Recent phishing/scam email examples

By Catherine Haug, updated Oct 2018 – see example 4, below (previous updates:  Oct 2017  – see Example 3, below; original published Jan 15, 2017)

I continue to get several phishing/scam emails, so I thought I’d share them with you to help you know how to recognize them.

Phishing is fishing for private information such as usernames, passwords and credit card accounts. Wikipedia (1) defines it as:

“the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”

A scam is “fraudulent scheme performed by a dishonest individual, group, or company in an attempt obtain money or something else of value” according to the Business Dictionary (2).

The examples below appear to be from the trusted businesses: FedEx, USPS, and Earthlink. But if you look at the sender’s email address or other clues in the screen-caps of the email text, you can tell the sender is pretending, in an attempt to gain your trust and get your information.

Example 1 (screen capture below):

It wants me to click on the View messages button, but I’m suspicious, so If Iclick on the apparent sender (highlighted in blue), I get:

“crickn827 (at) amega (dot) com”.

If it were truly from FedEx, the text after the @ would indicate: (at) fedex (dot) com (email addresses disguised for security). I put this email in my junk folder so I could shred it.

Example 2 (screen-capture below):

It wants me to open the attached zip file (below the email’s text), but I’m suspicious, so If Iclick on the apparent sender (“USPS Ground”) and the “Reply To” fields, I get after the @:

“(at) leonardoarroyo (dot) com.”

If it were really from USPS, the part after the @ would be “@ usps (dot) com” (email addresses disguised for security). Like the previous example, I put this email in my junk folder so I could shred it.

(ignore the “change size of message area” message superimposed over the email screen cap by my computer).

Example 3, added Oct 2017 (screen-capture below):

This phishing example claims to be from my email provider, Earthlink (but similar examples are likely happening for other email providers). It is phishing for my billing information (credit card, etc.).
Here’s how I determined this is fraudulent:

First, I looked at the sender’s email address by clicking on the sender name  (Note: I added a space before the dot, to disguise it for security).

“support@earthlink .net”

 It appears to be valid, but I didn’t stop there.

Second, I studied the provided link (highlighted in blue). To do this, I hovered my mouse over the link it wants me to click (being careful not to click it); that link does not look valid to me, even though it contains ‘earthlink.’ That link reads (note, I put a space between the ‘dot’ and ‘com’ so my copy won’t work by accident):

“http:ppcassistants. com/wp-admin/earthlink/“

There are at least 2 clues here that it is fraudulent. The most glaring is the ‘http.’ Any valid business wanting your billing information will use a secure link indicated by ‘https’. It is also missing the ‘//’ after the “http:” The second clue is that the sender is ppcassistants’ not earthlink. Yes, earthlink might have hired an outside company to do this for them, but I don’t believe they would do that.

Third, I studied the writer’s text. I believe this was written by someone who doesn’t speak English as a first language, because they typed: “PROVIDE BILLING INFORMATIONS .” Correct wording would be “PROVIDE BILLING INFORMATION.” (‘information’ should not be plural).

Fourth,  while studying the text, I note they tell me to disregard this if I access my account from Nigeria. That means they are from Nigeria, one of the countries from which most phishing originates.

Lastly, I forwarded it to their fraud department (I looked-up that address online). alternately, I could contact earthlink’s support, to find out if this is valid. I opted not to do that because I’m certain this is fraudulent. If you have a different email provider and get a suspicious email, contact them regarding how to report fraud.

Example 4, added Oct 2018 (screen-capture below):

This phishing/scam example claims to be from a person in the UK representing Amazon and USPS. I believe it is fraudulent because the sender’s email address (which I got by clicking the sender name, “United States Postal Service” doesn’t look right to me. That address is “sender2 (at) alpha tiles (dot) co (dot) uk” [I disguised this and other addresses/urls for your protection].

Other reasons why I think this is fraudulent:

  • I have not placed any orders from Amazon in months.
  • The sender purports to be from USPS but says in the text of the email that shipment info is provided by stamps (dot) com. and the reply-to address [jparkeracademylco (dot) uk (at) email (dot) com] is neither of these companies/shippers. Note that I disguised the url and email address for your protection.
  • The tracking link doesn’t appear to be legit for USPS, and begins with “http:” rather than “https:”. The latter would indicate  a secure link, the former does not.

I do plan to contact the USPS to verify if it is fraudulent, but in the meantime, please avoid clicking on links in emails like this. Here’s the screen-cap:


  1. Wikipedia on phishing:
  2. Business Dictionary on ‘scam’:

Comments are closed.