When scams are brought to the attention of the Information Security Office, we pass the information along to the community. http://security.tennessee.edu/ This one is clever and looks very authentic. There isn't even a request for any personal information; but this is a scam. The link provided in the email does not take you to the Microsoft Update Center. Another thing to remember is that Microsoft does not usually send update notifications to customers directly and they don't give their Office software away free. http://security.tennessee.edu/RSS/spam/outlook.shtml Mon, 01 Jun 2009 13:24:00 EDT Boy, this phishing scam covers all the bases. It's good for Webmail AND regular email. Performing an upgrade, regular maintenance? Who cares? This blanket email has you covered. We retired Webmail eons ago, and they're still phishing for it. Again, we will never ask for any sensitive data in an email. http://security.tennessee.edu/RSS/spam/youreducation.shtml Mon, 01 Jun 2009 13:24:00 EDT So now you are to believe that a virus is detecting a virus and you need to supply your personal information, including your birthday, to have your email account repaired. Yes, this is a scam; No, it is not being sent from any UT organization; and No, you should not reply to the email. http://security.tennessee.edu/RSS/spam/dgtfx.shtml Mon, 01 Jun 2009 10:49:00 EDT A variant of the UPS scam where the sender claims they tried to deliver something to you but were unable to do so. The recipient is directed to open the attached .zip file, which contains a virus. McAfee is not currently catching this variant but a copy of the malware has been submitted. http://security.tennessee.edu/RSS/spam/postaltracking.shtml Mon, 01 Jun 2009 10:49:00 EDT Another targeted Phishing scam. I suppose it's a good thing the phishers haven't figured out we retired Webmail last year. It makes it kinda easy to spot the fakers. At least they were kind enough to apologize "For The Inconvinences." I had to make a special effort to get that spelled wrong in just the right way. http://security.tennessee.edu/RSS/spam/important-information.shtml Mon, 18 May 2009 09:03:00 EDT This phishing scam is of the more common garden variety. Responding to the email lets the phisher know that your email account is active. After that, there's no telling what you may receive. Don't respond; just mark it as junk. Your email account will not be deactivated. http://security.tennessee.edu/RSS/spam/mailboxdeactivated.shtml Tue, 12 May 2009 12:10:00 EDT This phishing scam pulls out all the stops. Apparently the Executive Director of the FBI sends out emails asking for usernames and passwords. Rest assured, you have not been indicated in illegal activity and you shouldn't respond to this email with your username and password. http://security.tennessee.edu/RSS/spam/dear4.shtml Mon, 04 May 2009 13:10:00 EDT Another phishing scam that claims your mailbox storage limit has been exceeded. This one actually has two different addresses to reply-to, neither of which are UT addresses. Again, UT will never send out an email asking for personal information to be provided in response to email. http://security.tennessee.edu/RSS/spam/ithelpdesk.shtml Mon, 06 Apr 2009 12:10:00 EDT A phishing scam that claims your mailbox storage limit has been exceeded. Notice the repeated use of the = sign? The UT Helpdesk is not hosted on live.com and you will never receive an email from the real UT HelpDesk asking for your user ID and password. http://security.tennessee.edu/RSS/spam/helpdeskwebs05.shtml Wed, 22 Apr 2009 12:10:00 EDT One of the more old fashioned types of phishing. This one just needs you to respond to the email. It doesn't ask for any user ID or password; it just needs to know that your email account name is active. http://security.tennessee.edu/RSS/spam/goldtrans.shtml Wed, 15 Apr 2009 12:10:00 EDT A phishing scam which claims the recipient's account is compromised. Obviously the best way to "uncompromise" your account is to send your password to the "help dsk". http://security.tennessee.edu/RSS/spam/notice2.shtml Mon, 06 Apr 2009 12:10:00 EDT Another typical phishing scam claiming to be coming from "Help Desk". http://security.tennessee.edu/RSS/spam/helpdesk2.shtml Fri, 03 Apr 2009 12:49:00 EDT This is a typical phishing scam claiming to be coming from "Web Mail HelpDesk" They didn't even try to hide the reply-to address; they put it right at the bottom of the email. http://security.tennessee.edu/RSS/spam/webmailhelpdesk.shtml Mon, 01 Apr 2009 15:23:00 EDT This message claims that DHL has tried to deliver a package to you but was unable to do so. The recipient is encouraged to view delivery documentation in the attached ZIP file. Of course, the ZIP file contains malware. I've also seen this targeting other package delivery services. http://security.tennessee.edu/RSS/spam/dhl.shtml Mon, 26 Mar 2009 15:23:00 EDT This is actually a combination of two common scams but tailored for The University of