電子郵件詐騙

網際網路上詐騙的事件層出不窮,詐騙集團常假冒單位名義發出難辨真偽的電子郵件來騙取您的帳號密碼,再利用詐騙所取得的資料,進行以下用途:

  • 假冒該帳號使用者身份,藉以進行新的社交工程型網路詐騙。例如:取得您的電子郵件聯絡人資料,寄信或打電話給他們來詐騙金錢或郵寄非法程式使其電腦中毒或植入木馬。
  • 使用者經常為求方便使用一組相同的帳號密碼,詐騙集團可用來猜測使用者其他系統的帳號密碼。

因詐騙手法日新月異,為避免上當受騙,僅提供一些電子郵件詐騙的注意事項供您參考:

  1. 請注意本中心系統管理者絕對不會要求使用者提供密碼,即使您看到的是本中心所發出之郵件(因為偽造寄件者是相當容易的技術,且無絕對的方法可防範),因此請不要提供密碼給任何人!
  2. 任何要求提供帳號密碼、身份證字號或個人資訊的信件,極有可能是詐騙,一定要提高警覺。
  3. 回信地址非發信單位所擁有,極有可能是詐騙,例如:本校的郵件網域一定為 「nthu.edu.tw」結尾。
  4. 不要點選不明信件中的連結網址,最好自己輸入,以免被偽造的網址所欺騙。
  5. 郵件中的附件,若不確定,請不要執行,極有可能導致中毒或資料外洩。
  6. 電子郵件來源判斷不易,即使看到署名是親朋好友或學校給您的郵件,若含有上述特徵也極可能是詐騙郵件。
  7. 許多詐騙信往往利用假日或非上班時段來寄發,造成收件者不易向相關人員或單位求證。
  8. 如果已不小心將密碼寄出或懷疑密碼已遭他人取得,請盡速更改密碼。
  9. 若您判斷為詐騙信,不予理會即可;如仍有疑問,請直接打電話向相關人員或單位求證,電話號碼一定要自行查證,不要用信件所提供的電話號碼。〈註:本中心服務電話為 31000 分機。〉

此外,若密碼太簡單〈如:12345678〉容易被不法人士猜中,為保障您使用網路安全,建議加強密碼強度或不定期更改密碼,以減少密碼外洩所造成的損失

Description about phishing scams via mails

  1. Real IT administrators NEVER attempt to acquire your username and password via emails. And the bad guys usually do it by phishing mails. Therefore, NEVER send your password to anyone.
  2. Please delete phishing mails once you receive them. Do not follow their instructions.
  3. If you have been a victim of a phishing scam, please reset your password according to the procedure which CCC provides as soon as possible to stop the bad guys from using your email account continually.

  • 2020年08月11日(二)有校外公司行號收到寄件者為 admin@nthu.edu.tw 的病毒詐騙信,主旨為 「提案要求 (TAITRA) :TWI11012/PwC Taiwan/QT456009」 ,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
台湾对外贸易发展协会的问候,

致:销售代表

我们想通知您,您的好公司已被评选为台湾十大公司之一,以竞标我们正在进行的台北项目(附加)。

在2020年1月20日或之前,通过电子邮件,传真或运营商将您的提案提交到以下地址。
台湾对外贸易发展委员会(TAITRA)
地址:台北市第二区基隆路333号4楼11012
电话:(02)2725-5200
传真:(02)2757-6653
电子邮件:taitra@taitra.org.tw

欲了解更多信息,请通过上述地址与我们联系。

感谢你并致以真诚的问候

此狀況 TWCERT/CC 於8/7亦有收到相關通報,並發出資安新聞通知。(網址:https://www.twcert.org.tw/tw/cp-104-3832-4d486-1.html

  • 2013年04月13日(六)有用戶收到詐騙信主旨為「 帳戶維護計劃 」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
帳戶維護計劃
 您的帳戶已達到配額限制的電子郵件設置由您的administrator.You不能夠發送
或接收電子郵件,直到你重新驗證您的帳戶增加郵箱下面的鏈接size.Click,重新驗證
您的Webmail帳戶。
點擊這裡http://tinyurl.com/webofficeadm100354004
此致
WebAdmin的技術支持團隊
郵箱管理版權所有c2013年的技術支持團隊,保留所有權利

  • 2011年03月30日(三)有用戶收到詐騙信主旨為「 Dear EDU.TW Webmail account owner 」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear EDU.TW Webmail account owner,

   This is to inform you that we are currently carrying out scheduled
maintenance and upgrade our Webmail service, all account owners are
required to verify their email account via
http://www.access.accountverify.cz.cc/
in order to keep the contents of the mailbox safe. failure to do this
within 72 hours of receiving this message, your account will be deleted
from our database.

http://www.access.accountverify.cz.cc/

  • 2011年02月21日(一)有用戶收到詐騙信主旨為「 Dear Webmail Subscriber 」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear Webmail Subscribers,


We are contacting you to remind you that our Account Review Team identified 
some unusual activity in your Webmail Account. As a result,access to your 
account has been limited in accordance with the  Webmail Account Online User 
Agreement.

