Fraud Alert - Email Scams & Phishing

Some GCI customers have received fraudulent email messages asking them to verify account passwords. This is an attempt to steal your login information.

The latest trend GCI has noticed is, an email stating your email account is over quota. Instead of stating your account will be closed, the phishing email asks you to send your Username and Password (UName/Password), and your quota will be adjusted. DO NOT respond to the email, just delete it.

GCI IS NOT SENDING THESE EMAILS and would never ask our customers to send private or secure information in an email.

We have posted some examples of fraudulent emails (phishing attempts) below.

If you receive an email like the any of the ones below, please do not respond or open any attachments, simply delete the email.

This is the latest Phishing attempt email being reported to GCI by our customers. This email appears to be from GCI. GCI is not sending these and will not request your information via an email. Plus, if an attachment is part of a phishing email it most likely contains a virus, worm or trojan! Again, this is a phising attempt, just delete the email. If a phishing email contains an attachment, do not open the attachment!

From: GCI ONLINE TEAM [mailto:webmaster@gci.net]
Sent: Wednesday, November 18, 2009 4:06 PM
To: user@gci.net
Subject: Warning Notice!!!

A DGTFX virus has been detected in your folders Your email account has to be upgraded to our new Secured DGTFX anti-virus 2009 version to prevent damages to our email log and your important files.

Click your reply tab, Fill the columns below and send back or your email account will be terminated immediately to avoid spread of the virus.

USERNAME:
PASSWORD:
PHONE NUMBER:
DATE OF BIRTH:

Note that your password will be encrypted with 1024-bit RSA keys for your password safety.

WARNINGS
If the above details is not sent you will experience login problems after you log out.

-------------------------------------------------------------------

Other examples. Again these are phishing attempts. Just delete these types of emails, if they get through your email filter.

From: Gci.net Abuse Support Team [mailto:spamsupportteam@gci.net]
Sent: Tuesday, November 03, 2009 5:37 AM
Subject: Gci.net Report

Deactivation Of Your Gci Webmail Account.
Kindly note that we recently did some upgrade on our database.

During the upgrade there was an unusual responds code from your
email address requesting for deactivation. Verify to deactivate
or keep your email account active.

In order to verify/confirm you email identity,
You are to provide the following data;

CONFIRM YOUR GCI.NET WEBMAIL IDENTITY BELOW;

First Name:____________________________
Last Name:_____________________________
Email Username:________________________
Email Password:________________________
Account Deactivation:__________________(specify yes to deactivate. No
to keep active)
Reason for Deactivation_____________(if yes)

Warning!!! In failure to verify your email account within 48hrs on
receiving this notification, your account will automatically be
deactivated

Thank you for using our Webmail!
warning Code: ASPH8B02AXV

Kind regards,
Webmail Service Team Management.
ABN 33
All rights reserved.

OR

From: Gci.net Abuse Support Team [mailto:spamsupportteam@gci.net]
Sent: Tuesday, November 03, 2009 5:37 AM
Subject: Gci.net Report

Gci.net Report
Your email account has been reported for numerous spam activities from a foreign ip recently. As a result,

Gci.net Report has received advice to suspend your account.
However, you might not be the one promoting this Spam, as your email account might have been compromised.
To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your username (*******) and PASSWORD (*******) as a reply to this message.
On receipt of the requested information, the Gci.net Report email support shall block your account from Spam.

Failure to do this will violate the Gci.net Report email terms & conditions. This will render your account inactive.
NOTE: You will be send a password reset message in next seven (7) working days after undergoing this process for security reasons.

Gci.net Abuse Support Team.

-------------------------------------------------------------------

<!--StartFragment-->Subject: Your Account is Suspended For Security Reasons
Date: 10/12/08 11:52:34 AM
From: support@gci.net
To: your email address@gci.net

Dear Gci Member,

Your e-mail account was used to send a huge amount of unsolicited spam
messages during the recent week. If you could please take 5-10 minutes
out of your online experience and confirm the attached document so you
will not run into any future problems with the online service.

If you choose to ignore our request, you leave us no choice but to
cancel your membership.

