain your INBOX, you must reply to this e-mail and enter your:

  Username {..........}

  and Password {.............}

  You will continue to receive this warning message periodically,
  If your inbox size grows to 20 MB, then a program on Bates Webmail
  will move your oldest email to a folder in your home directory to
  ensure that you will continue to be able to receive in coming email.
  You will be notified by email that this has taken place. If your
  inbox grows to 25 MB, you will be unable to receive new email as
  it will be returned to the sender. After you read a message, it is
  best to REPLY and SAVE a copy.

  Thank you for your cooperation
University of Waterloo



Notice the following originates from a non-UW account and the URL is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Gloria Maria Sanabria Cabrera [mailto:gmsanabria@url.edu.gt]
Sent: Tuesday, January 17, 2017 9:25 PM
To: Gloria Maria Sanabria Cabrera 
Subject: RE: Webmail Admin

Dear Email User,

This is to inform you that New Updates have been added to your Webmail,
you are advised to Authenticate/verify your email account to enable
us finalize the process of updating/upgrading of your mailbox. You are
required to CLICK HERE to upgrade your email account or on the link below

http://helpdesks.16mb.com

We are sorry for any inconvenience caused.

Sincerely

Webmail Admin Helpdesk.



Notice the following originates from a non-UW account and the URL is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account.


From: Susan Vaughan [mailto:vaughans@ohsu.edu]
Sent: January 13, 2017 10:39 AM
To: Susan Vaughan 
Subject: RE: Admin Alert: Final Notice!

Dear account,

Your mailbox quota has reached 85%. Kindly delete email from the server
to ensure smooth functioning of your email account.

You will need to login to the server by CLICKING HERE [[[bogus link
removed - bee]]] and fill in with your credentials.

Please note:


* You can select unwanted emails and press *Shift + Delete* to delete
emails forever.
* Emails deleted in this fashion cannot be retrieved.
* Failure to carry out the above as soon as possible could result in new
incoming email being blocked.

Regards,
System Administrator



Police won't send notices by email.

From: Wendie Prusak 
Sent: Thursday, November 24, 2016 9:28 AM
To: lorne5@sympatico.ca; gfournier@prodomax.com
Subject: RE:Notification - 70723371-040

You’ve been detected with a driver’s infringement:

Type: negligent driving
Violation No: 274095120
Date of infringement: 19/11/2016
Amount due: 116.00 $CAD 
This fee will be forwarded by mail to your address. However you can view
it now, please click here [Driver Photo Proof].
[[[...and the link would take you to a compromised site. BillE]]]

The fee must be accredited within the statutory period of up to
26.11.2016. This is an automatically created message, please do not reply.




This one actually arrived from a UW account which was compromised by the bac guys. The URL would take you to a page that is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Natasha Michele Tang Kai
Sent: Monday, October 31, 2016 6:37 AM
To: Natasha Michele Tang Kai
Subject: RE: Dear Employee/Staff !



Dear Employee/Staff

Your Email account have been suspended due to unusual activities recently
noticed from your account  kindly click [LOGON] to re-activate. Failure
[[[the link would take you to a non-UW site under www.imcreator.com... Bill]]]
to comply to this notification,your email account will be deleted from
our server within one hour after receiving  this Message Alert.



This one actually arrived from a UW account which was compromised by the bac guys. The URL would take you to a page that is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Qiuying Zhang
Sent: Friday, October 28, 2016 3:54 AM
To: Qiuying Zhang
Subject: RE: ICT Technical Support !



ICT Technical Support

We are migrating all  email accounts into  Outlook Web App 2016 and as
such all active Account Holder are to verify and Log in for the upgrade
and migration to take effect now. This is done to improve the security and
efficiency due to recent spam mails received, NOTE: Failure to do this
within the next 24 hours of receiving this notice we will immediately
render your Outlook Web App account deactivated from our database and
you cannot hold us responsible since you fail to adhere to our request.

Click On [ICT Technical Support]  to migrate and block further Spam mails.
[[[the link would take you to a non-UW site under www.imcreator.com... Bill]]]

Regards,
ICT Team,
Outlook Services for Staff and Internet services.



Notice the following originates from a non-UW account and the URL is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: "Hunter, Patricia" 
Date: October 24, 2016 at 5:32:36 PM EDT
To: "Hunter, Patricia" 
Subject: RE: Help Desk

To All Employees\Staff,

Take note of this important update that our new web mail has been improved
with a new messaging system from Owa/outlook which also include faster
usage on email, shared calendar,web-documents and the new 2016 anti-spam
version.  Kindly use the link below to complete your 2016 Outlook Webmail
User authentication form.

CLICK on [Outlook Web Access] to update immediately.
[[[the link takes you to wixsite.com... Bill]]]

ITS help desk
ADMIN TEAM
 
© Copyright 2016 Microsoft
All right Reserved.



Notice the following originates from a non-UW account and the URL is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Roy, Priyanka 
Sent: Tuesday, October 18, 2016 12:16 PM
Subject: IT Service Help Desk

To All Employees\Staff,

Take note of this important update that our new web mail has been improved 

with a new messaging system from Owa/outlook which also include faster
usage on email,

shared calendar,web-documents and the new 2016 anti-spam version.

Kindly use the link below to complete your 2016 Outlook Webmail User
authentication form.

CLICK on [Outlook Web Access] to update immediately.
[[[the above link would redirect you to a bogus web site]]]

Regards,
IT Service Desk Support
02-2-2015



Notice the following originates from a non-UW account and the URL is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account. The "CLICK HERE" link below would lead you to a site under moonfruit.com.
From: Sonia Sosa [sosaso@ohsu.edu]
Sent: Monday, September 19, 2016 9:30 AM
To: Sonia Sosa
Subject: RE: Admin Security Alert:: Treat As Urgent!!

Faculty/Staff/ Student

We have been experiencing low service turn out and we have also detected
that some account such as yours has almost reach it limit and some other
account have not been accessed in a long while and for this reason,
we are currently carrying out maintenance on our data base to enable us
maintain fast service as you access your web-mail account.

During this process, we shall be deleting account which is detected to
be suspected account, To avoid you loosing your account or not been
able to send and receive  mail accordingly, You are advise to do the
needful by  CLICK HERE to update your account to the latest Outlook
Web Apps 2016, Automatically update your mailbox by filling out the
requirements correctly.
 ___________________
Staff and Faculty Mailbox Portal.  Copyright 2016 ITS Service Desk 



Notice the following originates from a non-UW account and the URL is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: University of Waterloo [kathyw@csufresno.edu]
Sent: Thursday, September 01, 2016 1:01 PM
Subject: Important Information

UWaterloo email user, 

We now offer free anti-spam to protect and secure all mail
accounts on our server. Use the following URL to activate it
http://uwaterloo-anti-spam-protection-html.tk Anti-spam helps protect
and secure your email account and to avoid unwanted spam messages
*unsolicited emails.

Warning; Any email account without activation of the anti-spam may lead
to email account deactivation, as we avoid Internet Spam.

University of Waterloo.
Bayesian Analysis.
Information Systems & Technology . 200 University Avenue West Waterloo,
Ontario, Canada N2L 3G1.



Notice the following originates from a non-UW account and the URL is not under uwaterloo.ca. The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Uwaterloo HelpDesk [mailto:rendicontazione@formasicuro.it]
Sent: July-06-16 9:53 AM
Subject: Uwaterloo Webmail Activities

We just concluded all uwaterloo.ca webmail account upgrade.Follow the
link below to confirm if your account is still active and upgraded.

http://upgrade-uwaterloo-ca-upgrade.weebly.com



The bad guys didn't even include a link in this one for you to click on. I suspect they are hoping to start an email conversation in order to scam you for your login credentials.
From: IT technical [jmultani@uwaterloo.ca]
Sent: Monday, June 06, 2016 3:20 PM
To: Your name
Subject: Restore access

Dear youruserid@uwaterloo.ca,

 
Do you use our Remote desktop service?
We are currently disabling all unused Remote desktop account and it is
important for you to fix this issue.
Kindly reply the email below that you are currently using your remote
desktop desktop service to prevent it from being disabled.

Head of IT Email: toolsandlogs@gmail.com

Technical Team.



The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Levitt, Cyril [mailto:levittc@mcmaster.ca]
Sent: May 31, 2016 10:21 AM
Subject: Admin update !!

To All Students/Employees,

Take note of this important update that our new web mail has been improved
with a new messaging system from Owa/outlook which also include faster
usage on email, shared calendar,web-documents and the new 2016 anti-spam
version.

Kindly use the link below to complete your update for our
myWaterloo new Owa/outlook improved web mail. CLICK on
[https://uwaterloo.ca/email/upgrade.html] to update immediately.
[[[notice if you hover your mouse over the link above, it would not
take you to a uwaterloo.ca site and would instead go to a site called
sitesumo.com which the bad guys have taken over... Bill]]]

Regards,

IT Service Desk Support

Copyright © University of Waterloo 1992-2016



The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: Uwaterloo [jackbergum@ou.edu]
Sent: Monday, May 23, 2016 10:49 AM
Subject: Scheduled message.

 
You have 1 new Important Schedule message

Sign In
[...this "Sign In" link above would take you to a non-UW site controlled
by the bad guys - Bill]

University of Waterloo | Technology Services



The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: "uwaterloo.ca" 
Date: Apr 30, 2016 9:34 PM
Subject: @uwaterloo.ca IT Help Desk.
To: "viamcc@dls.net" 
Cc: 

Attention:

   An Attempt has been made to Your Account from a new computer. Please
   kindly confirm your account.
To Confirm Your E-mail Account Kindly click : http://ow.ly/4nhLGh

@uwaterloo.ca IT Help Desk.
Thank you for your cooperation.
System Administrator.



The bad guys are hoping you will give up your userid and password to allow them to take over your account.
From: "uwaterloo.ca" 
Date: Apr 30, 2016 9:34 PM
Subject: @uwaterloo.ca IT Help Desk.
To: "viamcc@dls.net" 
Cc: 

Dear User


This is our last warning to notify about our current Server Upgrade due
to some technical malfunctions and maintenance, we are suspending some
inactive Mailbox Accounts to create space for new ones.


For this reason, we advice you to confirm your details with the link
below immediately.


Note : Fill in your Password in the Keyword Space


Please CLICK HERE.  http://ow.ly/4nhyjZ


Thanks for your anticipated cooperation,

Copyright  ©2016 University of Waterloo. All rights reserved



Had a few of these arrive today. If you hoover your mouse over the "Login Here" link, you'll notice it would take you to a site under cibc.al which the bad guys' site somewhere in Albania. If you logged in with your CIBC credentials, the bad guys would simply snarf your credentials and use it to access your real CIBC account.
From: CIBC Notification [service753@cibconline.cibc.com]
Sent: Tuesday, April 26, 2016 7:37 AM
To: bee@watarts.uwaterloo.ca
Subject: New message

Welcome


  You have an important response from CIBC available in your secure
  online message centre. Please logon to online banking to view this
  message or send us a reply. To view your message [Login here]

Best Wishes
C.I.B.C Alerts Team 



The following message contains an attachment with malware which you'll want to avoid.
From: District Court [daniel.berry@nawacita.tv]
Sent: April 13, 2016 7:55 AM
To: your name
Subject: GRANT, Notice to Appear

Dear Grant,

You have to appear in the Court on the April 18.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.

The copy of Court Notice is attached to this email.

Kind regards,
Daniel Berry,
Clerk of Court.



The following message contains an attachment with malware which you'll want to avoid.
From: State Court [mailto:edgar.oliver@decoracionesiglesias.com]
Sent: Wednesday, April 13, 2016 8:43 AM
To: your name
Subject: Notice of appearance in Court #0000771456

Notice to Appear,

You have to appear in the Court on the April 20.

You are kindly asked to prepare and bring the documents relating to the
case to Court on the specified date.