Your account access will remain limited until this issue has been resolved. 
You are therefore required to provide the information below:

E-mail User:_________________

Password:__________________________

Date of Birth:_______________________

Important*Please provide all these information completely and correctly 
otherwise due to security reasons we may have to close your  Webmail Account 
temporarily.We thank you for your prompt attention to this matter. Please 
understand that this is a security measure intended to help protect you and 
your  Webmail Account. We apologise for any inconvenience.

  • 2011年01月08日(六)有用戶收到詐騙信主旨為「 Dear MX WebMail User 」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear MX WebMail  User,

Compliment of the season to you and your family, we appreciate your patronage in
the year 2010. Please be informed that system upgrading is currently going on, so
as to upgrade our WebMail System from 2010 to 2011 Classic Webmail log you are to
verify your account by sending your Username.......... and Password.......... to
our networking Engineers, otherwise your mail account will be terminated from our
Server thank you, Failure to comply mean closure of your account from our Server.

Administrator for confirmation.
Thank you.

  • 2010年12月28日(二)有用戶收到詐騙信主旨為「 Important Notice From Help Desk」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
NATIONAL TSING HUA UNIVERSITY EMAIL ACCOUNT UPGRADE

ATTENTION WEB-MAIL USER

Your E-mail Box has reached its maximum limit of  500MB storage and your
account will be deactivated if you do not upgrade it now. To upgrade your
web-mail account, kindly click on the below link and follow the
instructions to upgrade space for more storage.

http://www.knaus-camping-hennesee.de/phpform/use/AccountUpgrade/form1.html

Your account shall remain active after you have successfully confirmed
your account.

Copyright  2010 National Tsing Hua University • No. 101, Section 2,
Kuang-Fu Road, Hsinchu, Taiwan 30013, R.O.C • ALL RIGHTS RESERVED
•

                              !!! WARNING !!!
Failure to log out will allow others to access your account. Closing the
browser window does NOT log you out properly.  To log out, please click
one of the "Log out" icons in the browser window.

  • 2010年12月有用戶收到詐騙信,內文所連網頁畫面如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
  • 千萬不要點選可疑的連結,也不要依可疑的來信(要求密碼)指示進行操作。

  • 惡意網頁疑點說明:
    1. 上方所連網址非本校 nthu.edu.tw 網域,為惡意偽造 webmail 網頁,用以騙取使用者輸入密碼。
    2. 下方「執行」連結非本校 nthu.edu.tw 網域,當使用者輸入密碼按執行後,密碼送至該惡意連結。

  • 2010年11月20日(六)有用戶收到詐騙信主旨為「WebNews / Update Your Nthu.edu.tw Email Account」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear National Tsing Hua University Email Account User,

This message is sent automatically by the computer.

If you are receiving this message it means that your email address has been queued for deactivation; this was as a result of a continuous error script (code:505)received from this email address.

To resolve this problem you must reset your email address. In order to reset this email address, you must reply to this e-mail by providing us the following Information for confirmation.

Current Email User Name :{        }
Current Email Password:   {        }
Re-confirm Password:    {        }

Note: Providing a wrong information or ignoring this message will resolve to the deactivation of This Email Address.

You will continue to receive this warning message periodically till your email address is been reset or deactivated.

Thanks
Webmail Team.
National Tsing Hua University

  • 2010年07月21日(三)有用戶收到詐騙信主旨為「Upgrade Notification!!」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear mx.nthu.edu.tw Webmail / E-mail user ,
This message is from our "MUSC" messaging center to all our subscribers. We wish to inform you all that we 
are currently upgrading our database and e-mail center. Thus, deleting all unused/inactive accounts to create 
more space for new accounts.

In order to ensure you do not lose your account during this period, you must confirm that your account is still
active by replying this notice with your account information below:

1- Username(Login ID):
2- E-mail:
3- Password:
4- Phone:.

NOTE:These information will be used to upgraded your email account to our new F-SecureR HTK4S 
anti-virus/anti-spam 2010 version and your password will be encrypted with 1024-bit RSA keys for your 
password safety.
Failure to adhere to comply with this notification may automatically render your e-mail account deactivated 
from our e-mail database/mail server.