Virtually yours,
The Gci Support Team

-------------------------------------------------------------------

From: Webmail Support Center [mailto:support@webmail.com]
Sent: Monday, September 21, 2009 3:13 PM
To: user@webmail.com
Subject: Webmail Maintenance

Dear Webmail User,
This mail is to inform all our  webmail users that we will be upgrading our webmail server.
We shall be deleting old mail accounts which are no longer active to create more space for new
account users

Subscribers of our service are required to re-confirm their account manually to confirm that it
is still active by providing the information below:

*Email Address:
*Password:
*Full Names:

Failure to do this might make access to your e-mail via the Web mail be unavailable for some time
during this maintenance period,we advice you to.We apologise for the inconvenience that this will
cause you during this period

Technical Support Team

-----------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and intended solely for the use of the
individual or entity to whom they are addressed.If you have received this email in error please notify
us immediately. This message contains confidential information and is intended only for the individual
named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail
-----------------------------------------------------------------------------------------------------

-------------------------------------------------------------------

Subject: ANTI-SPAM UPDATE ( FINAL NOTICE)
Date: 7/14/09 12:14:30 PM
From: "WEBMAIL MANAGEMENT CENTER"

Dear Webmail User, ANTI SPAM UPDATE
This message is from WEBMAIL MANAGEMENT MESSAGING CENTER to all Webmail account users. We are currently upgrading our data base and webmail account center.
This is to enable your webmail account take a new look with new functions and help protect against spam e-mails. We are therefore deleting all unused email account to create more space for new accounts and updates.
To help us fight spam and to prevent your account from closing you will have to update it below so that we will know that it's an active account.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username:
EMAIL Password:
Date of Birth:
Alternative Email:

WARNING!!! All account owner that refuses to comply with this update will lose his or her within seven days of receiving this notice.

Thank you for your understanding. We are delighted to bringing communication closer to you.
WEBMAIL ADMIN

-------------------------------------------------------------------

From: support@gci.net [mailto:support@gci.net]
Sent: Monday, May 04, 2009 3:05 AM
To: undisclosed-recipients:
Subject: CONFIRM YOUR EMAIL ACCOUNT

Dear Gci.net Subscriber

We would like to inform you that we are currently carrying out scheduled maintenance and upgrade of our webmail service

and as a result our email client has been changed and your original password will be reset.

We are sorry for any inconvennience caused.

To complete your Gci.net account, you must reply to this email immediately and enter your password. Failure to do this will immediately render your email address deactivated from our database.

User Name:
Password:

Thank you for using Gci.net webmail IT Gci.net THE TEAM "

-------------------------------------------------------------------

Dear gci.net User,

We have noticed an unauthorized attempt to change your gci.net password from
a foreign IP. This was going to result to your inability to access your
account due to the password change. If you know you are the authorized owner
of this account, kindly reply by providing your original username (*******)
and PASSWORD (*******) so as to protect your ID and password from
unauthorized access.

Failure to do this will violate the gci.net email terms & conditions.

Thanks for using gci.net

The gci.net Tech Support.

-------------------------------------------------------------------

From:       support@gci.net
Subject:                Account Upgrade/Maintenance All Gci Webmail Accounts
Date:      March 18, 2009 1:03:16 AM AKDT
To:            undisclosed-recipients: ;
Reply-To:                iol.support.team09@gmail.com

Gci Technical Support

-------------------------------------------------------------------

Attn. Gci Webmail Users,

Account Upgrade/Maintenance All Gci Webmail Accounts

We regret to announce to you that we will be making some vital maintenance on
our Gci Webmail account. During this process you might have login problems in
signing into your Gci account, but to prevent this you have to confirm your
account immediately after you receive this notification.

To confirm and to keep your Gci Webmail account active during and after this
process, please reply to this message with the below account information's.
Failure to do this might cause a permanent deactivation of your Gci webmail
account from our database to enable us create more spaces for up coming
subscribers.

To confirm your account, send your Gci webmail account stating:

email address:
Password:

Your Gci account shall remain active after we have successfully confirmed and
upgraded your account.