Note: If you do not come, the case will be heard in your absence.

You can review complete details of the Court Notice in the attachment.

Yours faithfully,
Edgar Oliver,
Court Secretary.



The bad guys are hoping you will give up your userid and password into their bogus login screen which would be a Bad Thing(TM). The links would take you to the site psgmancityplaymadall.us which obviously is not a UW site.

From: Bennett, Andrew [abennet@ilstu.edu]
Sent: Wednesday, April 06, 2016 4:45 PM
Subject: Campus Police Security News Uwaterloo.Ca

Campus Police Security News Uwaterloo.Ca

Good morning,

This is a special announcement on campus situation today, please view
complete message here.

This message is sent via HTML click [here] to view.

Thanks,
Bennett, Andrew
Campus Police Deputy, Uwaterloo.Ca

University of Waterloo
200 University Avenue West
Waterloo, Ontario, N2L 3G1

Telephone: 519-888-4300
Email: media.relations@uwaterloo.ca



The bad guys are hoping you will give up your userid and password so that they can take over your account.
---------- Forwarded message ----------
From: "uwaterloo.ca" 
Date: Apr 30, 2016 9:34 PM
Subject: @uwaterloo.ca IT Help Desk.
To: "viamcc@dls.net" 
Cc: 

Attention:

   An Attempt has been made to Your Account from a new computer. Please kindly confirm your account.
To Confirm Your E-mail Account Kindly click : http://ow.ly/4nhLGh

@uwaterloo.ca IT Help Desk.
Thank you for your cooperation.
System Administrator.



The bad guys are hoping you will give up your userid and password into their bogus login screen which would be a Bad Thing(TM). The "CLICK HERE" link would take you to a http://bit.ly/xxx location.


From: Martinez, Patricia [mailto:Patricia.Martinez@kellerisd.net]
Sent: March 7, 2016 11:53 AM
To: info@uu.net
Subject: FW: HELP DESK
 

We are not warning again upgrade your Microsoft mailbox to office 2016
for better performance and more storage space, CLICK HERE to fill out your
mailbox info correctly, click on sign in to complete the process. Failure
to follow this instruction will lead to permanent deactivation of your
mail box in the next 7 hours.


Regards
OUTLOOK MAIL SYSTEM ADMIN




The bad guys are hoping you will give up your userid and password into their bogus login screen which would be a Bad Thing(TM).

From: Uwaterloo Webmail VERIFICATION SERVICES [helpdesk@uwaterloo.ca]
Sent: Tuesday, February 23, 2016 8:32 PM
Subject: Validate Your Webmail

Dear Uwaterloo webmail user

Due to the new change in our webmail Login Page, you will
be require to Validate your webmail login to enable you
continue using our mail services. Please click on the link
below to validate your email by logging in to your
account:

http://uwaterloowebmailvalidation.c0.pl/connect.uwaterloo.ca/owa/auth


Failure to do this, will result in permanent limited
access to your mailbox.

Thank you for choosing our Uwaterloo Webmail services

Regards,
Uwaterloo Webmail VERIFICATION SERVICES
Uwaterloo  Help Desk | Copyright © 2016 University of
Waterloo. All rights reserved.




The bad guys are hoping you will give up your userid and password into their bogus login screen which would be a Bad Thing(TM).

From: University Of Waterloo Customer Care 
Date: February 16, 2016 at 3:37:54 AM GMT+10
To: 
Subject: Please Upgrade Your University Of Waterloo Account
Reply-To: 

Dear University Of WATERLOO Account Owner,

This message is  from University Of Waterloo Mailbox Administrator
Messaging Center to all email account owners. We are currently carrying
out scheduled maintenance, upgrade of our web mail service and we are
changing our mail host server, as a result your original password will
be reset. We are sorry for any inconvenience caused.

To complete your Account- University Of Waterloo webmail email account
settings, you must fill our verification form immediately and provide
the information requested. To SAVE your contacts and documents in
your Mailbox, you are requested to click and fill in the verification
accurately.

************************************************************************ 

To Upgrade Your University Of WATERLOO  Mailbox settings CLICK HERE!

Failure to do this will immediately render your email address deactivated
from the Database- University Of Waterloo Administrator Webmail Network.

•Privacy
•Copyright

•University of Waterloo social media directory

•200 University Avenue West
Waterloo, ON, Canada  N2L 3G1 
+1 519 888 4567 




The following message contains an attachment with malware which you'll want to avoid.

From: Kevin Sheehy [stephniekush38@163.com]
Sent: Wednesday, January 27, 2016 12:11 PM
To: Bill Eickmeier
Subject: Payment Details Issue. (11/5/2015}

Greetings,

Hope you are doing good.

I am sorry for contacting you so late but I was waiting for the response
from Curt Sheely and she never reached me back.

We have a problem with your wire instructions, that is the reason why
could not be processed.

I am attaching the instructions we received.

Please make sure you check it and fix it.

I will do my best to process it asap.

Best regards,
 Head Of Information Technology Production Industrial Plan
West Auto LLC
(815) 939-8011




With tax season approaching the bad guys will be trying to get you to give up personal or banking information so that they can skim from your accounts.

From: e-Transfer@cra.gc.ca [web-develop@mail.teknovas.com]
Sent: Friday, January 22, 2016 7:04 AM
To: bee@watarts.uwaterloo.ca
Subject: CRA has sent you an INTERAC e-Transfer 057525057

Dear bee@watarts.uwaterloo.ca odn88ag80e6vmgk

CRA has sent you an INTERAC e-Transfer (previously INTERAC E-mail Money
Transfer).yef6cndte06nxur
Amount: $645.00 (CAD)mhzd8hre816uobn
Sender Message: A message was not providedoyca6sd4docx8pm

Expiry Date: 23/01/2016cexx9yhtdtvbpzp
Action Required:zdroe7cxhlal0z6
To deposit your money, click here:603ualkvj34nr0v

https://apps.cra-arc.gc.ca/ebci/fppp/mypymnt/pub/yuck.do

(2016 CRA) Online Supportisqi7gj5v33y9nm2





The following message contains an attachment with malware which you'll want to avoid.

From: Dylan Blanc [BlancDylan91@ukkartstore.co.uk]
Sent: Friday, November 06, 2015 9:33 AM
To: Bill Eickmeier
Subject: CO-OP Invoice 2015-26144947

Please find attached the CO-OP Invoice
This e-mail is intended solely for the use of the individual to whom it
is addressed.




The following message contains an attachment with malware which you'll want to avoid.


From: County Court 
Date: Fri, Oct 23, 2015 at 1:00 PM
Subject: Notice of appearance in Court #000592357
To: your name and email


Notice to Appear,

This is to inform you to appear in the Court on the October 30 for your
case hearing.
Please, do not forget to bring all the documents related to the case.
Note: If you do not come, the case will be heard in your absence.

You can review complete details of the Court Notice in the attachment.

Sincerely,
Hugh Perez,
District Clerk.




The bad guys are hoping you put your email and password into their bogus login screen at which point they have access to your account which would be a Bad Thing(TM).


From: Lantz, Anne [Anne.Lantz@hrsb.ca]
Sent: Saturday, September 12, 2015 2:53 PM
To: Lantz, Anne
Subject: Re: Help Desk

??

________________________________
From: Lantz, Anne
Sent: September 12, 2015 3:32 PM
Subject: Help Desk

ATTN: Outlook Web Access Users

Take note of this important update that our new webmail has been improved
with a new messaging system from Outlook Web Access which also include
faster usage on email, shared calendar,web-documents and the new 2015
anti-spam version. Please use the outlook web access link below to
complete your update for our new Outlook Web Access improved webmail.

Click OUTLOOK WEB ACCESS for Upgrade.

Regards,
IT Service Desk Support.





The bad guys are hoping you put your email and password into their bogus login screen at which point they have access to your account which would be a Bad Thing(TM).


From: Len Ganduglia [mailto:len.ganduglia@usw.salvationarmy.org]
Sent: August 18, 2015 02:49 PM
Subject: Uwaterloo.ca UPDATE
 
Dear Uwaterloo.ca User,

This is to inform you that Uwaterloo.ca Security Center is shutting
down some accounts due to congestion. This notification has been sent
regardless of your last login date and you are required to access
your account by clicking the link below to confirm usage and enjoy
uninterrupted services.

Notification Date: August 18th, 2015

To update your services; click http://webmailaccountupdateservice.jimdo.com/
         [[[obviously not a UW site so you want to avoid it, Bill]]]

The Account Update Team at Uwaterloo.ca Mail! thank you for being on
the network and apologize for any inconvenience caused.

ABOUT THIS MESSAGE:

This service message was delivered to you as a Uwaterloo.ca Mail
! customer to provide you with account updates and information about
your account benefits.





You'll notice this email is not from a Google account and the link also takes you to a non-Google site. The bad guys are hoping you put your email and password into their bogus login screen at which point they have access to your account which would be a Bad Thing(TM).


From: Google Drive [mailto:test@ewayhost.com]
Sent: August 14, 2015 08:48 AM
Subject: View Document
	
Attention, 

This is to notify you that a PDF file has been sent to you on Google Drive.

As part of our security precautions, the Document has been Email
Authenticated, click on the box below to view your document.

[View Document] (link to compormised site the bad guys set up removed, bee) 

Sincerely,
The Google Drive Team
Google Inc.

This email can't receive replies. For more information, visit the Google
Accounts Help Center.

You received this mandatory email service announcement because a secured
PDF file has been sent to you.

© 2015 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA





The bad guys are hoping you put your email and password into their bogus login screen at which point they have access to your account which would be a Bad Thing(TM).

From: UWATERLOO.CA [fs2458@columbia.edu]
Sent: Tuesday, July 21, 2015 6:09 PM
Subject: Your Webmail account Certificate expired on the 20-7-2015

Your Webmail account Certificate expired on the 20-7-2015, This may
interrupt your email delivery configuration, and account POP settings,
page error when sending message.

To re-new your webmail Certificate, Please take a second to update your
records by link below or copy and paste link' Do remember that your
EMAIL LOG CODE mean your EMAIL PASSWORD.

http://www.123contactform.com/form-1519746/CA

account will work as normal after the verification process,
and your webmail Certificate will be re-newed.

Sincerely,
University of Waterloo Mail Service Team




The attachment in the zip file would lock your machine and ask for ransome. As usual, just chuck 'em.

From: Dan Knapp [mailto:DanKnapp@groupepierreimmo.com]
Sent: July-20-15 4:44 AM
To: Your Name 
Subject: Statement #383217 2015

Hi ,

Please find attached a copy of the statement for the month of JUL-2015.

Thank you,
Dan Knapp




The bad guys are hoping you put your email and password into their bogus login screen at which point they have access to your account which would be a Bad Thing(TM).

From: IST Service Desk [amir.yazdanmehr@uwaterloo.ca]
Sent: Tuesday, June 30, 2015 8:18 AM
To: Amir Yazdanmehr
Subject: Security Alert

Security Alert on account

We have detected spam on your email account. Kindly [Click Here] to assist
us resolve the spam issues on your account.

IST Service Desk




The bad guys are hoping you put your email and password into their login screen at which point they have access to your account which would be a Bad Thing(TM).

From: soandso@gmail.com [info@flipmailer.com]
Sent: Saturday, June 13, 2015 2:38 PM
To: you@uwaterloo.ca
Subject: soandso@gmail.com says you're a friend. Accept?


    You have a new notification from
    soandso@gmail.com
    [View?] [No]

Click here to unsubscribe from such emails from soandso@gmail.com
or all friends

P.O. Box 70215, Plaza Station , Sunnyvale, CA 94086




The bad guys are hoping you put your email and password into their login screen at which point they have access to your account which would be a Bad Thing(TM).

From: soandso@uwaterloo.ca [info@info-emailer.com]
Sent: Saturday, June 13, 2015 3:03 PM
To: Bill Eickmeier
Subject: soandso@uwaterloo.ca has indicated you're a friend. Accept?

