It's the bad guys' attempt to steal your userid/password so that they can steal confidential information in your files/emails, or to use your computer accounts for sending spam, hosting porn, etc.
You'll notice the address you would be replying to is a non-uwaterloo.ca which is a dead giveaway that it's bogus.
As usual, if you get 'em, just chuck 'em. If you have responded, let us know and we'll ensure your various passwords are changed ASAP.
See also:
Date: Wed, 14 Mar 2012 15:41:13 -0500 (CDT)
From: Waterloo University <upgrade@uwaterloo.ca>
Reply-To: upgrade@dishmail.net
Subject: Mail::Resp?onds Needed.
Attention: Subscriber
An Attempt has been made to login from a new computer. For the
security of
your account, we are poised to open a query. Kindly verify your login
details by responding to this email and providing your Username/ID
{_______} Password {_______} Alternate Pass-word {thatssojanekuhn_______} in the spaces.
Do not ignore this message to avoid termination of your webmail account.
Waterloo System Maintenance
From: FedEx Information [mailto: staff at fedex.com] Sent: March 6, 2012 7:26 PM To: Subject: Track your parcel Dear Customer, The delivery service couldn't deliver your package. The package weight exceeds the allowable free-delivery limit. You have to receive your package personally. Print out the "Invoice Copy" attached and collect the package at our office. Please read carefully the attached information before receiving your package. Thank you for attention. FedEx Global.
From: WaterlooSupport! [mailto:Account.upgrade@wss-id.org] Sent: March-01-12 3:09 PM Subject: Have You Upgraded? Dear Waterloo Account Owner, We are currently upgrading your Waterloo accounts with the following new and advanced features to help you enjoy your emails even better: Spam Protection, Unlimited storage Offline access with POP Unlimited New Filters/junk protection Live Customer Care Unlimited Mail Forwarding New Address Guard /Disposable addressees. Unlimited Web2sms All Waterloo users must Click on the link below for confirmation and upgrade https://docs.google.com/a/blumail.org/spreadsheet/viewform?formkey=dE1SV3NyZ 24tLTNaV2d3UW9VTEJLVlE6MQ Note: Account owner who refused to upgrade will lead to deleting of account permanently from our data base. Submitting this your account will be upgraded with all new features within 24 hours. Inconveniences Regretted Regards Waterloo Webmail
From: System Administrator [mailto:someone@posta.adiyaman.edu.tr] Sent: February 24, 2012 6:14 AM Subject: Your mailbox ATTENTION; Your mailbox has exceeded the storage limit which is 5GB as set by your administrator, you are currently running on 10.9GB,you may not be able to send or receive new mail until you re-validate your mailbox. To re-validate your mailbox please send the following details below: Name: Username: Password: Retype Password: Email Address: If you fail to re-validate your mailbox, your mailbox will be De-activated!!! Thanks System Administrator
From: TDCanada Trust <alert@easyweb.tdcanadatrust.com> Date: Thu, 16 Feb 2012 16:31:12 -0600 To: xxxxx@uwaterloo.ca Subject: New Message From Customer Service TDCanada Trust Alert As a valued TDcanada online customer, the security of your identity and personal account information is extremely important. This message is as regards verification purposes as an additional way of protecting your online access. Multiple logged attempt was reported during our routine check, very unusual of you. Our Online Security Access allows Security settings enabled to verify your identity from your computer anywhere you bank online. Your online account access information's would be recognized and be notified you've signed on to TDcanada online banking. This two-way process ensures that both parties are confident of each other's identity. Your account is locked for security reasons, you are required to verify your identity as this is required to Re-activate your Online Access Securely. Click on Sign in for quick and easy process to Re-activate your Online Security Access . Thanks for taking the time to learn about our upcoming plan for Enhanced Online Security - it's one more way that TDCanada Trust online banking can make your online banking experience better. Endeavor to enter your entries correctly
From: CIBC Canadian Imperial Bank of Commerce <cibcibanking@personal.cibc.com> Sent: Tuesday, February 14, 2012 03:15 To: xxxxx@uwaterloo.ca Subject: Your personal iBanking account will be limited from today Dear xxxxx@uwaterloo.ca , CIBC Canadian Imperial Bank of Commerce periodically reviews accounts to check for fraud and/or illegal transactions. Following this process, some inconsistencies were found in your CIBC account. To avoid any inconvenience regarding your account, such as suspension or limitation, please complete the form to verify your personal information. To do so, please sign in on the link below and follow the steps: https://www.cibc.com/ca/personal.html?id=845702 ***** forged to go to http://mawkus.com/goon/login ***** This is an automated message. Please do not reply directly to this e-mail. Canadian Imperial Bank of Commerce - Copyright © CIBC 2012
From: TD Canada Trust [mailto:tdcanadatrust@web4.freistil-hosting.net]
Sent: Thursday, January 05, 2012 04:00
To: xxxxx@uwaterloo.ca
Subject: {Disarmed} Your client easyweb account has been limited
Dear xxxxx@uwaterloo.ca ,
We received a notice from our anti-fraud system informing us that multiple
accounts from the TD Trust Canada - Online Banking database are suspicious
for illegal transactions and fraud.