Tennessee http://security.tennessee.edu/RSS/spam/asap.shtml Mon, 26 Mar 2009 11:29:00 EDT This is a variant of the phish-du-jour, but tailored for the Computer Science department. http://security.tennessee.edu/RSS/spam/accountupdate.shtml Mon, 26 Mar 2009 11:20:00 EDT Yet another version of the "your mailbox is over it's limit, send us your password" scam. http://security.tennessee.edu/RSS/spam/message.shtml Mon, 26 Mar 2009 11:08:00 EDT This is a slightly different version of the same old phishing scam. http://security.tennessee.edu/RSS/spam/techservunit.shtml Mon, 26 Mar 2009 10:39:00 EDT This one takes the "threat" requirement to a whole new level telling the recipient that they've caught you doing something "unusual" in your mailbox. Obviously, the only way to maintain your innocence is to send in your username and password. http://security.tennessee.edu/RSS/spam/fromsysadmin.shtml Mon, 16 Mar 2009 14:17:00 EST This is just a repackaging of a previous scam aimed to get users to send in their usernames and passwords. Incidentally, Webmail was retired some time ago. http://security.tennessee.edu/RSS/spam/helpdesk.shtml Thurs, 12 Mar 2009 08:32:00 EST Well, the scammers are back from their holiday break. Looks like they've dusted off the same old scam but put a new coat of paint on it. They still haven't figured out "database" is one word and apparently in order to make space for new accounts, they have to delete all accounts. As usual, in order to "prevent your account from been inactive" you have to send your username and password. http://security.tennessee.edu/RSS/spam/notification2.shtml Mon, 26 Jan 2009 07:56:00 EST We here at the Information Security Office sincerely hope everyone had a pleasant and safe break. How better to welcome the UT community back to work than with the twelfth version of the original phishing scam. Time marches on, but it's good to know some things never change, they still don't use spell check and haven't grasped subject-verb agreement. http://security.tennessee.edu/RSS/spam/confirm12.shtml Mon, 29 Dec 2008 10:06:00 EST This is a classic phishing scam with all the hallmarks: a general greeting, threats, an inflated sense of urgency, and a request for personal information. http://security.tennessee.edu/RSS/spam/final-warning2.shtml Tues, 16 Dec 2008 08:33:00 EST This is the same as the previous scam, only with slightly different packaging. My favorite elements of this scam are rampant misspelling of "expire" and the fact that the unit of measurement here was apparently an afterthought (days). It makes me wonder if the original subject was a more hip "account expeire in 7." http://security.tennessee.edu/RSS/spam/accountexpeire.shtml Fri, 7 Nov 2008 11:11:00 EST Yet another message saying the recipient is over their quota so the logical next step is to delete the account. In order to "re-set your SPACE on our database prior to maintain your INBOX" (gotta love bad grammar) the recipient must reply with a username and password. If I've said it once, I've said it a million times; OIT will NEVER ask for your password, certainly not via email. http://security.tennessee.edu/RSS/spam/webmail.shtml Fri, 7 Nov 2008 10:53:00 EST If the notice that this is from the "UKT HELPDESK" wasn't a big enough hint that this is a scam, I think the spanish foot note is the kicker. http://security.tennessee.edu/RSS/spam/final-warning.shtml Tues, 4 Nov 2008 09:02:00 EST Yet another phishing attempt. http://security.tennessee.edu/RSS/spam/verify6.shtml Wed, 22 Oct 2008 08:27:00 EST Apparently from "Admin" claims that we "will be making some vital maintainance on our {EDU} webmail." The recipient is advised that they can avoid any problems logging on during the maintenance by "confirming" their account by providing, you guessed it, their username and password. We just can't stress enough that we will NEVER ask you to divulge your password, especially via email. http://security.tennessee.edu/RSS/spam/notice.shtml Tues, 14 Oct 2008 08:34:00 EST Supposedly from "utk.edu Technical Support Team," claims that the recipient must respond with their username and password in order to "update" their account and prevent it from being terminated. I especially love the warning that "Failure not to update your account" will ensure your account is terminated. So, they're essentially telling folks that responding will get their account terminated--I can see the logic in that. http://security.tennessee.edu/RSS/spam/update2.shtml Tues, 14 Oct 2008 08:22:00 EST Supposedly from the UT Memphis HelpDesk, claims the recipient's account has almost used all their quota (as previous examples have shown, a rediculously small one) They also ask for the uername and password so they can "re-set your SPACE on our database prior to maintain our INBOX". We still have no clue what that means. http://security.tennessee.edu/RSS/spam/accountexpire3.shtml Tues, 07 Oct 2008 10:50:00 EST Yet another phishing attempt telling folks their accounts will be