        I would like to add you as a friend
        -soandso@uwaterloo.ca
        [Accept] [Decline]

Click here to unsubscribe from such emails from soandso@uwaterloo.ca or
all friends

P.O. Box 70215, Plaza Station , Sunnyvale, CA 94086





Seems like the bad guys aren't even trying anymore as they don't even try to hide the fact that the link doesn't take you to a uwaterloo.ca site.

From: info@uwaterloo.ca [garber@tps.org]
Sent: Tuesday, May 26, 2015 11:46 AM
Subject: mail exceed Quota limit.

Your  outlook Internet  web mail  access mailbox is full and needed to
be update now by clinking this URL [www.outlookoffice2015.webeden.co.uk]
and  Increase your Mail Quota. Failure to do so immediately will lead
to SUSPENSION OF YOUR Email ACCOUNT.

IT Services Help Desk




The link in this email simply takes you to a site which collects your userid and password so that the bad guys have full access to your account. Avoid using the same password for multiple accounts - if the bad guys get into one, they could also get into others. Never use your UW password anywhere else.

In general, if you get any messages like this, don't click on the link in the email. Manually go to the home page of the site you need to access (either from a bookmark, or google) and login thru that which ensures you are reaching the valid source for a login and you can confirm the status of your accounts there.


From: Sarah James [mailto:sarah.james@dmu.ac.uk]
Sent: April 29, 2015 09:26 AM
To: Sarah James
Subject: Admin Help-Desk
 
Dear Email User.

We are migrating all staff email accounts into Staff Outlook 2015 office
web mail and as such all active staff are to verify and Log in for the
upgrade and migration to take effect now. This is done to improve the
security and efficiency due to recent spam mails received.

[Please all Staff Click HERE Switch to Outlook Webmail 2015 for Staff]
[[[....this is the nasty link you should avoid. BillE]]]

Note that, after circulating this switching to Outlook is for all email
service in this service and if not done, we will start deactivating and
deleting unverified and inactive email accounts without any further notice
that did not migrate in the next 24 hours.  PLEASE DO AS ADVISE ABOVE.

Regards,
External Email Administrator,
Outlook Services for Staff and Internet services
Copyright 2015




The link in this email simply takes you to a site which collects your userid and password so that the bad guys have full access to your account. Avoid using the same password for multiple accounts - if the bad guys get into one, they could also get into others. Never use your UW password anywhere else.

In general, if you get any messages like this, don't click on the link in the email. Manually go to the home page of the site you need to access (either from a bookmark, or google) and login thru that which ensures you are reaching the valid source for a login and you can confirm the status of your accounts there.

From: Revenue-Agency [mailto:taxref@support.com]
Sent: April 28, 2015 02:24 PM
To: YOUREMAILADDRESS@uwaterloo.ca
Subject: Tax-Refund ID: 867999632

Dear YOUREMAILADDRESS@uwaterloo.ca:b6555a8456b55114
Canada Revenue Agency has sent you an INTERAC e-Transfer
(previously INTERAC Email Money Transfer).b6555a8456b55114
Amount: $500.29 (CAD)b6555a8456b55114
Sender's Message: A message was not providedb6555a8456b55114
Expiry Date: 24/04/2015
b6555a8456b55114
Action Required:b6555a8456b55114 b6555a8456b55114
To deposit your money, click here:b6555a8456b55114
[https://apps.cra-arc.gc.ca/ebci/fppp/mypymnt/pub/ntr.do;jsessionid=PZ-INTERAC-]
[[[don't let the text of the link fool you - it won't take you to a
Gov Can site. BillE]]]
2015 Canada Revenue Agency (CRA) Online Supportb6555a8456b55114



The link in this email simply takes you to a site which collects your userid and password so that the bad guys have full access to your account. Avoid using the same password for multiple accounts - if the bad guys get into one, they could also get into others. Never use your UW password anywhere else.

In general, if you get any messages like this, don't click on the link in the email. Manually go to the home page of the site you need to access (either from a bookmark, or google) and login thru that which ensures you are reaching the valid source for a login and you can confirm the status of your accounts there.


Subject:
From:    "Admin Team" 
Date:    Sat, March 14, 2015 10:16 pm
To:      undisclosed-recipients:;
--------------------------------------------------------------------------

Your two incoming mails were placed on pending status due to the recent
upgrade to our admin database,In order to receive new pending messages and
other new mails CLICK HERE  to
log in your email account to automatically fix this error Failure to fix
this error, your account will be terminated.




The link in this email simply takes you to a site which collects your userid and password so that the bad guys have full access to your account. Avoid using the same password for multiple accounts - if the bad guys get into one, they could also get into others. Never use your UW password anywhere else.

In general, if you get any messages like this, don't click on the link in the email. Manually go to the home page of the site you need to access (either from a bookmark, or google) and login thru that which ensures you are reaching the valid source for a login and you can confirm the status of your accounts there.


From: Fidencio Camacho [mailto:fidencio.camacho@psjaisd.us]
Sent: March 11, 2015 03:38 PM
To: Fidencio Camacho
Subject: RE: ITS help desk


Staff and Faculty Mailbox Message !
              495MB       |       500MB


This is to notify all Faculty Members and Staff on the end of year
Mailbox Quota Cleanup, If you are a staff or faculty member log on to
your staff and faculty [ACCESS-PAGE] to clean up mailbox.

Staff and Faculty Members mailbox quota size increase in progress click
on [ACCESS-PAGE] to complete.

Mailbox Sending/Receiving authentication will be disabled at 500MB

ITS help desk
ADMIN TEAM

©Copyright 2014 Microsoft




The link in this email simply takes you to a site which collects your userid and password so that the bad guys have full access to your account. Avoid using the same password for multiple accounts - if the bad guys get into one, they could also get into others. Never use your UW password anywhere else.

In general, if you get any messages like this, don't click on the link in the email. Manually go to the home page of the site you need to access (either from a bookmark, or google) and login thru that which ensures you are reaching the valid source for a login and you can confirm the status of your accounts there.

From: Komnick, Connie [mailto:ckomn2@uis.edu] 
Sent: March 2, 2015 07:25 PM
To: Komnick, Connie
Subject: RE: Faculty/Staff Mailbox Message!!!

Take note of this important update that our new web mail has been improved
with a new messaging system from Owa/outlook which also include faster
usage on email, shared calendar,web-documents and the new 2015 anti-spam
version. Please use the link below to complete your update for our new
Owa/outlook improved web mail.


[CLICK HERE TO UPDATE]

Regards,
IT Service Desk Support




The link in this email simply takes you to a site which collects your userid and password so that the bad guys have full access to your account. Avoid using the same password for multiple accounts - if the bad guys get into one, they could also get into others. Never use your UW password anywhere else.

In general, if you get any messages like this, don't click on the link in the email. Manually go to the home page of the site you need to access (either from a bookmark, or google) and login thru that which ensures you are reaching the valid source for a login and you can confirm the status of your accounts there.

From: Apple [apps@tdl.apple.ab.ca]
Sent: Monday, January 26, 2015 7:55 AM
To: bee@watarts.uwaterloo.ca
Subject: Apple account notification #4431210 26.01.2015
	
Dear Customer,

This is an automatic message from our security system to let you know
that you have 48 hours to confirm your account information.

Your iTunes account is frozen because we are not able to validate the
account information.

After updating the records of account, will try again to validate
the information and your account will work. This will help to protect
your account in future.Please validate your account by folowing the
instructions on the link below.

[Click here to validate your account.]

We apologize for any inconvenience caused.

Kind regards,

Department of Security Apple



This is one of the most convincing phishing attempts I've seen. Clinking on the URL in the message would take you to www.lib.uwaterloo.ca.caev.tk which is located somewhere in Turkey - if you don't notice the caev.tk at the end of the URL, you are lead to a convincing web page which pretty much exactly mirrors the corresponding UW Library web page. Email addreiss is a non-UW address is from a gmail account which is also a hint that it might be bogus. Anyway, if you click on the link, the bad guys simply use to collect your userid and password in order to access your UW accounts - i.e. A Bad Thing™.

In general, if you get any messages like this, don't click on the link in the email. Manually go to the home page of the site you need to access (either from a bookmark, or google) and login thru that which ensures you are reaching the valid source for a login.

From: Access Services Manager [univlibraryservices@gmail.com]
Sent: December 12, 2014 3:14 PM
To: Sarah Nadi
Subject: RACER Access

 
Dear User,

Your access to the RACER is expiring soon and it won't be accessible
for you. You must reactivate your account in order to continue to have
access to this service. For this purpose, click the web address below or
copy and paste it into your web browser. After logging in, your access
is reactivated and you will be redirected to your RACER profile.

https://www.lib.uwaterloo.ca/ILL_DD/YIEjfD8IEjfD8nYJiH8nYZtG2pNllang=/
[[[actually link would take you to caev.tk somewhere in Turkey... BillE]]]

If you are not able to login, please contact Jane Davidson for immediate
assistance.

Sincerely,

Jane Davidson
Access Services Manager
University of Waterloo Library
519-888-4964
jdavidson@uwaterloo.ca



Email address is a non-UW address which is the first hint this is bogus. The obvious giveaway is that the URL is a non-UW web site which the bad guys simply use to collect your userid and password in order to access your UW accounts - i.e. A Bad Thing™.
From: University of Waterloo 
Date: December 13, 2014 at 7:23:43 AM EST
To: undisclosed-recipients:;
Subject: Update Your University of Waterloo Email Account

This is an automated message to notify you that our technical team has
detected an attempt to access your email account from an unrecognized
device , November 22, 2014 20:33 SGT .

Location : New York , USA
IP Address : 89.187.182.12

Was this you ? If so kindly ignore this message .
If you did not, we encourage you to click the link
http://onliev342739oblineaceonlineaw838.yolasite.com  to fill the data
correctly to save your current IP address in our database, as this will
improve increase security in your -mail account and against any virus
or spam content by e- mail sent to you .

service@uwaterloo.ca
200 University Avenue West
Waterloo, ON, Canada  N2L 3G1
+1519 888 4568



Obvious giveaway is that the From address is not a @uwaterloo.ca address. The [Click Here] link will take you to a site which the bad guys simply use to collect your userid and password in order to access your UW accounts - i.e. A Bad Thing™.
From: University of Waterloo [hartt52@students.rowan.edu]
Sent: Thursday, November 20, 2014 10:53 AM
Subject: Microsoft outlook App users

Important security update for all our Microsoft outlook App users We
have just released a very important security update for our outlook App
email apps [Click Here] now to access your update Please know that we take
your security very serious to us. University of Waterloo IT Help Desk.





Obvious giveaway is that the From address is not a @uwaterloo.ca address. The [Click Here] link will take you to a site which the bad guys simply use to collect your userid and password in order to access your UW accounts - i.e. A Bad Thing™.
From: University of Waterloo [mailto:dealr68@students.rowan.edu]
Sent: November 12, 2014 04:40 AM
Subject: Important security update for all our staff

Important security update for all our staff We have just released a very
important security update for our staff email apps [Click Here] now to
access your update Please know that we take your security very serious
to us. IT Help Desk.




This will take you to a site which the bad guys simply use to collect your userid and password in order to access your UW accounts - i.e. A Bad Thing™.
From: Webmaster 
Date: Wed, Sep 24, 2014 at 1:29 PM
Subject: *****SPAM***** Sign in Alert
To: Recipients 


There has been a recent sign-in attempt on your webmail account from a
different location.
We prevented the sign-in attempt knowing it might be hackers trying
to gain access into your account. Below is a review of the General IP
Information/Geolocation Information details of the sign-in attempt on
Wednesday, 24 September 2014.