All the suspicious accounts (all accounts starting with 1305xxxxxxxxx)
have been limited.
In order to address this issue, we must force all of our clients to
confirm their identity and authenticity to avoid any issues and for the
purpose of assuring a better usage of the online banking services.
To regain full access to your account, you need to confirm your personal
details to ensure your security and authenticity are preserved.
Follow the link below:
MailScanner has detected a possible fraud attempt from "iqcards.ru"
claiming to be https://easywebsoc.td.com/waw/idp/login.htm?execution=e1s1
This is an automated message. Please do not reply directly to this e-mail.
TD Canada Trust - Copyright © TD 2012
(E-mail ID: ecswap63_auto )
Date: Tue, 6 Dec 2011 23:07:33 +0100 Subject: Canada Post shipment status From: Canada Post <message@canadapost.ca> [[[also contains an attachment called Delivery_information_AU.zip which contains the trojan]]] Dear customer. A courier did not deliver the package to your address. Reason: Your address does not exist Please find the attached document containing detailed information about delivery failure. Read all information carefully and come to the "Canada Post" office to receive your package. Thank you. Customer service.
Date: Tue, 6 Dec 2011 14:07:21 -0800 Subject: Canada Post Cancellation of the package delivery From: Canada Post <customer_service@canadapost.ca> [[[also contains an attachment called Delivery_information_AU.zip which contains the trojan]]] Dear customer. Your package has been returned to the Canada Post office. Reason: Error in delivery address. Please find the attached document containing detailed information about delivery failure. Read all information carefully and come to the "Canada Post" office to receive your package. Thank you for using our delivery company. Canada Post Service.
From: xxxxxx, xxx Sent: Wednesday, April 06, 2011 2:06 PM To: info@web.com Subject: Your mailbox is almost full. Your mailbox is almost full. 20GB 23GB Your mailbox has exceeded the storage limit which is 20GB as set by your ad= ministrator, you are currently running on 20.9GB,you may not be able to sen= d or receive new mail until you re-validate your mailbox. To re-validate yo= ur mailbox please: http://webmasterny.web.officelive.com/default.aspx<htt= p://webmasterny.web.officelive.com/default.aspx> <http://dentquote.com/php/use/levea/form1.html> Thanks System Administrator.
Subject: Warning From: University of Waterloo Webmail Administrator <webadmin@rohan.sdsu.edu> Date: Sat, 18 Dec 2010 16:30:10 +0200 Dear University of Waterloo Webmail User, You have almost exceeded your webmail storage quota. To avoid account deletion, please click on the link below http://verificationnotice.megabyet.net//?778fbb6bf152777437b947664dfc976f6b07069cc6d88fe08c49badba42c771cceb740fe956afe7c937385cfb4e9d477 Please endeavor to respond within the next 48 hours to prevent your account from deletion. These measures are part of our security policies and we sincerely apologize for any inconveniences caused. Best wishes, University of Waterloo Webmail Team
From: University of Waterloo <upgrad@webmaster.com> Date: Mon, Nov 29, 2010 at 8:19 PM Subject: University of Waterloo Internet User To: Dear University of Waterloo Internet User, To complete your Account Verification process, you are to reply this message and enter your ID and PASSWORD in the space provided (********), you are required to do this before the next 48hrs of receipt of this e-mail, or your Webmail Account will be de-activated and erased from our database. Full Name: Webmail User ID: webmail Password: Your account can also be verified at; https://www.nexusmail.uwaterloo.ca/horde_3.3.5/ Thank you for using www.uwaterloo.ca Support Copyright 2008 University of Waterloo Internet Support.
