Phishing attacks always a threat; When in doubt, just ask us.

A client of ours sent this over to me today asking if it was legitimate or not.  We get questions like this quite often, and we always tell folks to reach out to us in moments of doubt, rather than doing something potentially harmful.  We’re always, always glad you asked.  Here’s what was sent over this morning. 

Look below for the rest of the post.

—–Original Message—–

From: C Web Mail Team [mailto:webmailteam@webname.com]

Sent: Tuesday, April 13, 2010 8:00 AM

Subject: Attn: webmail Owner

Attn: webmail Owner

We just confirmed that you have not upgrade to the new web-mail version. That is why we are sending

you this massage to upgrade your account now. This is because we are preventing your web-mail from

closure. And also we have notice that your mail have been used for send spam mail to other mail.

To prevent your account from this you will have to send a verification massage so that we will

confirm from our computer system that you are the rightfully owner of this mail and also to upgrade

your account to the version. To upgrade your account you have to send us the following information

so that we can upgrade as soon as possible.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email User name : ……….

EMAIL Password : ………..

Date of Birth :………….

Last login:……………..

Warning!!! if you refuse to send this information to us within (1) weeks of receiving this warning you will

lose your account. Warning Code: PX2G99AAJ

Thank you for using webmail

………………………………………………..

NOTE: This message is authorize by the webmail Project email account protector unit.Notification message will be send back to you after verifying your account before account could be reset.

C All right reserve.

This is a common occurrence, and a nasty potential threat so let’s look at how this played out.  Someone – let’s call them Janice – receives an email asking her to click on a link, submit personal information, reply with answers to questions and so on, all in the name of making sure something bad doesn’t happen to her.  Things like the protection of her bank account, the continuity of her webmail access, a shinny opportunity like free tickets or an iPod and so on.  The request is presented in ambiguous enough a manner as to keep Janice from dismissing it out of hand.  If it was something more cartoonish like a Viagra solicitation or an invitation to a gambling web site, Janice might have been able to click ‘delete’ and move on.

In this case, Janice is left to wonder – should she or shouldn’t she.  Should she send her birthday, password and username to the system administrator or not?  What if her webmail access was turned off?  How would she re-activate it?

We hope that Janice and everyone else will consider a third option – ask for help.  We can quickly answer the question for you.  Avoid, avoid avoid complying with requests like this, no matter now legitimate it might look.  Just ask us.  We can help you stay out of hot water.