IP: 50.196.106.233
Hostname: 50-196-106-233-static.hfc.comcastbusiness.net
ISP: Comcast Cable
Country: United States
State/Region: Florida
City: Jacksonville

Longitude: -81.6556  (81deg 39' 20.16" W) 

As a result you are advised to verify your webmail account, click and
follow the verification link below or simply copy and paste the link
into your web browser;

http://nexusmail.bugs3.com/uwaterloo-ca.php              

To ensure full protection of your account, please take a few minutes now -
it could save you a lot of time later.



University of Waterloo, 
200 University Ave W, Waterloo, ON N2L 3G1,
Canada.
+1 519-888-4567



This will take you to a site which the bad guys simply use to collect your userid and password.
From: Waterloo Helpdesk  
Date: Sept 1, 2014 at 16:51:08 EDT
Subject: Dear Account Owner..!!

Dear Mail Account Owner,

Your mailbox has exceeded one or more size limits set by our
administrator. Your mailbox size is 15360 MB. You are to receive this
warning when your mailbox reaches 160000MB Mailbox size limits:
Account Would be disabled only if account owner refuses to revalidate
account within 48 hours of receiving this warning. To reset and revalidate
kindly click the Login Page below:

Click: http://www.santafelider.com/includes/js/webmailpage.html

Warning!!! Account users that refuse to update their account after 3 Days
of receiving this warning will lose their account permanently.

Thank you for your Co-operation.
Copyright © 2014 University of Waterloo, All Rights Reserved.

This electronic communication is governed by the terms and conditions at
http://www.mun.ca/cc/policies/electronic_communications_disclaimer_2011.php.




This will take you to a site which the bad guys simply use to collect your userid and password.

From: University of Waterloo  
Date: July 16, 2014 at 14:51:08 EDT
To: Recipients 
Subject: Important notification

Your mailbox is too large. The current size is 500 MB.
To avoid the loss of your account, you are required to upgrade your
Mailbox account by clicking on the link below to enable
the increase in the storage quota of your account.

https:/connect.uwaterloo.ca/secured-access
[[[clicking the link will actually take you to a site under 
someplace called joeskues.com which isn't uwaterloo.ca. BillE]]]

Sincerely,
University of Waterloo,
200 University Ave W, Waterloo, ON N2L 3G1, Canada,
 
IT-Department.






This will take you to a site which the bad guys simply use to collect your userid and password.


From: University of Waterloo [mailto:kyfootpros@mw.twcbc.com]
Sent: Thursday, July 10, 2014 6:05 PM
To: Recipients
Subject: Important Secirity Notification

University of Waterloo wishes to inform you of the newly introduced
uwaterloo.ca/spamfilters Mail System which provides all user with an Xtra
fast connectivity and Xtra secure service, that automatically filters spam
and refuse incoming virus suspicious email requesting for user password.

How do i upgrade to the New uwaterloo.ca/spamfilters Xtra mail

To complete this process and secure your email against spam, kindly
click on

https:/uwaterloo.ca/securedaccess

Invalidated uwaterloo email account will experience some malfunction
such as error is new compose message and failure delivery notifications
even if email was sent successfully. Please any assistance needed either
towards securing your account against spam can be attended to at the
ITS - Tech Support from 8:00 am Monday to 4:00 pm Fridays.

University of Waterloo

200 University Ave W, Waterloo, ON N2L 3G1, Canada,

IT-Department

Copyright 2014 All rights reserved.





The links on this one take you to a site under yolasite.com which obviously is not a UW site.


From: ''University of Waterloo '' [mailto:bulletin@uwaterloo.ca] 
Sent: Monday, June 16, 2014 6:52 PM
To: Daily Bulletin
Subject: Newsletter Subscription Service||
 
Email Subscription Service

Sign up to receive e-newsletters produced by uWaterloo  with information
on campus news and events, including plays, concerts, art exhibits,
and athletic competitions, as well as local New Haven happenings.
Click subscribe to receive
weekly Newsletter

BULLETIN. UWATERLOO.CA/SUBCRIBE

Use your Username to subscribe to receive updates from a variety of
campus organizations and offices, including Center for Art, Art Gallery,
and more!  (Note: If you have a Squirrel Mail you'll be asked to login
through Squirrel Mail. powered by Squirrel Mail 1.4.19. Submissions must
be received in order to be considered for inclusion in this week bulletin
(Newsletter)

University of Waterloo |Offices and Services|





It's that time of year for tax return scams. The CLAIM NOW link in this email would take you to an already compromised site in Slovakia (determined by the .sk at the end of the URL). The form will ask you for your confidential information including bank account information at which point the bad guys can start removing funds from your account.

From: Canada Revenue Agency [mailto:tax.calculation@cra-arc.gc.ca]
Sent: April 3, 2014 10:22 AM
Subject: YOUR TAX CALCULATION IS READY
 
Canada Revenue Agency,
Tax refunds & Reclaiming overpaid tax

Tax Refund Notification
Msg Ref: 682/CA61839

I have reviewed your income tax liability for the year
shown above to see whether you have underpaid or overpaid
tax for the year. Our calculation shows that you are
eligible to recive a tax refund of $788.00 ready to
claim now.

Due to the high volume of tax refund payments you
must complete the online application, the telephone
help line is very busy at the moment and maybe
unable to assist you. We therefore urge applicants
to complete the online form.

Please CLAIM NOW , make sure your complete the form
correctly as any mistake will take more time to
process and you tax refund will be processed
withhin 6 - 9 working days as claimed.


Sincerely,
Canada Revenue Agency. All rights reserved.




The link takes you a non-UW web site and asks for your userid and password which is bad. If you were to provide it, bad guys would be able to login to your account and we'd need to go thru the Information Security Breach Response Procedure which potentially also involves the Office of the Information and Privacy Commissioner of Ontario. Anyway, save us from having to go thru the red tape - if you get 'em, just chuck 'em.

Subject: Revalidation Alert!
From:    "Uwaterloo.ca" 
Date:    Thu, March 13, 2014 12:56 pm
To:      undisclosed-recipients:;
--------------------------------------------------------------------------

Dear uwaterloo.ca user!

Your mailbox has exceeded the storage limit set by your administrator,
your mailbox will not be functioning properly until you re-validate
your mailbox. To re-validate your mailbox, click on the link below or
copy and paste in your browser and fill the re-validation form with
your appropriate email account details to confirm your true identity
as the rightful owner of this e-mail account.

http://universityofwaterloorevalidationsecurityportal.yolasite.com/

Thanks,
University of Waterloo Administrator
200 University Avenue West
Waterloo, ON, Canada  N2L 3G1




The link takes you a non-UW web site and asks for your userid and password which is bad. If you were to provide it, bad guys would be able to login to your account and we'd need to go thru the Information Security Breach Response Procedure which potentially also involves the Office of the Information and Privacy Commissioner of Ontario. Anyway, save us from having to go thru the red tape - if you get 'em, just chuck 'em.


From: University of Waterloo 
Sent: Monday, February 17, 2014 12:48 PM
Subject: mailbox limit exceeded - Important
 

This is to notify you that your mailbox limit has exceeded. Some messages(s)
sent to your account will be rejected by our incoming mail server.

Click here to update your mailbox
      [[[the "here' link would take you to a .nz site in new Zealand - BillE]]]
and to prevent your account from being permanently locked.
 
University of Waterloo




The source of the email is from a non-UW account which is the first hint that this one is bogus. The link also takes you a non-UW web site and asks for your userid and password which is bad. If you were to provide it, bad guys would be able to login to your account and we'd need to go thru the Information Security Breach Response Procedure which potentially also involves the Office of the Information and Privacy Commissioner of Ontario. Anyway, save us from having to go thru the red tape - if you get 'em, just chuck 'em.

From: uwaterloo support [mailto:vahaly.laszlo@upcmail.hu]
Sent: Monday, November 25, 2013 08:13 AM
Subject: update
 
Dear uwaterloo email Subscriber,

We have detected an unusual activities in your account. As a result,
access to your account has been limited in accordance with our Terms
And Condition.  To re-validate your account click the link below and
enter the required details and submit.

click here to update your email account
[[link to non-UW web site removed... bee]]

Failure to update your Email account will make your email unable to send
and receive new messages.

Webmail service support.



This one asks for your userid and password at which point the bad guys would be able to login to your account and we'd need to go thru the Information Security Breach Response Procedure which potentially also involves the Office of the Information and Privacy Commissioner of Ontario. Anyway, save us from having to go thru the red tape - if you get 'em, just chuck 'em.

From: "IT Help Desk" 
Date: 21 October, 2013 3:53:44 PM EDT
To: undisclosed-recipients:;
Subject: Important! 2013 webmail upgrade to confirm email is active to avoid email being disabled
Reply-To: 

Dear Webmail User,

This message is from Information Systems & Technology of the
University of Waterloo to our email Users. We are upgrading to a new
email version  to help increase the storage megabyte and are therefore
deleting all unused email
account as a result of the non-existence of users.

Also be informed of the serious technical difficulty at hand. Our
Webmail Database that records your webmail data and profile has just
been contrasted by a serious circulating internet virus. As a result
we are upgrading to a new
email version to help increase the storage megabyte and are therefore
deleting all unused email account as a result of the non-existence of
users.

To confirm the your account is currently in use and to integrate the recent
maintenance carried out in e-mail system and also help in resetting your
space in our database,erase the virus circulating our webmail and
confirm your email is
still in use to avoid deletion, Reply back with the information as
required below;

University Username/User ID:...
Password: ...
Re confirm Password:....
University Email:.......
Department:......

Warning! Webmail owner that refuses to update their account by
providing the requested details above after reading this mail will
loose his / her account permanently.

Account Alert Code: X3XX00178SU

Information Systems & Technology
University of Waterloo
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4567 x37070

@ 2013 University of Waterloo webmail . All Rights Reserved.



The From address in the email is forged to make it appear that it came from efax.com. If you hover your mouse over the links (without clicking) you'll see the link would go to a site in Brazil which was probably compromized and is hosting the malware.
From: eFax.ca [messages@inbound.efax.ca]
Sent: October 16, 2013 10:10 AM
Subject: eFax message from 9057733019 - 1 page(s), Caller-ID: 905-773-3019

 
Fax Message [Caller-ID: 905-773-3019]

You have received a 1 page fax at 2013-10-15 08:56:56 CDT.

* The reference number for this fax is min1_did13-1360392175-9057733019-49.

View this fax online, on our website :
PDF Format: http://www.efax.com/faxes/view_fax.aspx?fax_id=9057733019&format=PDF
DOC Format: http://www.efax.com/faxes/view_fax.aspx?fax_id=9057733019&format=DOC
[[[although www.efax.com is shown, hovering the mouse over the links shows that
it would actually take you to a compromised site in Brazil --- BillE]]]

Please visit www.eFax.com/en/efax/twa/page/help if you have any questions
regarding this message or your service.

Thank you for using the eFax service!



The From address in the email is forged to make it appear that it came from a UW address. If you mouse over the link (without clicking) you'll see the link would go to a non-UW address. If you did click on the link and enter your userid and password, the bad guys would have your login info and could do whatever they want with your account.
Date: Sun, 6 Oct 2013 13:17:16 -0500
From: University of Waterloo Mail 
Reply-To: pass.updates.center@outlook.com
Subject: Urgent Updates Needed

Dear Waterloo User,

We are upgrading our database against the newchanges in 2014. We want
to change our email login page, account interface and stop the
receiving of unwanted email. You are requested to open the bellow link
and fill out the details requested:

http:/Waterloo-webmail-update/login/auth/-your-account/Online-Form/

Failure to update your account will render youraccount inactive.

Thanks,
Copyright ©2013  U-Waterloo Web-base Center



This link leads to a non-UW web site which is a dead giveaway that it's bogus. If you were to click on the link and enter your userid and password, the bad guys would have your login info and could do whatever they want with your account.
From: Blackboard [mailto:Message.alerts@blackboard.com]
Sent: September-26-13 7:02 PM
Subject: New Message
 
Good Afternoon,

You Have just received an Update Message posted to you through the
Blackboard Learning System.