We regret the inconvenience.
verification code: pt:6524
mx.nthu.edu.tw WEBMAIL/E-MAIL ADMIN.

  • 2010年06月26日(六)有用戶收到詐騙信主旨為「Please You Just Have To Update Your Email Address Now」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Attention.


This message is from the Database Information Technology service messaging
center, to all our e-mail account holders. All Mailhub systems will
undergo regularly scheduled maintenance. Access to your mailbox via our
mail portal will be unavailable for some period of time during this
maintenance period.

We shall be carrying out service maintenance on our database and e-mail
account center for better online services. We are deleting all unused
e-mail accounts to create more space for new accounts.

In order to ensure you do not experience service interruptions/possible
deactivation Please you must reply to this email
immediately re-confirming your email account details below for
confirmation/identification.

Username : (........................)
E-mail Login ID: (........................)
Password : (........................)
Date of Birth : (........................)
Future Password : (........................)(Option)

Failure to do this may automatically render your e-mail account
deactivated from our email database/mailserver.


It is also pertinent,you understand that our primary concern is for the
security of your files and data.


COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.

  • 2010年04月15日(四)有用戶收到詐騙信主旨為「Upgrade Your Account from Spammer and Harmful Virus」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Attention:  Account User,

This is to inform you that harmful virus was detected in
your Email 
account which is very dangerous to our subscriber unit, For
that we 
are upgrading our Webmail account.

Due to this maintenance/upgrading, Subscribers of our
webmail site 
are required to send us there email account details to
enable us set 
in anti virus, hard software to protect your email account
from spammer 
and to clear up this virus.


(1) Is faster and self-protected in terms of viruses
(2) It helps stop spam mails automatically
(3) It helps to protect your personal information from other
    internet users

We do need your co-operation by Providing us with your
E-mail address 
and password to enable us insert software our anti virus
machine for 
clean up now.

You are to enter your bellow information here.

Email Login Id :........
Email Password :........
Phone Number:...........

Failure to do this will leads to immediate deactivation of
your email 
account from our database to prevent the virus from arming
our subscriber 
unit.

Thanks for bearing with us.

WEBMAIL TEAM
Warning Code: Web/0739675/Mail.NMSU

  • 2010年03月13日(六)有用戶收到詐騙信主旨為「Dear EDU.TW Email account owner」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear EDU.TW  Email account owner,
 
This is to inform you that we are currently carrying out scheduled
maintenance and upgrade our Webmail service and as a result of this,
our mail client has been changed and your original password will reset. We
are sorry for any inconvenience caused.
 
To maintain your EDU.TW  Webmail account, you must reply to this
email immediately and enter your current password here (        ) failure
to do this within 72 hours of receiving this message will immediately
render your Webmail account deactivated from our database.
 
Thank you for using  EDU.TW   webmail account!
"EDU.TW  Webmail ACCOUNT SUPPORT TEAM".
@EDU.TW  Webmail ACCOUNT ABN 31 088 377 860 All Rights Reserved.

  • 2010年03月04日(四)有用戶收到詐騙信主旨為「subscribers!! You Have Warns」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear subscribers.

This message is from the Email Administrator  IT Service to all our email account subscribers.You are to provide to us the 
below information to revalidate your account due to spam and to upgrade the new 2010 spam version. 

Notice:Your  Email account will be expired after a week, if you do not revalidate or update your account. Please do co-
operate with us so we can serve you better, contact the adminstrator!!**** 

User Name: 
Password: 
Confirm Your Password:
Alternative Email :

Thank You. 
Email Administrator 
Warning Code :ID67565434.

  • 2010年03月03日(三)有用戶收到詐騙信主旨為「Dear Email Subscribers」,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear Email Subscribers,

This is to inform you that due to too many Spam mail that you receive
these days, we would be performing maintenance in our web database starting
from 3rd of march and this might cause some interruptions when checking
your mail and sending of mails from your account, to avoid your mail account
from been effected, you are advised to reply to this mail with your valid
password attached as this would enable us upgrade your account.

Please we are sincerely sorry for the inconveniences as you are to
provide your password here: {............}. It would take just two days to upgrade
and we say again we sincerely sorry for the inconveniences.

Thank you very much for using our email.

  • 2010年01月24日(日)有用戶收到主旨為「Warning About Your E-mail Address.」,寄信者為"Support Team." <chen@info.com>,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear Email User,

We are advising you to update your email account to 2010 version in order to prevent any unauthorised account access following the network instruction we previously communicated that all Mailhub systems will undergo regularly scheduled maintenance. Access to your e-mail via the Webmail client will be unavailable for some time during this maintenance period.