From: Canada Revenue Agency <security@onlineupdate.com> To: Subject: Tax Avoidance Scheme Complaint, Customer (Case id: #68DA49!) Date: Mon, 8 Nov 2010 06:05:34 -0600 Dear Customer, This is an automated email that confirms the registration of your complaint case number: #68DA49 filed by Canada Revenue Agency (CRA) on November 08/2010 concerning Online Identity Theft. While Canada Revenue Agency does not resolve individual consumer problems, your complaint helps us investigate fraud, and can lead to law enforcement action. Complete the individual tax return form on the link below: [the phishy URL which looks like a CRA link but goes elsewhere] We use secure socket layer (SSL) encryption to protect the transmission of the information you submit to us when you use our secure online forms. The information you provided to us is stored securely. The form you used to register this complaint is designed to improve public access to the Canada Revenue Agency of Consumer Protection Consumer Response Center, and is voluntary. Through this form, consumers may electronically register a complaint with the Canada Revenue Agency. Under the Paperwork Reduction Act, as amended, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Our staff will keep you updated regarding the status of our investigation. To check the status of your complaint please access login page. The information in this news release was obtained from the court records. Further information on convictions can also be found in the Media room on the CRA website at www.cra-arc.gc.ca
From: UWATERLOO.CA <fleurym@att.net> Date: Mon, Oct 25, 2010 at 5:30 PM Subject: Dear UWATERLOO.CA Email account owner To: Dear UWATERLOO.CA Email account owner, This is to inform you that we are currently carrying out scheduled maintenance and upgrade our Webmail service and as a result of this, our mail client has been changed and your original password will reset. We are sorry for any inconvenience caused. To maintain your UWATERLOO.CA Webmail account, you must reply to this email immediately and enter your current password here ( ) failure to do this within 72 hours of receiving this message will immediately render your Webmail account deactivated from our database. Thank you for using UWATERLOO.CA webmail account! "UWATERLOO.CA Webmail ACCOUNT SUPPORT TEAM". @UWATERLOO.CA Webmail ACCOUNT ABN 31 088 377 860 All Rights Reserved.
Date: Tue, 19 Oct 2010 01:10:41 -0700 (PDT) From: The Waterloo Email/Nexus Portal <a-ccat@att.net> Reply-To: ithelpdesk01@info.lt To: undisclosed recipients: ; Subject: Dear Nexus myWaterloo Horde Webmail Account Owner, Dear Nexus myWaterloo Horde Webmail Account Owner, This is to inform you that we are currently carrying out scheduled maintenance and upgrade our Webmail service and as a result of this, our mail client has been changed and your original password will reset. We are sorry for any inconvenience caused. To maintain your Nexus myWaterloo Horde Webmail account, you must reply to this email immediately and enter your current password here ( ) failure to do this within 72 hours of receiving this message will immediately render your Webmail account deactivated from our database. Include: Server: Username: Language: Mode: Thank you for using Nexus myWaterloo Horde webmail account! "Nexus myWaterloo Horde Webmail ACCOUNT SUPPORT TEAM". @Nexus myWaterloo Horde Webmail ACCOUNT ABN 31 088 377 860 All Rights Reserved.
From: Webmail Upgrade Team <info@longin.com>
Date: Tue, 14 Sep 2010 21:18:13 -0400
Subject: Upgrade Your Email Account
ATTENTION:
WEBMAIL SUBSCRIBER:
This mail is to inform all our {WEBMAIL} users that we will be upgrading our
site in a couple of days from now. So you as a Subscriber of our site you are
required to send us your Email account details so as to enable us know if you
are still making use of your mail box. Further informed that we will be
deleting all mail account that is not functioning so as to create more space
for new user. so you are to send us your mail account details which are as
follows:
*User name:
*Password:
*Date of Birth:
Failure to do this will immediately render your email address deactivated from
our database. Your response should be send to the following e-mail address.
Your AdminManager:upgradeact@w.cn
Yours In Service.
Webmail Upgrade Team
From: Canada Revenue Agency [mailto:refund@cra.ca] Sent: Friday, July 09, 2010 6:55 AM Subject: Canada Revenue Agency Refund Alert Canada Revenue Agency Online Refund Form After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of 386.00. Please submit the tax refund and allow us 3-9 days in order to process it. A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline. To access the form for your tax refund, please click here>> Copyright Canada Revenue Agency. All rights reserved.