Thank you for your swift response to this notification we apologize for any
inconvenience.

Gci Technical Support

Copyright 2009 - Gci Communciations - All Rights Reserved.

Subject: Dear Subscriber
Date: 3/11/09 4:00:45 AM
From: "The Gci.Net email support team" <an email address, can be any email address> To:info@gci.net

Dear Subscriber

We are currently carrying out maintainance on our GCI.NET email database. To complete this process you must reply to this email immediately and enter your Username here (**********) And Password
here(**********) if you are the owner of this account.

This process will help us to fight against spam mails Failure to summit your password, will render your email address in-active from our database.
NOTE: You will be send a password reset message in next seven (7) working days after undergoing this process for security reasons.

Thank you for using Gci.Net!
The GCI.NET email support team.

-------------------------------------------------------------------

From: support@gci.net [mailto:support@gci.net]
Sent: Tuesday, February 24, 2009 2:04 PM
To: undisclosed-recipients
Subject: Please confirm your GCI.net email account

Dear GCI.net Email Account Owner,

This message is from GCI mailing center to all our GCI email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused email account to create space for new accounts. To prevent your account from being deactivated you will have to update it.

CONFIRM YOUR GCI EMAIL ACCOUNT
Email Username:
Email Password:

Warning!!! Account owners that refuses to update his or her account within seven(7) days of receiving this email will lose his or her account permanently.

Thank you for using GCI.

Warning Code: UCRV08MT1

Thanks,
GCI Team.

-------------------------------------------------------------------

From: support@gci.net [mailto:support@gci.net]
Sent: Sunday, January 25, 2009 4:16 PM
To: undisclosed-recipients
Subject: Please confirm your GCI.net email account

Dear GCI.net Email Account Owner,

This message is from GCI mailing center to all our GCI email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused email account to create space for new accounts. To prevent your account from being deactivated you will have to update it.
CONFIRM YOUR GCI EMAIL ACCOUNT
Email Username:
Email Password:

Warning!!! Account owners that refuses to update his or her account within
seven(7) days of receiving this email will lose his or her account permanently.
Thank you for using GCI.

Warning Code: UCRV08MT1

Thanks,
GCI Team.

If you receive an email like any of the ones above, please do not respond or open any attachments, simply delete it !!

GCI has seen an increase in phishing attempts against GCI customers both in email attempts, and even some reported cases of pretexting using phone calls. These requests are attempts to obtain personnel information such as username, passwords, or credit card information. This information is then used for criminal purposes such as spamming, theft or identity theft.

• Phishing: The attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords, and credit card details by masquerading as a trustworthy entity.
• Pretexting: Is the act of creating and using an invented scenario (the pretext) to persuade a target (you) to release information or perform an action and is typically done over the telephone

Some steps you can take to help protect yourself

• Be suspicious of unsolicited email and phone calls
  • Delete the email
  • Hang up on the caller
• Do not provide usernames, passwords, credit card, social security number, and date of birth on an email or over the phone to an unknown source
  • Call them on a phone number you acquire from a different source
  • Visit their web site, directly or by a performing a web search.
• Do not click on the links of the email, if you need to contact the company
  • Call them on a phone number you acquire from a different source
  • Visit their web site, directly or by a performing a web search.
• This includes emails with coupons to a retailer
  • Security experts believe this will lead recipients into phishing schemes.
  • It is recommended you go to the retailer's web site and navigate to special coupons or promotions listed on the site
• Keep your computer and programs up-to-date
• Use a good anti-virus and anti-spy ware program
• If you think the email or phone call may have come from GCI, you should call GCI, at any of our published phone numbers.
  • Remember GCI technical support is open 24/7 365 days a year and can be reached through 265-5400.

GCI takes these attempts seriously, and will shut down accounts of GCI customers knowingly participating in such activities. If you are in doubt, please contact GCI.

More subject information about these issues may be found at the links below:

• Wikipedia - phishing
• Wikipedia - pretexting
• Webopedia - phishing
• Wikipedia - SMiShing

More information about how to protect yourself may be found at these sites: