Recent phishing/scam email examples

By Catherine Haug, updated  Oct 2017  – see Example 3, below (originally published Jan 15, 2017)

In the last week I’ve gotten several phishing/scam emails, so I thought I’d share them with you to help you know how to recognize them.

Phishing is fishing for private information such as usernames, passwords and credit card accounts. Wikipedia (1) defines it as:

“the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”

A scam is “fraudulent scheme performed by a dishonest individual, group, or company in an attempt obtain money or something else of value” according to the Business Dictionary (2).

The examples below appear to be from the trusted businesses: FedEx, USPS, and Earthlink. But if you look at the sender’s email address or other clues (see example 3 for example with several other clues), you can tell the sender is pretending, in an attempt to gain your trust and get your information.

Example 1 (screen capture below):

It wants me to click on the View messages button, but I’m suspicious, so If Iclick on the apparent sender (highlighted in blue), I get:

“crickn827 (at) amega (dot) com”.

If it were truly from FedEx, the text after the @ would indicate: (at) fedex (dot) com (email addresses disguised for security). I put this email in my junk folder so I could shred it.

Example 2 (screen-capture below):

It wants me to open the attached zip file (below the email’s text), but I’m suspicious, so If Iclick on the apparent sender (“USPS Ground”) and the “Reply To” fields, I get after the @:

“(at) leonardoarroyo (dot) com.”

If it were really from USPS, the part after the @ would be “@ usps (dot) com” (email addresses disguised for security). Like the previous example, I put this email in my junk folder so I could shred it.

(ignore the “change size of message area” message superimposed over the email screen cap by my computer).

Example 3, added Oct 2017 (screen-capture below):

This phishing example claims to be from my email provider, Earthlink (but similar examples are likely happening for other email providers). It is phishing for my billing information (credit card, etc.).
Here’s how I determined this is fraudulent:

First, I looked at the sender’s email address by clicking on the sender name  (Note: I added a space before the dot, to disguise it for security).

“support@earthlink .net”

 It appears to be valid, but I didn’t stop there.

Second, I studied the provided link (highlighted in blue). To do this, I hovered my mouse over the link it wants me to click (being careful not to click it); that link does not look valid to me, even though it contains ‘earthlink.’ That link reads (note, I put a space between the ‘dot’ and ‘com’ so my copy won’t work by accident):

“http:ppcassistants. com/wp-admin/earthlink/“

There are at least 2 clues here that it is fraudulent. The most glaring is the ‘http.’ Any valid business wanting your billing information will use a secure link indicated by ‘https’. It is also missing the ‘//’ after the “http:” The second clue is that the sender is ppcassistants’ not earthlink. Yes, earthlink might have hired an outside company to do this for them, but I don’t believe they would do that.

Third, I studied the writer’s text. I believe this was written by someone who doesn’t speak English as a first language, because they typed: “PROVIDE BILLING INFORMATIONS .” Correct wording would be “PROVIDE BILLING INFORMATION.” (‘information’ should not be plural).

Fourth,  while studying the text, I note they tell me to disregard this if I access my account from Nigeria. That means they are from Nigeria, one of the countries from which most phishing originates.

Lastly, I forwarded it to their fraud department (I looked-up that address online). alternately, I could contact earthlink’s support, to find out if this is valid. I opted not to do that because I’m certain this is fraudulent. If you have a different email provider and get a suspicious email, contact them regarding how to report fraud.


  1. Wikipedia on phishing:
  2. Business Dictionary on ‘scam’:

Comments are closed.