I just got an email saying I have to verify my account! Is it a phishing expedition or is it legitmate?

Phishing scams will be with us always. How can you spot them?

The easy way to spot a fake is that the email didn't come from me, or in the case of your general FSU account, from the FSU IT managers. Speaking only for the department, there are four ways to get your account suspended:

  1. You do something naughty that is against the FSU acceptible use policy and are unrepentant
  2. You request the suspension
  3. Your major professor or the department chairman requests the suspension
  4. You fall prey to a phishing scam, and our server is being used to spam others, so I lock your account which locks out the spammer(s)

There are number of free webspace hosts, and some offer PHP forms, and thus are vulnerable to hosting phishing scams. Some are just insecure PHP installations, and they've been compromised and are hosting the scam against their will. I try to alert the website to the problem and get them to fix the issue. The links in the two examples no longer work.

Here's an example, and my comments are in italics and the portions you should concentrate on are in bold.


From: Help Desk [mailto:ncsmith@colorado.edu]

Sent: Thursday, January 09, 2014 8:25 AM

To: undisclosed-recipients:

Subject: Warning!!! An HTK4S virus detected


Ok, from someone not associated with FSU, but claiming to be help desk. First hint. undisclosed-recipients. Second hint.


Dear user,

An HTK4S virus has been detected in your FSU Statistics Web Email folders, Your FSU Statistics Web Mail account therefore requires verification for continuous activity. Your FSU Statistics Web Mail account has to be upgraded to our new F-Secure R HTK4S anti-virus/anti-Spam version 2014 to prevent damage to our mail log and your important files. To complete this, you will have to click on the link below and enter your FSU Statistics email id and password to validate your account against spy-ware and HTK4S virus.


Well written...well, except that mail log is a just file that logs transactions, so that's some impressive sounding nonsense. Sort of like reversing the polarity of the neutron flow.

http://isps-stat-fsu-edu.webs.com/ Click here


Sending you to a non-FSU website. Third hint. I captured a screen shot of that page, and it is pretty scary:


Warning!!! Failure by you to upgrade your FSU Statistics Web Mail account inreceipt of this notice will lead to De-activation of your FSU Statistics WebMail account to avoid the virus being spread to our mail log.


Dire warning of deactivation. Fourth hint.

Thank you for your anticipated cooperation.

FSU Webmail Support Team Copy Right @ 2014 Florida State University - All Right Reseved.


Oh, falls apart badly at the end. As "boiler plate" language, it should be proper English and proofed:

Thank you for your cooperation.

FSU Webmail Support TeamCopyright © 2014 Florida State University - All Rights Reserved.


Here's another, simpler example. Can you spot the problems? I also captured a screen shot of their web page, and it's not so scary.



Date: Thu, 09 Jan 2014 15:51:25 +0100

From: Florida State University <eamnorte@eam.esc.edu.ar>

To: undisclosed-recipients:;


Dear Customer

Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24hours, we shall suspend your account. Click Here: http://itservixz-admin.phpforms.net/f/firstform

to verify your email account now

Thank you System Admin