Is it a scam?
CourseVector’s team of security experts receives scam emails almost daily. We know it is becoming more difficult to tell the difference between scams and legitimate email requests. If you are in doubt about any email that you receive, forward it to firstname.lastname@example.org and one of our technicians would be more than happy to provide you with comments and recommendations. This is free to all CourseVector and PA State Association of Boroughs accounts.
We want to help you become savvy to what is a scam and what is a legitimate email. Below, you will find examples that we or our clients received.
Hosting Renewal Scam
We cannot express enough how important it is to KNOW YOUR VENDORS! One of our hosting clients received a notice via USPS that they needed to renew their hosting with Sunshine Biz Services, Inc. We host this client’s site, not Sunshine Biz Services.
The wording states “We would like you to renew your web hosting with Sunshine Biz Services.” “Hosting your website with us will ensure your website remains active, that you retain exclusive rights to it on the Web, and now is the time to transfer your web hosting from your current provider to Sunshine Biz Services. Failure to renew your web hosting by the expiration date may result in website outages and a loss of your online identity making it difficult for your customers to reach you on the Web.”
Even thought it looks like a bill, look closely at the highlighted area that states “THIS IS A SOLICITATION”.
Your Training Expires Soon
Scammers are spoofing a noted security awareness company. They send emails explaining that your security awareness training expires soon. Rather than linking to current training, the email links take users to a phishing website to steal their Microsoft Outlook or other credentials. KnowBe4, the spoofed company, posted about the scam on their blog. This scam “should serve as a reminder that no online company or brand is immune or impervious to being spoofed as part of a malicious email campaign. Online brands, sites, and services are all vulnerable to such attacks, and your users should be completely aware of this phenomenon.”
If you use KnowBe4 for security awareness training, do not click on email links. Rather, navigate to their website directly from their URL typed into a browser.
We found your parcel
Scammers have been sending emails and text messages claiming to have found a parcel from a month or more ago. The link in the message takes you to a site to steal money, your identity, or both.
If you are missing a package, please do not reply to or click on links within these messages. Instead, reach out to the seller or the service the seller used to ship the item. It is also important to remember that most of the big-name shippers (like UPS) do not require personal information to receive packages.
Windows Defender Updates
Windows users beware. Windows Defender does not require any paid update or renewals. If you see a message like the one below, it is a scam.
Thanks for Auto Renewal
This is your receipt – make sure to print or save a copy for your records.
Prerequisite: You are receiving this notice because you enrolled in Windows Automaticrenewal service, and your subscription has been auto-renewed automatically. However,if you don’t want to proceed with the service and want a refund please contact our billinghelpline number [ 855- 700- 0591 ]
Product ID: US3456723
Product Name: Defender Firewall
Auto Renewal Amount: $499.00 USD (for one year)
TERMS & CONDITIONS: The payment is due. You are getting this notice because you registered with windows securities, and your subscripton has been Auto Renewed. However, if you don’t wish to proced with the service or want a refund of this amount, kindly contact our billing helpline number [855-700- 0591] Microsoft Support – 1861 Belmont St, Paris, TX 75460 USA
“Secure DNS” Scam
This “Secure DNS scam was more believable than most. The email claimed to come from WordPress itself, and said that DNS security features would soon be added for our domain. DNSSEC for the server names that your hosting provider looks after for you certainly sounds like a good idea, and it isn’t something you should do on your own. When you click through, you are asked to enter your usual WordPress password. Don’t! The scammers are trying to gain access to your website. More information about this scam can be found on the Naked Security Website
See the Naked Security article for more images related to this scam!
COVID-19 Phishing Scams
DocuSign Phishing Scam
Attackers are using the current COVID-19 worry to exploid unsuspecting victims. In this email, the scammer uses a very convincing Docusign facade, but the links in the document sends the user through a maze of links to a screen collecting the users DocuSign credentials and other sensitive information. More information about this scam can be found on the TechRepublic website.
RoundCube Email Scam
Here is an example of an email phishing scam. RoundCube is the webmail software CourseVector uses for client emails. One of our clients received this email, but it’s not from RoundCube. Note that the “from” email address is a Japanese domain. (You can tell from the .jp extension.) Also if you roll over the link, it goes to a German domain. (Notice the .de extension.) There are also grammatical errors. Do not reply to the email. Do not click on the link. Permanently delete the email from you computer and the server. If you are still unsure if there is an email issue, please email email@example.com instead. We’re happy to help.
Email Gift Card Scam
DO NOT BUY GIFT CARDS FOR SOMEONE IN RESPONSE TO AN EMAIL REQUEST! Here is a recent example of an email one of our clients received requesting gift cards.
“Please I’d like to ask you for a favor, i need to get a gift card but I can’t do this now because I’m not feeling well. I’ve got the flu and I tried purchasing online but unfortunately no luck with that. Can you get it from any store around you? I’ll pay back as soon as I get better.”
A more in-depth explanation of this scam can be found in our Email Gift Card Scam article.
Email Add Recovery Number
Another dangerous scam warns users that if they do not add a recover phone number to their account all of their data will be deleted. Many companies use two-factor authentication as an added layer of security. Legitimate companies will not threaten you with data deletion, though.
If you do decide to click through to add an account recovery number from the bogus email, it will take you to a fake login screen. They will then collect your credentials for use at a later date.
Manage Your Undelivered Email Scam
This Outlook scam sends an email claiming that you must decide what to do with undelivered mail. The subject line might be something to the effect of: “Notifications | undelivered emails to your inbox” and pretends to be a list of email being held on the server for you. You must click through and decide what to do with each message in the list. But, when you click a message, you are taken to a bogus login screen. Your credentials are saved by the scammer to be used at a later date.
