From the Email

Signs and Reasons the Email was Fraudulent 

From: "gkoliako" auth.gr> 

Date: March 31, 2019 at 11:33:03 PM PDT

Business professional email address are typically a combination of the user’s first and last name and what the organization’s name after the-@. 

ex. Preston Robinson or or … 

To: "gkoliako" 

To/From fields have same person, rather than the receiver's email address.

Subject: Dear Customer

The Subject should briefly describe the purpose of the email.

Reply-To: 

Different Reply-To email address than sender. THIS IS A RED FLAG

Dear Customer

Business letter salutation typically should be personally addressed to the receiver. In this case since the email is about your account the sender should know and use your name.

Good Examples of Business Letter Salutation

• Dear Mr. Smith

• Dear Mr. and Mrs. Smith

• Dear Mr. White and Ms. Smith

• Dear Dr. Smith

• Dear Judge Smith

• Dear Ms. Jones

• Dear Jane Doe

• Dear Dr. Haven

• Dear Dr. and Mrs. Haven

• Dear First Name (if you know the person well)

THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM: This message is sent automatically by our web mail team. If you are receiving this message it means that your email address is about to be deactivated; this was as a result of a continuous error script code: 505 receiving from this email address and too many of spam emails in your Account. You are kindly please advised to respond to this e-mail within the next 48 Hours with the necessary information below to keep your account active. All entries to be forwarded directly to Maintenance/Upgrade Team.

Other than the poor grammar, this message has a few red flags that it is fraudulent (See highlighted). For starts "THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM" is not necessary since the “from” field and the signature will take care of stating who is the email’s sender.

Next is the BIG RED FLAG! The tech support team used jargon that most users would not understand. Techs typically spend extra time trying to limit and remove jargon from communication to the users in order to improve the likelihood the user reads, understands, and complies as needed. Nevertheless, the "script code error: 505" is for a non-email and Internet application. 48 Hours is a sense of urgency, if truly time-sensitive emergency, an email is replaced and or followed up with a phone call from IT.

Did you know that if you copy a unique piece of the message, such as “script code: 505”, into your browser’s search engine the browser would find all signs of that phrase? In the case of “script code: 505”, the first results would have said this is a SCAM. Lastly, "All entries to be forwarded directly to Maintenance/Upgrade Team". The only problem with this is the message came from one group but it is being sent to another. IT groups typically will not do this. The party that needed the information from you would have been on the original email or the group that sent the message to you. 

First Name: _________________

Last Name: ________________

Phone: ____________________

Username: __________________

Password: __________________

Re-Confirm Password: ________

Any Other Web mail Address: _____

Password/Applicable:____________

Account Deactivation: ____________ (specify yes to deactivate. No to keep active)

While it is possible for IT to ask for your name, phone, alternative email and username, IT will never ask for your password. IT will simply reset the password to get in.

As for the Account Deactivation: if you are seeing the message, the likelihood is you want to keep your account. Nevertheless, email accounts and servers get millions of SPAM messages each day. The email administrator and the software they use block most of it from all the user accounts. If there was a problem with SPAM on your account the email server or email admin would have taking care of it before it got to you. 

IMPORTANT NOTICE: Please your information is safe and secure with us.



WARNING: Failure to reset your email by ignoring this message or inputting Wrong information will result to deactivation of this email address.

• Grammar errors: Attackers will often live in a different country from the one they’re attacking.

• IT would not send a message stating your information is safe and secure with us. 

Sincerely,



sdcounty.ca.gov Technical Support Team.

Copyright © 2019 sdcounty.ca.govAccount Service. doesn't match sender infoAll rights reserved

• Missing the signature and/or the company logo.

• If they are from sdcounty.ca.gov, their email address domain (domain is what is after the @ symbol in the email address or at the beginning of a web address) above, should be the same or close to sdcounty.ca.gov 

• There is a mention of something being Copyright ©. That is unusual.