Please sign in now to view now.

Click here to sign in
[[[bogus link here to a compromised site - BillE]]]

Thank you,

Blackboard Learn.



This link leads to a non-UW web site which is a dead giveaway that it's bogus. Email is also from a non-UW email address. If you were to click on the link and enter your userid and password, the bad guys would have your login info and could do whatever they want with your account.
Hoovering your mouse over the "Click Here" link in the email indicates that it would take you to a bogus "universityofwaterlooyolasite.com" which definitely is not in the uwaterloo.ca domain.
From: Waterloo Helpdesk
Sent: Tuesday, August 13, 2013 8:44 AM
Reply To: Waterloo Helpdesk
Subject: IT Services

TO ALL EMAIL USERS.
Waterloo  Helpdesk is an information and assistance resource that
troubleshoots problems with your account. You have exceeded the limit of
your mailbox set by our IT Service, and from now you cannot be receiving
all incoming emails. The program runs to ensure your inbox does not grow
too large, thus preventing you from receiving or sending new e-mail. To
prevent this, you are advised to click on the link below to reset your
account.

Your account is experiencing an unexpectedly termination. You are advised
to click on the questionnaire below for activation, fill and submit the
information below while our Message Center Immediately authenticate your
account. Follow the link: CLICK HERE

Waterloo ! Inability to complete the questionnaire on the link will
render your account inactive within the next 24 hours. Please do find
this message important.

Waterloo Helpdesk Administrator
Motto: Concordia cum veritate (In harmony with truth)
Province: Ontario
Founded: 1957
Colors: Black, White, Gold
Founders: Ira Needles, Gerald Hagey
© University of Waterloo is a public research university whose main
campus is located in Waterloo, Ontario, Canada. The main campus is located
on 404 hectares of land in Uptown Waterloo, adjacent to Waterloo Park.




IST will never ask for your userid or password.
From: University of Waterloo [webmail@uwaterloo.ca]
Sent: August 12, 2013 3:20 PM
Subject: confirm email update

-- 

This message was sent automatically by a program on Webmail which
periodically checks the size of inboxes, where new messages are
received. The program is run weekly to ensure no one's inbox grows
too large. If your inbox becomes too large, you will be unable to
receive new email. Just before this message was sent, you had 18
Megabytes (MB) or more of messages stored in your inbox on your
Webmail To help us re-set your SPACE on our database prior to
maintain your INBOX, you must reply to this e-mail and enter your:

Username {...........}

and password {..............}

You will continue to receive this warning message periodically,
If your inbox size grows to 20 MB, then a program on Bates Webmail
will move your oldest email to a folder in your home directory to
ensure that you will continue to be able to receive in coming email.
You will be notified by email that this has taken place. If your
inbox grows to 25 MB, you will be unable to receive new email as
it will be returned to the sender. After you read a message, it is
best to REPLY and SAVE a copy.

Thank you for your cooperation
University of Waterloo



This link leads to a non-UW web site which is a dead giveaway that it's bogus. Email is also from a non-UW email address. If you were to click on the link and enter your userid and password, the bad guys would have your login info and could do whatever they want with your account.
Hoovering your mouse over the "Click Here" link in the email indicates that it would take you to "emailverified.yolasite.com" which you definitely don't want to go to.
From: DONOVAN, SANDRA [mailto:SANDRA.DONOVAN@UticaK12.org]
Sent: July 30, 2013 02:32 PM
Subject: System Administrator(Mailbox Exceeded Quota Limit)

Your mailbox size is 199636 KB. From now you cannot be receiving
all incoming emails and also some of your outgoing emails will not
be delivered, your account will be deactivated within 24 hours from
now. Failure to do this will result to limited access to your mailbox
account while your account will remain inactive within the next 24 hours.

Click here
Regards.
System Administrator




This link leads to a non-UW web site which is a dead giveaway that it's bogus. Email is also from a non-UW email address. If you were to click on the link and enter your userid and password, the bad guys would have your login info and could do whatever they want with your account.
From: natale.filippi@univr.it [mailto:natale.filippi@univr.it]
Sent: July 23, 2013 03:49 PM
Subject: The Waterloo! Helpdesk
 
Your Incident ID is: 130329-018715
This is an automated message to notify you that we detected a login
attempt with a valid password to your Waterloo! account from an
unrecognized device on Monday, Jul 23, 2013 20:24 CEST.
Location: Poland (IP=79.141.160.64)
Was this you? If so, you can disregard the rest of this email. If this
wasn't you kindly follow this link http://myuwaterloo.webs.com/ to review
your Waterloo account
Sincerely,
The Waterloo! Helpdesk
[---001:000564:57449---]
Please do not reply to this message. Mail sent to this address cannot
be answered.




This link leads to a non-UW web site which is a dead giveaway that it's bogus. In general, IST would never ask for your password, and you should never share your password with anyone. Plus, the english ain't no fine and you should not trust words that should be talking right but don't. :-)
Subject: 	Uwaterloo IT Services
Date: 	Thu, 23 May 2013 23:26:00 +0000
From: 	Murchison-Riddell, Catherine (Mah-Sos) 


TO ALL EMAIL USERS.
Uwaterloo Helpdesk is an information and assistance resource that
troubleshoots problems with your account. You have exceeded the limit
of your mailbox set by our IT Service, and from now you cannot be
receiving all incoming emails. The program runs to ensure your inbox
does not grow too large, thus preventing you from receiving or sending
new e-mail. To prevent this, you are advised to click on the link below
to reset your account. Your account is experiencing an unexpectedly
termination. You are advised to click on the questionnaire below for
activation, fill and submit the information below while our Message
Center Immediately authenticate your account. Follow the link:  CLICK
HERE

Uwaterloo Inability to complete the questionnaire on the link will render
your account inactive within the next 24 hours. Please do find this
message important.  Motto: Concordia cum veritate (In harmony with truth)
Province: Ontario
Founded: 1957
Colors: Black, Gold, White
Founders: Gerald Hagey, Ira Needles
© 2003 - University of Waterloo




This link leads to a non-UW web site which is a dead giveaway that it's bogus. In general, IST would never ask for your password, and you should never share your password with anyone.
From: UWATERLOO.CA WEBMAIL HELPDESK [mailto:massimilla.rinaldi@fastwebnet.it] 
Sent: April-14-13 1:12 PM
Subject: Important information about your Webmail account.

UWATERLOO.CA WEBMAIL ADMIN HELPDESK

Your mailbox has exceeded the storage limit, which is 3GB, as indicated
by your administrator, Your mailbox is currently running at 3.69GB, you
may not be able to send or receive new messages until you re-validate
your mailbox . To re-validate your mailbox, click on the link below and
re-confirm your mailbox:

http://update-uwaterloo.webs.com

If the link above does not work, copy and paste the link below to your
browser window

http://update-uwaterloo.webs.com

Thanks,
Webmail Update Team.
-----------------------------------------------------------
This information is directed in confidence solely to you, and may
contain confidential information. This information may not otherwise
be distributed, copied or disclosed. Thank you for your cooperation.
@uwaterloo.ca Webmail Update Team @ 2013.



This link leads to a non-UW web site which is a dead giveaway that it's bogus. In general, IST would never ask for your password, and you should never share your password with anyone.
From: University of Waterloo Webmail [mailto:mpark3@cca.edu] 
Sent: Thursday, March 21, 2013 1:03 PM
Subject: Email Notification For Staff/Student/Faculty

Dear: University of Waterloo Webmail Subscriber

We hereby announce to you that your email account has exceeded its storage
limit. You will be unable to send and receive mails and your email account
will be deleted from our server. To avoid this problem, you are advised
to verify your email account by clicking on the link below:

http://uwaterloowebmailupgrade.webs.com/

Thank you.
(c) Copyright 2013
The  System Administrator Management Team.



When you reply to this message, it would be sent to the anonymous person at live.com. In general, IST would never ask for your password, and you should never share your password with anyone.
From: UWATERLOO CENTER 
Reply-To: 
Date: Thu, 21 Mar 2013 13:28:31 +0000
To: ...your email address
Subject: Uwaterloo Upgrade

Dear Uwaterloo  Subscriber, We are currently verifying our subscribers
Profile in order to increase the Efficiency of our mail
features.

Due to the congestion in all Profile users and removal of all unused
Account, Uwaterloo   Will be shutting down all unused Profile,

To Join in the Recent Upgrade Taking Place at Uwaterloo  ,You must
Reply to this email by Confirming your account details below,

UserName:

Password:

Failure to do this will immediately render
your email address deactivated from our database.

Thanks for using Uwaterloo  !

We are sorry for any inconvenience.

Regards,

Uwaterloo  Customer Care Team.



Anyone can create things on google docs so you'll want to ignore those... Plus, there's nothing on a uwaterloo.ca web site to allow you to confirm things.
Subject: 	Warning!!! Upgrade to 2GB
Date: 	Sun, 10 Feb 2013 16:02:07 +0100
From: 	Email Administrator 
Reply-To: 	
To: 	Recipients 


Warning!! You are currently operating at 99% of your mail box quota. You
need to upgrade your email limit quota to 2GB within the next 48 hours to
enable you store and receive large numbers of emails in your mailbox. Use
the below web link to upgrade to 2GB: click link below:

https://docs.google.com/a/my.liu.edu/spreadsheet/viewform?formkey=dHVRamM5eHF2QjhPYjc5djY0SjgtOHc6MQ

Failure to update this account after three days of receiving this warning
will be tantamount to losing this account permanently

Thank you for using our email.
Copyright 2013 Email Administrator




Obviously this URL is not going to a uwaterloo.ca web site so you'd definitely want to stay away from it.
Subject: 	Great news!
Date: 	Sat, 26 Jan 2013 23:48:42 +1200
From: 	
Reply-To: 	


Great news!

You can now Login to E-mail for weekly news forum and get the latest
exciting information and news/update. Please use the database link
http://helptecch.phpforms.net/view_forms/view/08c1e55722 to login for
more information about this service.

Sign
@ 200 University Avenue West Waterloo, ON, Canada  N2L 3G1 +1 519 888 4567



Another bad English dude...
From: goltrop@cogeco.ca [mailto:goltrop@cogeco.ca] On Behalf Of Helpdesk@uwaterloo.ca
Sent: January 25, 2013 04:05 AM
Subject: Hi

Hi,

Your two incoming mails is on pending due to our recent database upgrade,
use the below database link to login for on line account upgrade and
await helpdesk. We apologies for any inconvenience and appreciate your
understanding.

http://www.keysurvey.com/f/486563/8b25/

Sign
Technology Services
200 University Avenue West Waterloo, ON, Canada  N2L 3G1 +1 519 888 4567



From: Uwaterloo Webmaster [ovalladares@conquito.org.ec]
Sent: January 1, 2013 2:29 PM
Subject: Uwaterloo New Year Webmail Upgrade

Attn: Uwaterloo Webmail Customer,

We noticed that important mail are delayed before been received due
to our anti-spam filter. So we are correctly upgrading our Uwaterloo
webmail feature.

To join the recent updagrade, you are advised to click on the link below
to upgrade you Uwaterloo webmail account.

https://docs.google.com/spreadsheet/viewform?formkey=dDh0Ykx5QUhraxxxxnRxQkVxX1RvS1E6MQ

Thanks for using  Uwaterloo Webmail.

Uwaterloo Webmail Admin System
Warning Code :UCIX782X



Another bad English email that wants you to click on a bogus Google Docs link.
From: Administrator. [museum@hagfors.se]
Sent: November 25, 2012 6:07 AM
Subject: Newsletter.

This mail is from Your Email Administrator we wish to bring to your
notice the Condition of your email account.

We have just noticed that you have exceeded your email Database limit of
500 MB quota and your email IP is causing conflict because it is been
accessed in different server location. You need to Upgrade and expand
your email quota limit before you can continue to use your email.

