view example message

► FROM: "invoice@amazon.co.uk <CV-51629081@disneystore.co.uk>" (05/10/2017)
► Subject: "Your recent payment confirmation receipt - OR/HD/-2147483648/LR"
------------------------------------

This email is mimicking an purchase receipt related Message from AMAZON (SEE IMAGE >>>) .

In the content of the message, it suggests that you have recently purchased an
"Amazon Prime One Year Plan".

At this point, alarm bells ring, as you think to yourself that I didn't purchase that.
The trick of the message comes to light when it then prompts you further down the message,
"If you didn't intend to continue to your Membership you can cancel and refund your Order on the Manage or Cancel Orders" DON'T !!!!!!!!!

A basic search uncovers that this message actually originates from an email account under an unknown name of "BAY004-MC4F20.hotmail.com", nothing to do with the suggested sender Amazon.
The contained link (Manage or Cancel Orders) actually connects to an unknown Australian based shopping website "http://www.surplusvalue.org.au", sole purpose to tunnel you to this retail website ("Forced Promotion").

Some basic telltale signs that this is a dodgy email:
1/ You are greeted by just your email address "Dear .....@hotmail.com " (widely available to the public and marketing companies).
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.
2/ By hovering your mouse over the fore mentioned link Manage or Cancel Orders in the email message, you will see the 'Actual' link address in the grey bar (status bar) at the bottom of your email screen.
3/ You might have several of these messages being sent to you.
But each time they are for a different product, OR,
the Subject varies slightly e.g. "Order Receipt No. 32658321".

BIG HINT! A General 'rule of thumb', Unless the message within the email greets you with your own personal name,
NOT "Dear Customer " for example,
THEN DON'T CLICK ANY LINKS ETC. * DELETE IT! *

 

view example message

► FROM: "Apple Support <appleid@appleid.apple.com>" (13/05/2017)
► Subject: "Your password is changed."
------------------------------------

This email is mimicking an User Account related Message from APPLE (SEE IMAGE >>>) .

In the content of the message, it suggests that you have recently changed your password.
It then asks you if this activity is unauthorized, and if so click the link. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an email account under an unknown name of "benj11@gator3004.hostgator.com", nothing to do with the suggested sender Apple.
The contained link actually connects to an unknown website "http://www.solomilan.com/wp-content/uploads/2014/07/world/", which almost certainly is a phising site designed to steal your identity details/Apple user information.

Some basic telltale signs that this is a dodgy email:
1/ You are greeted as "Dear Customer".
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.
2/ By hovering your mouse over the links at the bottom of the email (contact us, etc), you will see that they neither send you to any legitimate Apple website address.
3/ You might have several of these messages being sent to you.
But each time they are sent from a slight variation of the same account, OR,
the Subject varies slightly e.g. "Order Receipt No. 32658321".

BIG HINT! A General 'rule of thumb', Unless the message within the email greets you with your own personal name,
NOT "Dear Customer " for example,
THEN DON'T CLICK ANY LINKS ETC. * DELETE IT! *

 

view example message

► FROM: "btbusiness@bt.com <btbusiness@btconnect.info>" (10/05/2017)
► Subject: "New BT Online Bill"
------------------------------------

More visually conving than most! (understandably hard to tell the difference from the legimate version).
This email is mimicking an User Bill related message from BT (SEE IMAGE >>>) .

In the content of the message, it presents you with a supposed Online BT bill.
It then provides you a link to click on, to view your latest bill. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an unknown email account via France.
The contained link "See your bill here" actually connects to an unknown website "https://prmintacc-my.sharepoint.com/personal/estrella_intacc_com_au/_layouts/15/guestaccess.
aspx?docid=0f88072991f3444cba473223e7bb5b80d&authkey=AfKwa1xIfK89IbMkRxxauvM", which almost certainly is a phising site designed to steal your identity details/BT user information.

Important Note: This particularly message contains generic BT links to legitimate website pages!
This is just another way of attempting to fool users that this is a legitimate message.

Some basic telltale signs that this is a dodgy email:
1/ No formal greeting is displayed.
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.

 

view example message

► FROM: "iTunes Store <NOREPLY-1474@time.apple.com>" (10/05/2016)
► Subject: "Order Receipt No. 32658321"
------------------------------------

This email is mimicking a Purchase Confirmation related Message from ITunes - APPLE (SEE IMAGE >>>) .

In the content of the message, it suggests that you have recently purchased a product from iTunes (in this case a "TomTom Premum HD").
It then asks you if this activity is unauthorized, and if so click the link. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an email account under an unknown name of
"COL004-MC4F23.hotmail.com", and originates from the Oceana, New Zealand area.
The contained link actually connects to an unknown website "http://www.mangosky.com.au/id", which almost certainly is a phising site designed to steal your identity details/Apple user information.