With this scam, the fake login screen is hosted on the scammer’s server. The URL is obviously not a Microsoft URL.
For more information, or to see examples of this type of email, click through to the Bleeping Computer article.
Email Hacked Scam
There has been a sharp increase in the number of “your email has been hacked” scams circulating lately. These emails are a scam. No one has control of your email or computer. Should you receive one of these, delete it. Do not reply. Do not pay.
Domain Name Scams
Many domain name registrars send out notices, and bills, even though you do not have your domain name registered with them. Worse, they tend to charge more money, and, sometimes they can tie up your domain name to the point where you end up losing it or paying an extraordinary sum of money to get it back.
For most clients, your web site included a domain name and is included and paid for with your annual fee. If you get a domain name renewal notice or bill, please do not renew or pay without checking with contacting us. We will be happy to assist you in whatever way we can.
For the record, a domain name should only cost approximately $12. Normally, the companies that send out notices charge significantly more.
Following are examples of domain renewal notices that are not legitimate. We will be posting more as we can.
Notice that when you mouse-over the payment icon, the link does NOT go to GoDaddy, or even to PayPal.
Web Domain Listings
Domain Registry of America
No Company Identified
Email Sign Up Form
Scammers have started filling out request forms on legitimate websites with legitimate email addresses (yours). Because the website is legitimate and the email address is legitimate, these bogus requests are able to bypass spam filters.
If a confirmation email contains a link in the “from” field, it’s likely phishing. An example would be “Dear CourseVector [malicious link]”.
If you receive an email from a website that you did not sign up for – stay safe. Do NOT click on any links in the confirmation email. Instead, type in the website name yourself to verify its existence and then contact them and let them know that you didn’t fill out their form.
Amazon Email Scams
It is commonplace to see several emails in your inbox from Amazon. However, make sure that they are legitimate before clicking on them!
Amazon explains that fraudulent emails often contain:
- An order confirmation for an item you didn’t purchase or an attachment to an order confirmationNote: Go to Your Orders to see if there is an order that matches the details in the email. If it doesn’t match an order in Your Account, the message isn’t from Amazon.
- Requests for your Amazon.com username and/or password, or other personal information
- Requests to update payment informationNote: Go to Your Account and select Payment options. If you aren’t prompted to update your payment method on that screen, the message isn’t from Amazon.
- Links to websites that look like Amazon.com, but aren’t Amazon
- Attachments or prompts to install software on your computer
- Typos or grammatical errors
- Forged email addresses to make it look like the email is coming from Amazon.com
You can actually report spoofed Amazon phishing emails to Amazon!
Job Interview Scam
One place people may not expect to be scammed is during a job interview. However, it happens! Prospective employers are not going to ask you to download anything special for the interview process. If you are asked to download something during a job interview, don’t – especially if you are using a government or employer computer for the interview!
Receiving Files in a Word Document
As if it’s not difficult enough to tell the difference between a legitimate email and a phishing email, cyber criminals will often steal logos from real companies to make their scams look real. How do you keep yourself safe? Companies like Norton and TripAdvisor won’t send you videos or files via a Word Document. Most companies want you on their site or sent standard alert boxes. These types of message will not be sent in a Word Document. If you receive one, delete it immediately.
Team of IT Service Providers
One of our staff recently received an email similar to this. Notice that the grammar is pretty bad and the name of the company is too generic to be legitimate:
We are migrating all personnel email accounts to Staff Outlook 2018 desktop e-mail and as such, all active staff members must check and log in for the upgrade and migration to take effect now. This is done to improve security and efficiency due to recent spam received.
Please all staff CLICK HERE <link removed> Switch to Outlook Webmail 2018 for staff
Team of IT Service Providers,
Outlook Services for Staff and Internet Services
Email From Someone Familiar
Sometimes an email comes from someone familiar with an attachment. That doesn’t always mean it is safe. If you are ever concerned with a link from a familiar email address, you can do either or both of the following:
- Open it in a sandbox to make sure it does not contain a payload. If you are not able to do this, ask IT for help.
- Follow up with the sending firm (which WAS legit in this case) rather than clicking on anything in the Email.
Enabling macros through an application such as Microsoft Word can spread a virus. When you enable something like macros, it allows for the language of the application (in this case Microsoft Word) to reach out to the internet and install a virus. Keep these things in mind the next time you are prompted to enable macros on Microsoft Word or any application for that matter.
WordPress Database Upgrade Needed
Emails are being circulated telling customers that their WordPress installations need to be upgraded. As with many scam emails, there are many grammatical errors. The “Click here” box takes the user to a phishing page, asking for WordPress credentials.
Website Suspension Alert
We received this email from “cPanel” stating that our website was going to be shut down. Now, we know that our website is not going to be shut down because we host and control it. But, should you ever receive a message like this, here are some things to watch out for.
If we host your website, website suspension emails are going to come from CourseVector, not cPanel. But, if you see this and feel panicked, here are some things to look at. They make it seen pretty official with real screenshots of cPanel. However, this is not a screenshot of YOUR cPanel account! If you look closely, it’s a dummy account. Additionally the links are fishy. They do not go to a CourseVector website, which they should since we are the host. When in doubt, contact your website host before clicking on anything!
PayPal Account Access Suspended
One of our team members received this email, stating that he needed to provide all of his account details on their secure server. There are several ways to tell that this is a scam. The grammar and punctuation are horrible. Additionally, the “secure link” does not go to a PayPal website. But, if you’re in doubt, “To protect yourself, always log in to your PayPal account to confirm the information you received in an email. You can find all your transactions in your Activity page. For any cases such as buyer complaints or limitations, you can find them in the Resolution Center.” (PayPal)
Contact Us to Get Started
"Your passport to all things web."
To contact us after hours please use the panic button.
Fees may be incurred depending on reason for support.