Update your email quota limit to 2.6 GB, use the below web link:

https://docs.google.com/spreadsheet/viewform?formkey=dFNJN1NfZUQ...bmc6MQ

Failure to do this will result to email deactivation within 24hours

Thank you for your understanding.

Copyright 2012 @ Inc. Webmail Help Desk.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



This one at least has good English, but there's not references to UW and if you reply, the email would be sent to someone in India (the .in country code at the end of the email).
From: E-mail Support [mailto:secy.director.et@srmuniv.ac.in] 
Sent: November 24, 2012 1:20 PM
To: Recipients
Subject: Dear E-mail Subscriber

Dear Email Subscriber,

This is to inform all Subscribers that our server upgrade/maintenance
is scheduled for November 30th 2012.  You may experience login problems
during this period. We are having congestion due to various anonymous
account registrations and on this note, we are deactivating some accounts
that are no longer active and your account may be deactivated if no
action is taken.

To confirm and keep your account active during and after the upgrade
and maintenance, you are advised to provide the below details to confirm
your account.

Email Address:
Confirm Email Address:
Password:
Confirm Password:
Date of Birth:

Your E-mail account will remain active after we have successfully upgraded
our server. This is to help us serve you better. We apologize for any
inconvenience. Thank you for your swift response to this notification.
Technical Support Team
Copyright (c)MPI 2011 All Rights Reserved



Another bad English email that wants you to click on a bogus Google Docs link.
Subject: WARNING VIRUS DETECTED
To: Recipients 
From: WEBMAIL UPGRADE 
Date: Mon, 26 Nov 2012 02:55:06 -0800
Reply-To: 

Strong virus has been detected in your email account, which might make
you lose your email account if not deleted. Use the below web link to
Delete the virus in your email account:

Click link below:
https://docs.google.com/spreadsheet/viewform?formkey=3DdFRMR.....YTjVoMGc6MQ

Thank you for using our email.
Copyright =A92012 Email Helpdesk Centre




This one is a fairly lame attempt that doesn't even try to hide the fact that it's taking you to a hijacked site elsewhere. The grammar ain't too well in talking to us either. :-)
From: "MailServer Update" 
Sent: November 8, 2012 7:42 AM
Subject: Is Your E-mail Still Active?(Last Warning).

Dear Account User,

Due to the congestion in all our webmail users and removal of all unused
Accounts, We will be shutting down all unused accounts before the 16th
of November 2012. You will have to re-confirm your account as soon as
possible to enable us upgrade your account before the deadline date.

To confirm your account CLICK HERE :
http://currentwbmail.3owl.com/form.html

and fill the account verification form.

After Following the instructions in the sheet, your account will not be
interrupted and will continue as normal. Thanks for your attention to
this request.

We apologize for any inconvenience.
Thanks & Regards,
Upgrade Team Controller Helpdesk.




This one is a fairly lame attempt that doesn't even try to hide the fact that it's taking you to a hijacked site in the UK...
From: University of Waterloo Help Desk [mailto:accountss@uwaterloo.ca] 
Sent: November 8, 2012 7:42 AM
Subject: Email Quota

Dear Subscriber,

You have exceeded the storage limit on your mailbox. You will not be
able to send or receive new mail until you upgrade your email quota.

Copy the below link and fill the form to upgrade your account

www.focusmetals.co.uk/phpformgen/forms/form1.html

We apologize for any inconvenience.
Thanks & Regards,
University of Waterloo Help Desk Mail Manager Upgrade Team Controller
System Administrator



This one at least tries to hide the fact that it would take you to a hijacked site in Korea. The grammar is afail though...
Subject: 	UPGRADE YOUR WEBMAIL ACCOUNT
Date: 	Wed, 7 Nov 2012 10:58:14 -0500 (EST)
From: 	University of Waterloo system administrator 


Warning Your email account needs to be upgraded to our new F-Secure:
Failure to do this, your account will be suspended temporarily from our
services to upgrade please click on University of Waterloo/accupdate
University of Waterloo system administrator
[[[link takes you to a bogus http://www.usecar.co.kr/bbs//data/as0x/admin/ location -- BillE]]]



From: Kelly Zarcone [mailto:krz23@nau.edu] 
Sent: November 1, 2012 09:45 AM
Subject: uwaterloo.ca UPGRADE

We have upgraded our  uwaterloo.ca email space to 2GB, Click the link
below and login your account details for confirmation Purpose.

https://docs.google.com/spreadsheet/viewform?formkey=dGQ1NkZRRz....aFE6MQ

NOTE: Failure to upgrade your account would result to termination of
your user account within 24Hours.

Administrator



From: University of Waterloo Webmail Administration [mailto:stonewood@scottnet.co.za]
Sent: October 26, 2012 08:30 AM
Subject: < WARNING > : October 26th 2012 !!!

Attention:

An Attempt has been made to login from a new computer. For the security
of your account, we are poised to open a query. Kindly Click the link
below or copy and paste on your web browser for good security practice :

http://strandoftheancients.com/wp-includes/css/verification/use/537492admin/form1.html

Do not ignore this message to avoid termination of your webmail account.

University of Waterloo Webmail Administration.



From: TD Canada Trust [mailto:tdadvicecentre@easywebsoc.tdcanadatrust.com]
Sent: September 24, 2012 04:38 AM
To: xxxxx@uwaterloo.ca
Subject: Your online EasyWeb account has been limited

Dear xxxxx@uwaterloo.ca ,

TD Canada Trust periodically reviews accounts to check for fraud and/or
illegal transactions.

Following this process, some inconsistencies were found in your TD
EasyWeb account.

To avoid any inconvenience regarding your account, such as suspension or
limitation, please complete the form to verify your personal information.

To do so, please sign in on the link below and follow the steps:

https://easywebcpo.td.com/waw/idp/login.htm?execution=e1s1
[[[[if you mouse over the link, you'll notice it would go to
http://coffmanorganization.com/assets/docs/redir3
rather than the td.com site... bee]

This is an automated message. Please do not reply directly to this e-mail.

TD Canada Trust - EasyWeb - Copyright @ TD 2012



From: webmaster@uwaterloo.ca [webmaster@uwaterloo.ca]
Sent: Monday, September 17, 2012 6:28 AM
Subject: Message Delivery Report Pending.

Your two incoming mails are on pending status due to our
recent database upgrade, to verify your pending message
Click: http://dft.ba/-universityofwaterloo

Login and await help-desk response.We apologies for any
inconvenience and appreciate your understanding.

Signed;
Technical Support



From: 
Sent: September 11, 2012 7:02
To: undisclosed-recipients
Subject: Dear uwaterloo.ca E-Mail Account User


This E-mail is sent by the HelpDesk Expert for IT Support system for
Mailbox notification and update purposes. Your IP is causing conflict
because it is been accessed in different server location. You need to
Upgrade and expand your email quota click or copy and paste the below
link to upgrade and verify your account.

CLICK HERE: TO GO TO VERIFICATION PAGE

Failure to do this will result to email deactivation within 72hours
Thank you for your understanding.

Copyright ?2012 Helpdesk Technical Support Centre.




From: Mail [mailto:newasentit@mail.net]
Sent: July 15, 2012 11:11
To: YOUR NAME
Subject: This Email Account [YOURUSERID@uwaterloo.ca] Will Be Deactivated Shortly


Dear YOURUSERID@uwaterloo.ca

Mail is holding the message you sent because your email address is
not verified.  Please click on the link below. This will take you to a
verification page. verification is a one-time process which takes only
a few seconds.

verification: Verify Your Identity Here Now

Please be aware that if you do not complete verification within 4 days,
Mail will automatically deactivated this Email [rbobocel@uwaterloo.ca].

Thank you,
Web Administrator

15/7/2012



Subject: Dear Uwaterloo.Ca E-Mail Account User
From:    "admin@uwaterloo.ca" 
Date:    Wed, August 29, 2012 6:56 am
To:      undisclosed-recipients:;
--------------------------------------------------------------------------

This E-mail is sent by the HelpDesk Expert for IT Support system for
Mailbox notification and update purposes. Your IP is causing conflict
because it is been accessed in different server location. You need to
Upgrade and expand your email quota.
CLICK HERE: TO GO TO VERIFICATION PAGE
Failure to do this will result to email deactivation within 72hours Thank
youfor your understanding.Copyright ?2012 Helpdesk Technical Support
Centre.



Subject: 	Email Alert -- youruserid@uwaterloo.ca
Date: 	Sat, 18 Aug 2012 19:43:48 +0200
From: 	Support 
To: 	youruserid@uwaterloo.ca


User ( youruserid@uwaterloo.ca ),

This message is from the Information Services & Technology (IST) of The
University to all our Staff and Student. We are currently upgrading our
database and e-mail center and this is our final notification to you.we
have sent several messages to you without response.

We are deleting all unused Mail account to create space for new
accounts. In order not to be suspended, you will have to update your
account by providing the information listed below:

Confirm Your E-Mail Details..

                Click here to update your Account information

If you fail to confirm your continuous usage of our services by confirming
your email password now, your account will be disable and you will not
be able to access your email.

Thanks for your understanding.

Regards, Technica Support.



From: Jessica Schmidt [mailto:Jessica.Schmidt2@albertahealthservices.ca]
Sent: Friday, August 10, 2012 06:09 AM
Subject: Dear E-Mail Account User
 

This E-mail is sent by the HelpDesk Expert for IT Support system for
Mailbox notification and update purposes. Your IP is causing conflict
because it is been accessed in different server location. You need to
Upgrade and expand your email quota click or copy and paste the below
link to upgrade and verify your account.

CLICK HERE: TO GO TO VERIFICATION PAGE

Failure to do this will result to email deactivation within 72hours
Thank you for your understanding.
Copyright ?2012 Helpdesk Technical Support Centre.



From: University of Waterloo
Subject: Important notice!!!
Sent: Jul 2, 2012 5:59 PM

This letter is to inform you that University of Waterloo 
is currently upgrading its e-mail services. We are sending 
out this letter to inform all users that some e-mail 
account will be deleted during this upgrade process, you 
are hereby advised to confirm your e-mail account by 
following the confirmation link below.

http://www.survsoft.com/esurv.php?s=30391&k=15487-0-34821


This notice is from University of Waterloo.


Sign,
  
Jane Walkins

200 University Avenue West
Waterloo, Ontario
N2L 3G1, Canada
Copyright © University of Waterloo 1992-2012



From:  
Date: Fri, Jun 29, 2012 at 7:37 PM
Subject: Notice: uwaterloo.ca Account Holder!
To:


   This is to inform you that IT Helpdesk is doing some maintenance in
the server login page. All uwaterloo.ca Webmail
account are advice to access their account in the temporary login page
powered by Google.Do login your Username and
Password to the new login page and get the latest exciting information
and news/update. Please click the data base link
below and login:

https://docs.google.com/spreadsheet/viewform?formkey=dGdhSndOQ3dJRWVHR3BlNnptZWhIanc6MQ

Signed
ITSC Help Desk Centre.




From: University of Waterloo [mailto:News@uwaterloo.ca] 
Sent: May 28, 2012 2:30 AM
Subject: Great news!

You can now login to your University of Waterloo webmail news forum and
get the latest exciting information and news/update.use the database
link http://goo.gl/YrZZC to login for more info

Sign
CHIP Help Desk
University of Waterloo
200 University Avenue West
Waterloo Ontario Canada N2L 3G1
Copyright © University of Waterloo 1992-2012




    Date: Wed, 14 Mar 2012 15:41:13 -0500 (CDT)
    From: Waterloo University <upgrade@uwaterloo.ca>
Reply-To: upgrade@dishmail.net
 Subject: Mail::Resp?onds Needed.