Some basic telltale signs that this is a dodgy email:
1/ You are greeted by just your 'email address', which can be easily picked up via a public mailing list.
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.
2/ By hovering your mouse over the contained link, you will see that the URL address it tries to send you to, has nothing to do with Apple / iTunes. (WHEN HOVERING, LOOK IN THE GREY BAR AT THE BOTTOM OF YOUR SCREEN TO SEE THE LINK.)

BIG HINT! A General 'rule of thumb', Unless the message within the email greets you with your own personal name,
NOT "Dear Customer " for example,
THEN DON'T CLICK ANY LINKS ETC. * DELETE IT! *

 

view example message

► FROM: "E-Ticket <e-ticket@aa.com>" (21/04/2015)
► Subject: "E-Ticket 3190257"
------------------------------------

This email is mimicking a E-Ticket Receipt that you have supposably purchased (SEE IMAGE >>>) .

In the simple content of the message, it displays a confirmation of your booking and all the details.
You are then presented with a link to download your E-Ticket. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an email account under an unknown name of "benj11@gator3004.hostgator.com", nothing to do with the suggested sender American Airlines.
The contained link actually contacts an unknown website "http://ezi365.com/wp-content/ngg_styles/ngg_styles.php?E-Ticket 3190257.zip", which downloads to you a zip file almost certainly containing harmful software in form of malware/virus.

Some basic telltale signs that this is a dodgy email:
1/ No formal greeting is displayed.
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.
2/ You might have several of these messages being sent to you.
But each time they are sent from a slight variation of the same account, OR,
the Subject varies slightly e.g. "E-Ticket 9136598".

 

view example message

► FROM: "eBay <mail2627@ebay.co.uk>" (16/04/2015)
► Subject: "FPA NOTICE: eBay Registration Suspension"
------------------------------------

This email is mimicking an User Account related Message from Ebay (SEE IMAGE >>>) .

In the content of the message, it displays a warning "We are writing to let you know that your eBay account has been suspended." You are then asked to click the contained link to get your suspension removed. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an email account registered in "Germany", under an unknown account "s265264.server.a-r-s-networks.net".
The contained link almost certainly contains a virus, or link to a phising site designed to steal your identity details/Ebay user information.

Some basic telltale signs that this is a dodgy email:
1/ You are greeted as "Dear eBay Customer".
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.
2/ Legitimate companies WOULD NEVER ask you for any personal details in this fashion!!!
3/ You might have several of these messages being sent to you.
But each time they are sent from a slight variation of the same account,
where the email address varies slightly e.g. "mail1554@ebay.co.uk"

 

view example message

view virus warning

► FROM: "Linsen Parts UK Ltd <mark03806@linsenparts.co.uk>" (17/03/2015)
► Subject: "Invoice from Linsen Parts Ltd"
------------------------------------

This email is mimicking a digital invoice for a purchase made supposably (SEE IMAGE >>>) .

In the content of the message, it displays just a simple request to view the attached invoice
"Invoice-3709.doc" to see your invoice. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from a legitimate company based in the UK. This message however will have been sent from a form of email hijacking malware that the companies email account was unfortunate enough to become infected by.
The contained attachment actually contains a virus "VBA:Dridex-J [Trj]" (SEE IMAGE >>>):

The Virus/Malware Summary:

"Trojan-Downloader:W97M/Dridex is a document file containing maliciously crafted macro code that, when allowed to run on a user's machine, drops a file onto the system. The dropped file attempts to contact a remote server.
It is distributed in a Word document that is sent out as a file attachment to fraudulent e-mails that appear to be invoice-related. These e-mails have reportedly misused the names and/or branding of various legitimate companies to appear above-board.
By opening the Word document, it attempts to contact a remote server and retrieve an executable file, which is then downloaded, infecting the users computer.
The Trojan has been reported attempting to steal users online banking credentials. The malware monitors the user's web browsing activity for visits to selected banking sites, then tries to capture the login details entered into web forms on these sites."

Some basic telltale signs that this is a dodgy email:
1/ No formal greeting is displayed.
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.
2/ You may have never heard of this company before, never mind purchasing anything from them.

HINT! A General 'rule of thumb', Unless your expecting an email with an attachment, OR trust the sender of the email,
THEN DON'T DOWNLOAD IT. * DELETE IT! *

 

view example message

► FROM: "HM Revenue & Customs <uktradeinfo@hmrc.gsi.gov.uk>" (24/02/2015)
► Subject: "Overpaid tax refund"
------------------------------------

This email is mimicking a card receipt for a purchase made supposably (SEE IMAGE >>>) .

In the content of the message, it displays just a simple request to view the attachment
"Attachment - 24-02-2015.zip" to see your refund document. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an email account registered in "Panama City, USA".
The contained attachment almost certainly contains a virus, but due to contained encryption, this cannot be confirmed this on this occasion.