We are currently upgrading our data base and e-mail account center i.e homepage view. We shall be deleting old email accounts which are no longer active to create more space for new accounts users.we have also investigated a system wide security audit to improve and enhance our current security.


In order to continue using our services you are require to update and re-comfirmed your email account details as requested below.

To complete your account re-comfirmation,you must reply to this email immediately and enter your account details as requested below.

Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth :(**************)
Future Password :(**************)(Option)


Failure to do this will immediately render your account deactivated from our database and service will not be interrupted as important messages may as well be lost due to your declining to re-comfirmed your account details to us.


We apologise for the inconvenience that this will cause you during this period,but trusting that we are here to serve you better and providing more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our customers, and for the security of their files and data.


COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.

  • 2010年01月08日(五)部分用戶收到主旨為「Please Update Your e-Mail Account Or We Will Deactivate It」,寄信者為"Technical Support Team."<w.drozdz@aster.pl>,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear Email  User,
   
We are advising you to update your email account to 2010 version in order to prevent any unauthorised account access following the network instruction we previously communicated that all Mailhub systems will undergo regularly scheduled maintenance. Access to your e-mail via the Webmail client will be unavailable for some time during this maintenance period.
 
We are currently upgrading our data base and e-mail account center i.e homepage view. We shall be deleting old email accounts which are no longer active to create more space for new accounts users.we have also investigated a system wide security audit to improve and enhance our current security.
 
In order to continue using our services you are require to update and re-comfirmed your email account details as requested below.

To complete your account re-comfirmation,you must reply to this email immediately and enter your account details as requested below.
 
Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth :(**************)
Future Password :(**************)(Option)

Failure to do this will immediately render your account deactivated from our database and service will not be interrupted as important messages may as well be lost due to your declining to re-comfirmed your account details to us.

We apologise for the inconvenience that this will cause you during this period,but trusting that we are here to serve you better and providing more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our customers, and for the security of their files and data.

 
COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.
  • 2008年5月10日(六)部分mx.nthu.edu.tw用戶收到署名為「MX WebMail v1.0 Internet Service <abuse@mx.nthu.edu.tw>」,表示系統要更新、要求用戶提供email密碼,不然可能停止帳號,但回信地址卻非本中心所擁有的<Email.Upgrade@Gxxd.com>。
  • 2008年9月11日(四)部分校內老師表示收到主旨為 「Update Your NTHU Email Now.eml」署名為<cyhuang@nxnx.edu.tw>,並在內文中以"NTHU messaging center"名義發送詐騙信件,表示系統要更新,要求收件者需提供帳號、密碼等資料,否則會刪除該帳號。但該信件的回信地址並非中心所擁有的<info.emailteams@gxxxl.com>。
  • 2009年2月15日(日)部分用戶收到主旨為「Important Nthu Notice!」,並在內文中以"Nthu Abuse Team"名義發送詐騙信件,表示用戶郵件帳號遭垃圾郵件發送者入侵併濫用,要求用戶提供帳號與密碼以進行重置,否則會終止該帳號使用。
  • 2009年10月23日(四)部分用戶收到主旨為「Attention E-mail Account Holder」,寄信者為"Customer Care Center" <team@upg.net>,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Attention E-mail Account Holder,

 This message is from the Database Information Technology service 
messaging center, to all our e-mail account holders. All Mailhub  systems
will  undergo regularly scheduled maintenance. Access to your mailbox 
via our  mailportal will be unavailable for some period of time during
this  maintenanceperiod.

 We shall be carrying out service maintenance on our database and e- mail
account center for better online services. We are deleting all 
unusede-mail accounts to create more space for new accounts.

 In order to ensure you do not experience service 
interruptions/possibledeactivation Please you must reply to this  email
immediately confirming  your email account details below for
confirmation/identification

 1. First Name & Last Name:
 2. Full Login Email Address:
 3. Username & Password:
 4. Confirm your Current Password:

 Failure to do this may automatically render your e-mail account 
deactivated from our emaildatabase/mailserver. to enable us
 upgrade your  email account, please do reply to this mail.

 Thanks.
 Upgrade Team

  • 2009年11月24日(二)部分用戶收到主旨為「Your Account Update」,寄信者為customercare@oz.nthu.edu <ciscoenzo1@sbcglobal.net>,詐騙信內文如下所示 (The following example is a phishing scam. Delete it once you receive it. More...):
Dear oz.nthu Customer

this is to alert you of the recent changes/upgrading that will be going on
shortly in your email account.We want you to provide us with your email (ID)
and email (Password) so we can enter your data into our data base
operating system for upgrading and to avoid your account been close.you
are to reply within the next 24hrs of receiving this mailCopyright (c) 2009
Customer Service

參考資料