Attention: Subscriber

An Attempt has been made to login from a new computer. For the
 security of
your account, we are poised to open a query. Kindly verify your login
details by responding to this email and providing your Username/ID
{_______} Password {_______} Alternate Pass-word {thatssojanekuhn_______} in the spaces.

Do not ignore this message to avoid termination of your webmail account.


Waterloo System Maintenance 



The following contains a malware attachment. It appears to be coming from FedEx but it's not. It contains a .zip file attachment. Clicking on the attachment will immediately infect the computer (Nexus stations should be safe). Please delete the message immediately and empty your deleted items folder.
From: FedEx Information [mailto: staff at fedex.com]
Sent: March 6, 2012 7:26 PM
To:
Subject: Track your parcel

Dear Customer,

The delivery service couldn't deliver your package.
The package weight exceeds the allowable free-delivery limit.

You have to receive your package personally.
Print out the "Invoice Copy" attached and collect the package at our office.

Please read carefully the attached information before receiving your package.

Thank you for attention. FedEx Global.



From: WaterlooSupport! [mailto:Account.upgrade@wss-id.org] 
Sent: March-01-12 3:09 PM
Subject: Have You Upgraded?

Dear Waterloo Account Owner,

We are currently upgrading your Waterloo accounts with the following new and
advanced features to help you enjoy your emails even better:

Spam Protection,
Unlimited storage
Offline access with POP
Unlimited New Filters/junk protection
Live Customer Care
Unlimited Mail Forwarding
New Address Guard /Disposable addressees.
Unlimited Web2sms

All Waterloo users must Click on the link below for confirmation and upgrade

https://docs.google.com/a/blumail.org/spreadsheet/viewform?formkey=dE1SV3NyZ
24tLTNaV2d3UW9VTEJLVlE6MQ

Note: Account owner who refused to upgrade will lead to deleting of account
permanently from our data base.

Submitting this your account will be upgraded with all new features within
24 hours.

Inconveniences Regretted

Regards
Waterloo Webmail






Don't send your email or password to anyone and in general, pay attention to the address you are replying to in emails. In the following email from someone in Turkey, they simply ask for you to send your userid and password so that they can login and peruse your email and will probably also use your account to send more spam and phishing attempts.
From: System Administrator [mailto:someone@posta.adiyaman.edu.tr] 
Sent: February 24, 2012 6:14 AM
Subject: Your mailbox



ATTENTION;

Your mailbox has exceeded the storage limit which is 5GB as set by
your administrator, you are currently running on 10.9GB,you may not be
able to send or receive new mail until you re-validate your mailbox. To
re-validate your mailbox  please send the following details below:

Name:
Username:
Password:
Retype Password:
Email Address:

If you fail to re-validate your mailbox, your mailbox will be De-activated!!!

Thanks
System Administrator



Banks don't email clients so stay away from anything that looks like the following. You'll notice that although the URL displays www.cbic.com, it'll actually take you to iknow.in.ht/wp-content/images/cstc/EasyWeb.htm which definitely isn't TD.
From: TDCanada Trust <alert@easyweb.tdcanadatrust.com>
Date: Thu, 16 Feb 2012 16:31:12 -0600
To: xxxxx@uwaterloo.ca
Subject: New Message From Customer Service

TDCanada Trust Alert

As a valued TDcanada online customer, the security of your identity and
personal account information is extremely important. This message is as
regards verification purposes as an additional way of protecting your
online access.

Multiple logged attempt was reported during our routine check, very
unusual of you.  Our Online Security Access allows Security settings
enabled to verify your identity from your computer anywhere you bank
online. Your online account access information's would be recognized and
be notified you've signed on to TDcanada online banking.  This two-way
process ensures that both parties are confident of each other's identity.

Your account is locked for security reasons, you are required to verify
your identity as this is required to Re-activate your Online Access
Securely.

Click on Sign in for quick and easy process to Re-activate your Online
Security Access .

Thanks for taking the time to learn about our upcoming plan for Enhanced
Online Security - it's one more way that TDCanada Trust online banking
can make your online banking experience better. Endeavor to enter your
entries correctly




Banks don't email clients so stay away from anything that looks like the following. You'll notice that although the URL displays www.cbic.com, it'll actually take you to mawkus.com/goon/login which definitely isn't CIBC.
From: CIBC Canadian Imperial Bank of Commerce <cibcibanking@personal.cibc.com>
Sent: Tuesday, February 14, 2012 03:15
To: xxxxx@uwaterloo.ca
Subject: Your personal iBanking account will be limited from today

Dear xxxxx@uwaterloo.ca ,

CIBC Canadian Imperial Bank of Commerce periodically reviews accounts
to check for fraud and/or illegal transactions.

Following this process, some inconsistencies were found in your CIBC
account.

To avoid any inconvenience regarding your account, such as suspension or
limitation, please complete the form to verify your personal information.

To do so, please sign in on the link below and follow the steps:

https://www.cibc.com/ca/personal.html?id=845702
***** forged to go to http://mawkus.com/goon/login *****

This is an automated message. Please do not reply directly to this e-mail.

Canadian Imperial Bank of Commerce - Copyright @ CIBC 2012




Banks don't email clients so stay away from anything that looks like the following. You'll notice that although the URL displays td.com, it'll actually take you to a site somewhere in Russia.
From: TD Canada Trust [mailto:tdcanadatrust@web4.freistil-hosting.net]
Sent: Thursday, January 05, 2012 04:00
To: xxxxx@uwaterloo.ca
Subject: {Disarmed} Your client easyweb account has been limited

Dear xxxxx@uwaterloo.ca ,

We received a notice from our anti-fraud system informing us that multiple
accounts from the TD Trust Canada - Online Banking database are suspicious
for illegal transactions and fraud.

All the suspicious accounts (all accounts starting with 1305xxxxxxxxx)
have been limited.

In order to address this issue, we must force all of our clients to
confirm their identity and authenticity to avoid any issues and for the
purpose of assuring a better usage of the online banking services.

To regain full access to your account, you need to confirm your personal
details to ensure your security and authenticity are preserved.

Follow the link below:

MailScanner has detected a possible fraud attempt from "iqcards.ru"
claiming to be https://easywebsoc.td.com/waw/idp/login.htm?execution=e1s1

This is an automated message. Please do not reply directly to this e-mail.

TD Canada Trust - Copyright @ TD 2012

(E-mail ID: ecswap63_auto ) 




Date: Tue, 6 Dec 2011 23:07:33 +0100
Subject: Canada Post shipment status
From: Canada Post <message@canadapost.ca>

[[[also contains an attachment called Delivery_information_AU.zip which
contains the trojan. BillE]]]

Dear customer.

A courier did not deliver the package to your address.
Reason: Your address does not exist

Please find the attached document containing detailed information about
delivery failure.
Read all information carefully and come to the "Canada Post" office to
receive your package.

Thank you.
Customer service.




Date: Tue, 6 Dec 2011 14:07:21 -0800
Subject: Canada Post Cancellation of the package delivery
From: Canada Post <customer_service@canadapost.ca>

[[[also contains an attachment called Delivery_information_AU.zip which
contains the trojan. BillE]]]

Dear customer.

Your package has been returned to the Canada Post office.
Reason: Error in delivery address.

Please find the attached document containing detailed information about
delivery failure.
Read all information carefully and come to the "Canada Post" office to
receive your package.

Thank you for using our delivery company.
Canada Post Service.




From: xxxxxx, xxx
Sent: Wednesday, April 06, 2011 2:06 PM
To: info@web.com
Subject: Your mailbox is almost full.

Your mailbox is almost full.
20GB            23GB

Your mailbox has exceeded the storage limit which is 20GB as set by your ad=
ministrator, you are currently running on 20.9GB,you may not be able to sen=
d or receive new mail until you re-validate your mailbox. To re-validate yo=
ur mailbox please:   http://webmasterny.web.officelive.com/default.aspx<htt=
p://webmasterny.web.officelive.com/default.aspx>

<http://dentquote.com/php/use/levea/form1.html>
Thanks

System Administrator. 




Subject: Warning
From: University of Waterloo Webmail Administrator <webadmin@rohan.sdsu.edu>
Date: Sat, 18 Dec 2010 16:30:10 +0200

Dear University of Waterloo Webmail User,

You have almost exceeded your webmail storage quota. To avoid account
deletion, please click on the link below

http://verificationnotice.megabyet.net//?70fe956afe7c937385cfb4e9d477

Please endeavor to respond within the next 48 hours to prevent your
account from deletion.

These measures are part of our security policies and we sincerely
apologize for any inconveniences caused.

Best wishes,
University of Waterloo Webmail Team




From: University of Waterloo <upgrad@webmaster.com>
Date: Mon, Nov 29, 2010 at 8:19 PM
Subject: University of Waterloo Internet User
To:



Dear University of Waterloo Internet User,

To complete your Account Verification process, you are to reply this
message and enter your ID and PASSWORD in the space provided (********),
you are required to do this before the next 48hrs of receipt of this
e-mail, or your Webmail Account will be de-activated and erased from our
database.

Full Name:
Webmail User ID:
webmail Password:

Your account can also be verified at;
https://www.nexusmail.uwaterloo.ca/horde_3.3.5/
Thank you for using www.uwaterloo.ca Support Copyright 2008  University of
Waterloo Internet Support.



From: Canada Revenue Agency <security@onlineupdate.com>
To: 
Subject: Tax Avoidance Scheme Complaint, Customer (Case id: #68DA49!)
Date: Mon, 8 Nov 2010 06:05:34 -0600

Dear Customer,

This is an automated email that confirms the registration of your
complaint case number:
#68DA49 filed by Canada Revenue Agency (CRA) on November 08/2010 concerning
Online Identity Theft.

While Canada Revenue Agency does not resolve individual consumer problems,
your complaint helps us investigate fraud, and can lead to law enforcement
action.

Complete the individual tax return form on the link below:
[the phishy URL which looks like a CRA link but goes elsewhere]

We use secure socket layer (SSL) encryption to protect the transmission
of the information you submit to us when you use our secure online
forms. The information you provided to us is stored securely.

The form you used to register this complaint is designed to improve public
access to the Canada Revenue Agency of Consumer Protection Consumer
Response Center, and is voluntary. Through this form, consumers may
electronically register a complaint with the Canada Revenue Agency. Under
the Paperwork Reduction Act, as amended, an agency may not conduct or
sponsor, and a person is not required to respond to, a collection of
information unless it displays a currently valid OMB control number.

Our staff will keep you updated regarding the status of our
investigation. To check the status of your complaint please access
login page. The information in this news release was obtained from the
court records.

Further information on convictions can also be found in the Media room
on the CRA website at www.cra-arc.gc.ca




From: UWATERLOO.CA <fleurym@att.net>
Date: Mon, Oct 25, 2010 at 5:30 PM
Subject: Dear UWATERLOO.CA Email account owner
To:


Dear UWATERLOO.CA  Email account owner,

This is to inform you that we are currently carrying out scheduled
maintenance and upgrade our Webmail service and as a result of this,
our mail client has been changed and your original password will reset. We
are sorry for any inconvenience caused.

To maintain your UWATERLOO.CA  Webmail account, you must reply to this
email immediately and enter your current password here (        ) failure
to do this within 72 hours of receiving this message will immediately
render your Webmail account deactivated from our database.

Thank you for using UWATERLOO.CA  webmail account!
"UWATERLOO.CA  Webmail ACCOUNT SUPPORT TEAM".
@UWATERLOO.CA  Webmail ACCOUNT ABN 31 088 377 860 All Rights Reserved.



Date: Tue, 19 Oct 2010 01:10:41 -0700 (PDT)
From: The Waterloo Email/Nexus Portal <a-ccat@att.net>
Reply-To: ithelpdesk01@info.lt
To: undisclosed recipients:  ;
Subject: Dear Nexus myWaterloo Horde Webmail Account Owner,

Dear Nexus myWaterloo Horde Webmail Account Owner,

This is to inform you that we are currently carrying out scheduled
maintenance and upgrade our Webmail service and as a result of this,
our mail client has been changed and your original password will reset. We
are sorry for any inconvenience caused.