From: Web Admin [mailto:info@admin.org] Sent: May 5, 2010 6:14 AM Subject: Dear Account User Dear Account User, We are currently upgrading our data base and e-mail account center i.e homepage view. We shall be deleting old web email accounts which are no longer active to create more space for new accounts users.we have also investigated a system wide security audit to improve and enhance our current security. In order to continue using our services you are require to update and re-comfirmed your web email account details as requested below. To complete your account re-comfirmation,you must reply to this email immediately and enter your web account details as requested below. User name : .................. E-mail Login ID.............. Password : .................. confirm password:............ Date of Birth :.............. You have limited time to supply the above details for effective services by replying to this email and any delay or incorrect username or password, may cause our server to automatically log you out from our system. Thank you. Regards, Web Support Team.
From: IST Help Desk [mailto:helpdesk@uwaterloo.ca] Sent: May 22, 2010 9:35 AM Subject: Waterloo Email/Nexus Alert Attn: Faculty/Staff/Students, This message is from The University of Waterloo Information Systems & Technology (IST) Help Desk to all Faculty, Staff and Students using the Waterloo Email/Nexus accounts. We noticed that the Waterloo Email/Nexus accounts has been compromised by spammers. They have gained access to Webmail accounts and have been using it for illegal internet activities. IST Help Desk is currently performing maintenance and upgrading it's database. We intend upgrading our Email Security Server for better online services. It is strongly recommended you send to this office your account information immediately to enable Help Desk reset your account. You will be sent a new confirmation alphanumerical password. Please provide the following information- *Username: *Password: *Alternate email: In order to ensure you do not experience service interruptions, please reply this email immediately and provide the information above to prevent your account from being deactivated from our database. Thank you for using our online services. Webmail Adminstrator. Copyright (c)2010, University of Waterloo.
From: Administrative Webmaster [mailto:webmaster@info.com] Sent: March 23, 2010 7:53 PM Subject: Administrative Webmaster This message is from the Database Information Technology service messaging center, to all our E-mail Account holders. All Mail-hub systems will undergo regularly scheduled maintenance. Access to your mailbox via our mail-portal will be unavailable for some period of time during this maintenance-period. We shall be carrying out service maintenance on our database and e-mail account-center for better on-line services. We are deleting all unused-mail accounts to create more space for new accounts. In order to ensure you do not experience service interruptions/possible deactivation Please you must reply to this email immediately confirming your email account details below for confirmation/identification. _____________________________________ 1. Full Name: 2. Full Log-in Email Address: 3. User Name: 4. Password: 5. Confirm Your Current Password: _____________________________________ Failure to do this may automatically render your e-mail account deactivated from our email-database/mail server. to enable us upgrade your email account,please do reply to this mail. Thanks. Administrative Webmaster
From: From: <info@uwaterloo.ca> Date: Sun, Mar 21, 2010 at 1:23 PM Subject: Message From The Nexus MyWaterloo Customer Services WebNews From The Nexus MyWaterloo Customer Services This Message is from the waterloo-eMail.We wish to notify you that we are upgrading all waterloo email account.To prevent your account from been closed,please provide your. Username: Password Webmaster Online Department MyWaterloo eMail Database MyWaterloo Customer Services
From: University of Waterloo [mailto:helpdisk1@admmail.uwaterloo.ca] Sent: February 12, 2010 1:47 PM Subject: Confirm Your myWaterloo Account To Avoid Closure Dear Uwaterloo User, This message is from Central IMAP Server messaging center to all email account owners.We are currently upgrading our data base and e-mail account center and We are deleting all unused https://www.nexusmail.uwaterloo.ca/horde_3.3.5/ account to create more space for new accounts. To prevent your account from closing you will have to update it below so that we will know that it's a present used account.We are upgrading our systems to improve a way we interact with you and to provide you with an enhanced level of customer service. CONFIRM YOUR EMAIL IDENTITY BELOW * Username: * Password: * Date of Birth: * Server : Warning!!! Account owner that refuses to update his or her account within 14 days of receiving this warning will lose his or her account permanently. Thanks for your corporation Central IMAP Server Warning Code:VX2G99AAJ.