The Virus/Malware Summary:

"This trojan attempts to gain "root" access (administrator level access) to your computer without your knowledge.
Trojans like MO97:Downloader-IQ are difficult to detect because they hide themselves by integrating into the operating system. Once it infects your computer, MO97:Downloader-IQ executes each time your computer boots and attempts to download and install other malicious files. Upon successful execution, it deletes the source program, making it more difficult to detect."

Some basic telltale signs that this is a dodgy email:
1/ You are greeted as "Dear Customer".
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.
2/ You might have several of these messages being sent to you.
But each time they are sent from a slight variation of the same account, OR,
the Subject varies slightly e.g. "Tax Refund Notification"

 

view example message

view virus warning

► FROM: "tracey.smith883@aquaid.co.uk" (06/01/2015)
► Subject: "Card Receipt"
------------------------------------

This email is mimicking a card receipt for a purchase made supposably (SEE IMAGE >>>) .

In the content of the message, it displays just a simple request to view the attachment to see your receipt. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from a legitimate company based in the UK. This message however will have been sent from a form of email hijacking malware that the companies email account was unfortunate enough to become infected by.
The contained attachment actually contains a virus "MO97:Downloader-IQ" (SEE IMAGE >>>):

The Virus/Malware Summary:

"This trojan attempts to gain "root" access (administrator level access) to your computer without your knowledge.
Trojans like MO97:Downloader-IQ are difficult to detect because they hide themselves by integrating into the operating system. Once it infects your computer, MO97:Downloader-IQ executes each time your computer boots and attempts to download and install other malicious files. Upon successful execution, it deletes the source program, making it more difficult to detect."

Some basic telltale signs that this is a dodgy email:
1/ You are greeted just by "Hi".
Legitimate receipt emails would normally greet you by a personal method e.g. Full Name.
2/ You may have never heard of this company before, never mind purchasing anything from them.

 

view example message

► FROM: "Barclaycard <barclaycard@mail.barclaycard.co.uk>" (02/12/2014)
► Subject: "Credit limit increase"
------------------------------------

This email is mimicking a request for details from Barclaycard (SEE IMAGE >>>) .

In the content of the message, aswell as a visually convincing message, the instructions ask you to click on an attachment to confirm your details. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an email account registered in France, and is actually coming from an unknown account associated with "sivit.org".
The contained attachment almost certainly contains a virus, but due to contained encryption, this cannot be confirmed this on this occasion.

Some basic telltale signs that this is a dodgy email:
1/ You are greeted as "Dear Customer".
Legitimate booking emails would normally greet you by a personal method e.g. Full Name.
2/ It is supposably from Barclaycard. You may not even own a Barclaycard.

 

view example message

view virus warning

► FROM: "bhlivetickets@bhlive.co.uk" (08/09/2014)
► Subject: "Confirmation of E-Tickets Order Number 2523378."
------------------------------------

This email is mimicking the purchase of some Theatre Tickets.
The email is sent out in mass to thousands, if not millions of people, aiming for people who have legitimately purchased tickets for this show.

In the content of the message, aswell as a visually convincing message, the instructions ask you to click on a PDF attached to the message, to print off your E-Tickets. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an email account registered in Romania. The contained attachment actually contains a virus "Win32: Trojan-gen" (SEE IMAGE >>>) :

The Virus/Malware Summary:

"Potentially contains backdoor capability allowing a remote attacker to take control of the infected computer. Furthermore, this threat tries to steal sensitive data from the PC like user name and password. It can also mean security risks that can contact a remote server and download other malware onto the compromised system."

Some basic telltale signs that this is a dodgy email:
1/ Only your email address is referred to.
Legitimate booking emails would normally greet you by a personal method e.g. Full Name.
2/ You might have several of these messages being sent to you.
But just notice, each time you will undoubtably find that the 'Order Number' in the message will have changed.
If this was a legitimate email, then obviously the order number would be the same (yours) each & every time.
3/ It displays that you have paid by 'Mastercard'. You may not even own a mastercard.

 

view example message 1

view example message 2

► FROM: "Amazon" (23/07/2014)
► Subject: "Account Confirmation."
------------------------------------

An email titled Account Confirmation.
The email requests for you to click on a link to confirm your acount details for your Amazon account.

In the content of the message, the instructions ask you to click on a link labelled "Confirm Now", which will take you to a page to check your details. DON'T !!!!!!!!!
A basic search uncovers that this message actually originates from an email address no-reply26@amazon32.co.uk. The contained link directs you to a Japanese website registered in Kita-ku.
This website is what they call a 'Phishing' site.
Phishing sites are designed to trick the unwary into revealing their personal banking details to criminals.
Some basic telltale signs that this is a dodgy email:
1/ It starts by "Hello".
This is wrong, as all legimate emails would be personalised with your name (surname).
2/ You might have several of these messages being sent to you.
But just notice, each time you will undoubtably find that the 'Account Number' in the message will have changed.
If this was a legitimate email, then obviously the account number would be the same (yours) each & every time.