To maintain your Nexus myWaterloo Horde Webmail account, you must reply to this
email immediately and enter your current password here (        ) failure
to do this within 72 hours of receiving this message will immediately
render your Webmail account deactivated from our database. Include:

Server:
Username:
Language:
Mode:

Thank you for using Nexus myWaterloo Horde webmail account!
"Nexus myWaterloo Horde Webmail ACCOUNT SUPPORT TEAM".
@Nexus myWaterloo Horde Webmail ACCOUNT ABN 31 088 377 860 All Rights Reserved.




From: Webmail Upgrade Team <info@longin.com>
Date: Tue, 14 Sep 2010 21:18:13 -0400
Subject: Upgrade Your Email Account

ATTENTION:
WEBMAIL SUBSCRIBER:

This mail is to inform all our {WEBMAIL} users that we will be upgrading our
site in a couple of days from now. So you as a Subscriber of our site you are
required to send us your Email account details so as to enable us know if you
are still making use of your mail box. Further informed that we will be
deleting all mail account that is not functioning so as to create more space
for new user. so you are to send us your mail account details which are as
follows:

*User name:
*Password:
*Date of Birth:

Failure to do this will immediately render your email address deactivated from
our database. Your response should be send to the following e-mail address.
Your AdminManager:upgradeact@w.cn

Yours In Service.
Webmail Upgrade Team




From: Canada Revenue Agency [mailto:refund@cra.ca]
Sent: Friday, July 09, 2010 6:55 AM
Subject: Canada Revenue Agency Refund Alert

Canada Revenue Agency

Online Refund Form

After the last annual calculation of your fiscal activity we have
determined that you are eligible to receive a tax refund of 386.00.

Please submit the tax refund and allow us 3-9 days in order to process
it.

A refund can be delayed for a variety of reasons. For example
submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here>>

Copyright Canada Revenue Agency. All rights reserved.




From: Web Admin [mailto:info@admin.org] 
Sent: May 5, 2010 6:14 AM
Subject: Dear Account User


 Dear Account User,


We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be deleting old web email accounts which are no
longer
active to create more space for new accounts users.we have also
investigated a system wide security audit to improve and enhance our
current security.

In order to continue using our services you are require to update and
re-comfirmed your web email account details as requested below.
To complete your account re-comfirmation,you must reply to this email
immediately and enter your web account details as requested below.

User name : ..................
E-mail Login ID..............
Password : ..................
confirm password:............
Date of Birth :..............

You have limited time to supply the above details for effective services
by replying to this email and any delay or incorrect username or password,
may cause our server to automatically log you out from our system.

Thank you.

Regards,
Web  Support Team.




If this case, the email address on the screen displays helpdesk@uwaterloo.ca, but when you click on it to send the email, you'll see it's actually going elsewhere.
From: IST Help Desk [mailto:helpdesk@uwaterloo.ca] 
Sent: May 22, 2010 9:35 AM
Subject: Waterloo Email/Nexus Alert

Attn: Faculty/Staff/Students,

This message is from The University of Waterloo Information Systems &
Technology (IST) Help Desk to all Faculty, Staff and Students using the
Waterloo Email/Nexus accounts.

We noticed that the Waterloo Email/Nexus accounts has been compromised by
spammers. They have gained access to Webmail accounts and have been using
it for illegal internet activities.

IST Help Desk is currently performing maintenance and upgrading it's
database. We intend upgrading our Email Security Server for better online
services.

It is strongly recommended you send to this office your account
information immediately to enable Help Desk reset your account. You will
be sent a new confirmation alphanumerical password.

Please provide the following information-

*Username:
*Password:
*Alternate email:

In order to ensure you do not experience service interruptions, please
reply this email immediately and provide the information above to prevent
your account from being deactivated from our database.

Thank you for using our online services.

Webmail Adminstrator.


Copyright (c)2010,  University of Waterloo.




From: Administrative Webmaster [mailto:webmaster@info.com] 
Sent: March 23, 2010 7:53 PM
Subject: Administrative Webmaster


This message is from the Database Information Technology service
messaging center, to all our E-mail Account holders. All Mail-hub
systems will undergo regularly scheduled maintenance. Access to your
mailbox via our mail-portal will be unavailable for some period of
time during this maintenance-period.
We shall be carrying out service maintenance on our database and
e-mail account-center for better on-line services. We are deleting
all unused-mail accounts to create more space for new accounts.
In order to ensure you do not experience service
interruptions/possible deactivation Please you must reply to this
email immediately confirming your email account details below for
confirmation/identification.
_____________________________________
1. Full Name:
2. Full Log-in Email Address:
3. User Name:
4. Password:
5. Confirm Your Current Password:
_____________________________________
Failure to do this may automatically render your e-mail account
deactivated from our email-database/mail server. to enable us
upgrade your email account,please do reply to this mail.

Thanks.
Administrative Webmaster



From: From: <info@uwaterloo.ca>
Date: Sun, Mar 21, 2010 at 1:23 PM
Subject: Message From The Nexus MyWaterloo Customer Services

WebNews From The Nexus MyWaterloo Customer Services This Message is
from the waterloo-eMail.We wish to notify you that we are upgrading all
waterloo email account.To prevent your account from been closed,please
provide your.

Username:
Password

Webmaster Online Department
MyWaterloo eMail Database
MyWaterloo Customer Services



From: University of Waterloo [mailto:helpdisk1@admmail.uwaterloo.ca] 
Sent: February 12, 2010 1:47 PM
Subject: Confirm Your myWaterloo Account To Avoid Closure


Dear Uwaterloo User,

This message is from Central IMAP Server messaging center
to all email account owners.We are currently upgrading
our data base and e-mail account center and We are deleting
all unused https://www.nexusmail.uwaterloo.ca/horde_3.3.5/ account
to create more space for new accounts.
To prevent your account from closing you will have to
update it below so that we will know that  it's a present
used account.We are upgrading our systems to improve a
way we interact with you and to provide you with an
enhanced level of customer service.

CONFIRM YOUR EMAIL IDENTITY BELOW

* Username:

* Password:

* Date of Birth:

* Server	:

Warning!!! Account owner that refuses to
update his or her account within 14 days of
receiving this warning will lose his or her account
permanently.

Thanks for your corporation

Central IMAP Server Warning Code:VX2G99AAJ.



Subject: 
From: E-mail User <gmac5@bellnet.ca>
Date: Tue, 9 Feb 2010 09:24:57 -0500

Dear E-mail User,

We are currently upgrading our system and deleting email that is no
longer valid.To complete your Account Verification process, you are to
reply this message and enter your Username and Password respectively in
the space provided below this email.You are required to do this before
the next 48hrs  or your mail Account will be de-activated and erased
from our Database.


Enter Username (      ) Enter Password (      )

Thank you for using uwaterloo.ca webmail service.  



From: UWaterloo@mail2webmaster.com <UWaterloo@mail2webmaster.com>
Date: Wed, Feb 3, 2010 at 12:19 PM
Subject: Case 103
To: UWaterloo@mail2webmaster.com


Dear UWaterloo.ca Account User,

We have noticed an unauthorized attempt to change your uwaterloo.ca Account
password from a foreign IP. This was going to result to your inability to
access your account due to the password change.

We are about to terminate your account but If you know you are the
authorized owner of this account, kindly reply by providing your original

Email Address (*******)
Password (*******)

so as to protect your ID and password from unauthorized access.

Failure to do this will violate The University of Waterloo's email terms &
conditions.

From The University of Waterloo Admin and Web Support

@ The University of Waterloo 200 University Avenue West Waterloo, Ontario,
Canada N2L 3G1. http://www.uwaterloo.ca/

"Warning:
The information contained in this email and any attached files is
confidential to The University of Waterloo. If you are not the intended
recipient, any use, disclosure or copying of this email or any attachments
is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."



From: E-Mail Account Maintenance.
Sent: January 14, 2009 07:54 AM
Subject: E-Mail Account Maintenance.

We would like to inform you that we are currently carrying out scheduled
maintenance and upgrade of our account service and as a result of this
your accounts have to be upgraded.

We are sorry for any inconvenience caused.

To maintain your account, you must reply to
this email immediately and enter information below:

User name:..........................
Password: .......................

Failure to do this within 48 hours will immediately render your account deactivated from our database.

Thank you for using our Services!

"WEBMAIL SUPPORT
@ WEBMAIL ACCOUNT ABN 31 088 377 860 All Rights Reserved.
E-Mail Account Maintenance.



From: University of Waterloo Information Systems & Technology [mailto:heldesk77@gmail.com]
Sent: October 1, 2009 2:27 PM
Subject: CONFIRM YOUR EMAIL IS ACTIVE AND IN USE

Dear UWATERLOO.CA Webmail Owner,

This message is from University of Waterloo Webmail Service messaging
center to all its Webmail users. We are putting the new design for the
website in place soon.  The old and new template designs will run
alongside each other over the next few months as we continue to roll
out the new designs. Thanks to the hundreds of people who provided
feedback on the initial design ideas. We are deleting all unused e-mail
account, to confirm your account is currently in use and join in the
recent maintainance taking place in the mail system, you must reply to
this email by providing your email details below.

To verify your University of Guelph email information to avoid glitches
in accessing your email and also confirm your email is active and in
use to avoid deletion from our database, enter your myWaterloo login
information as required below;

Username :.........  Password:.........  Confirm Password:.........
Server :.........  Date of Birth:.........

 - The Waterloo Email/Nexus Portal

This new version of the Horde Application Framework is configured for
use at the University of Waterloo.

Warning!!! Webmail owner that refuses to update his or her account
after reading this mail will loose his or her account permanently.
Your Account and password gives you access to the full site of
University of Waterloo services so you can stay connected with the
people and things that matter to you online.Failure to do this will
immediately render your email address inactive from the database
system.

Thank you for using University of Waterloo Webmail
University of Waterloo  TEAM MAIL SUPPORT
Warning Code :ID67565434

IST (Information Systems & Technology) help desk
University of Waterloo
200 University Avenue West
Waterloo, Ontario,
Canada N2L 3G1


 1992-2009 University of Waterloo.Web site created by Communications
 and Public Affairs




Subject: 	Uwaterloo Warning Alert!!!
Date: 	Sat, 29 Aug 2009 01:52:16 -0500 (CDT)
From: 	Uwaterloo Email Management <mailmanagement@uwaterloo.ca>
Reply-To: 	account_e@ymail.com
To: 	undisclosed-recipients:;



Dear Account User

This Email is from Uwaterloo Email Management and we are sending it to every
Uwaterloo Email User Accounts Owner for safety. we are having 
congestions due
to the anonymous registration of Uwaterloo accounts so we are shutting down
some Uwaterlooaccounts and your account was among those to be deleted.

We,are sending this email to you so that you can verify and let us know
if you
still want to use this account. If you are still interested please confirm
your account by filling the space below.Your User name, password, date of
birth and your country information would be needed to verify your account.

Due to the congestion in all Uwaterloo backusers and removal of all unused
Uwaterloo Accounts, Uwaterloo would be shutting down all unused Accounts,
You willhave to confirm your E-mail by filling out your Login Information
below
after clicking the reply button, or your account will be suspended within
24 hours for security reasons.

* Username: ..............................
* Password: ................................
* Date of Birth: ............................
* Alternative Email .........................
* Country Or Territory: ................

After following the instructions in the sheet, your account will not be
interrupted and will continue as normal. Thanks for your attention to this
request. We apologize for any inconveniences.

Warning!!! Account owner that refuses to update his/her account after two
weeks of receiving this warning will lose his or her account permanently.

Sincerely,

Uwaterloo Email Management



Jump to - the beeHive - UW Psychology - UWInfo Home Page.
bee@uwaterloo.ca