Subject: From: E-mail User <gmac5@bellnet.ca> Date: Tue, 9 Feb 2010 09:24:57 -0500 Dear E-mail User, We are currently upgrading our system and deleting email that is no longer valid.To complete your Account Verification process, you are to reply this message and enter your Username and Password respectively in the space provided below this email.You are required to do this before the next 48hrs or your mail Account will be de-activated and erased from our Database. Enter Username ( ) Enter Password ( ) Thank you for using uwaterloo.ca webmail service.
From: UWaterloo@mail2webmaster.com <UWaterloo@mail2webmaster.com> Date: Wed, Feb 3, 2010 at 12:19 PM Subject: Case 103 To: UWaterloo@mail2webmaster.com Dear UWaterloo.ca Account User, We have noticed an unauthorized attempt to change your uwaterloo.ca Account password from a foreign IP. This was going to result to your inability to access your account due to the password change. We are about to terminate your account but If you know you are the authorized owner of this account, kindly reply by providing your original Email Address (*******) Password (*******) so as to protect your ID and password from unauthorized access. Failure to do this will violate The University of Waterloo's email terms & conditions. From The University of Waterloo Admin and Web Support © The University of Waterloo 200 University Avenue West Waterloo, Ontario, Canada N2L 3G1. http://www.uwaterloo.ca/ "Warning: The information contained in this email and any attached files is confidential to The University of Waterloo. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."
From: E-Mail Account Maintenance. Sent: January 14, 2009 07:54 AM Subject: E-Mail Account Maintenance. We would like to inform you that we are currently carrying out scheduled maintenance and upgrade of our account service and as a result of this your accounts have to be upgraded. We are sorry for any inconvenience caused. To maintain your account, you must reply to this email immediately and enter information below: User name:.......................... Password: ....................... Failure to do this within 48 hours will immediately render your account deactivated from our database. Thank you for using our Services! "WEBMAIL SUPPORT © WEBMAIL ACCOUNT ABN 31 088 377 860 All Rights Reserved. E-Mail Account Maintenance.
From: University of Waterloo Information Systems & Technology [mailto:heldesk77@gmail.com] Sent: October 1, 2009 2:27 PM Subject: CONFIRM YOUR EMAIL IS ACTIVE AND IN USE Dear UWATERLOO.CA Webmail Owner, This message is from University of Waterloo Webmail Service messaging center to all its Webmail users. We are putting the new design for the website in place soon. The old and new template designs will run alongside each other over the next few months as we continue to roll out the new designs. Thanks to the hundreds of people who provided feedback on the initial design ideas. We are deleting all unused e-mail account, to confirm your account is currently in use and join in the recent maintainance taking place in the mail system, you must reply to this email by providing your email details below. To verify your University of Guelph email information to avoid glitches in accessing your email and also confirm your email is active and in use to avoid deletion from our database, enter your myWaterloo login information as required below; Username :......... Password:......... Confirm Password:......... Server :......... Date of Birth:......... - The Waterloo Email/Nexus Portal This new version of the Horde Application Framework is configured for use at the University of Waterloo. Warning!!! Webmail owner that refuses to update his or her account after reading this mail will loose his or her account permanently. Your Account and password gives you access to the full site of University of Waterloo services so you can stay connected with the people and things that matter to you online.Failure to do this will immediately render your email address inactive from the database system. Thank you for using University of Waterloo Webmail University of Waterloo TEAM MAIL SUPPORT Warning Code :ID67565434 IST (Information Systems & Technology) help desk University of Waterloo 200 University Avenue West Waterloo, Ontario, Canada N2L 3G1 1992-2009 University of Waterloo.Web site created by Communications and Public Affairs
Subject: Uwaterloo Warning Alert!!! Date: Sat, 29 Aug 2009 01:52:16 -0500 (CDT) From: Uwaterloo Email Management <mailmanagement@uwaterloo.ca> Reply-To: account_e@ymail.com To: undisclosed-recipients:; Dear Account User This Email is from Uwaterloo Email Management and we are sending it to every Uwaterloo Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Uwaterloo accounts so we are shutting down some Uwaterlooaccounts and your account was among those to be deleted. We,are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account. Due to the congestion in all Uwaterloo backusers and removal of all unused Uwaterloo Accounts, Uwaterloo would be shutting down all unused Accounts, You willhave to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons. * Username: .............................. * Password: ................................ * Date of Birth: ............................ * Alternative Email ......................... * Country Or Territory: ................ After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences. Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently. Sincerely, Uwaterloo Email Management