deleted if they don't respond with their credentials. http://security.tennessee.edu/RSS/spam/dear3.shtml Mon, 6 Oct 2008 09:01:00 EST Supposedly from the "Webmail Help Desk", claims the recipient's account has almost used their whopping 25 MB quota. Lets set aside for the moment that we're retiring the WebMail system and that the quota on that system is 100 MB. The recipient is requested to send their username and password so they can "re-set your SPACE on our database prior to maintain your INBOX", whatever THAT means. What exactly does quota have to do with account expiration again? http://security.tennessee.edu/RSS/spam/accountexpire2.shtml Thurs, 02 Oct 2008 08:57:00 EST Ahh, the good old days... I've really missed this one. It's been refined over time so the grammatical errors are fewer but I still get a chuckle when I hear about how the poor guy was "swindled and mish andled by corrupt government officials". Reminiscence, thy name is Nigerian Scam. http://security.tennessee.edu/RSS/spam/nigerian.shtml Wed, 01 Oct 2008 07:59:00 EST With the recent swell of viruses and trojans, I'd almost missed good old-fashioned phishing attempts like this one. Why someone has to respond with their password to be able to "Check out your new features and enhancements..." I'll never know. http://security.tennessee.edu/RSS/spam/dear2.shtml Fri, 26 Sep 2008 08:56:00 EST Supposedly from "The Internet Service Provider Consorcium", claims they have evidence of illegal activities on the part of the recipient and they must cease these activities or their access will "get suspended." They claim the attached file is a report of these illegal activities while it is actually a virus. http://security.tennessee.edu/RSS/spam/suspended.shtml Thurs, 25 Sep 2008 08:00:00 EST Supposedly from eBay, claims the recipient must visit a webpage to "update information your account". http://security.tennessee.edu/RSS/spam/ebay.shtml Tues, 23 Sep 2008 08:37:00 EST Yet another version of the Hallmark scam. http://security.tennessee.edu/RSS/spam/hallmark3.shtml Mon, 22 Sep 2008 08:29:00 EST Supposedly from "IT SERVICE" claims the recipient's inbox is too large and to resolve the issue, they must respond with their username and password. http://security.tennessee.edu/RSS/spam/accountexpire.shtml Wed, 17 Sep 2008 09:03:00 EST Supposedly from greetings.com (Hallmark), claims someone has sent the recipient an animated greeting and they must download and install the E-card to view it. The installer is a virus. http://security.tennessee.edu/RSS/spam/greeting.shtml Wed, 17 Sep 2008 07:59:00 EST Supposedly from PayPal, claims there has been some susplcious activity in the recipient's "Pay Pal" account and directs them to view the attached report for more details. The attachment is actually a virus. McAfee is catching the virus. http://security.tennessee.edu/RSS/spam/paypal.shtml Tues, 09 Sep 2008 08:22:00 EST Supposedly from Hallmark, claims someone has sent the recipient an E-card that is contained in the attached postcard.zip. The file is actually a trojan. http://security.tennessee.edu/RSS/spam/hallmark2.shtml Tues, 09 Sep 2008 08:08:00 EST Supposedly from MediaDefender, claims the recipient's "illegal activities" are being logged and unless they stop downloading "copyrighted softwares" they will be faced with legal action. The recipient is encouraged to view the attached report for more details. The attachment is a virus. McAfee is not currently catching this virus although a copy of it has been sent to them for inclusion in the next DAT release. http://security.tennessee.edu/RSS/spam/mediadefender.shtml Fri, 05 Sep 2008 16:37:00 EST Supposedly from Hallmark, claims someone has sent the recipient an E-card and they need to click on a link to view the card. The link actually downloads a virus. http://security.tennessee.edu/RSS/spam/hallmark.shtml Fri, 05 Sep 2008 08:53:00 EST Supposedly from "Progressive Business Publications", claims the IRS and the Department of Homeland Security (DHS) are updating mandatory personnel forms and directs the recipient to a website to purchase them. Points of note: The IRS makes forms available for free on their website (http://www.irs.gov/), and the DHS didn't exist in 1991. http://security.tennessee.edu/RSS/spam/federal.shtml Wed, 03 Sep 2008 09:43:00 EST Supposedly from the "utk.edu technical support team", claims the recipient's account was used to send large amounts of spam which proves their system is compromised. The message advises the recipient to follow the attached instructions to protect their system. The attached file "text_2.zip" is actually a virus. McAfee is now detecting the virus. http://security.tennessee.edu/RSS/spam/proxy.shtml Wed, 03 Sep 2008 09:06:00 EST Yet another canned phishing attempt. They've gotten smarter and made it a little more modular with the generic "Your School". However, They still haven't learned that "database" is one word, or subject-verb agreement. http://security.tennessee.edu/RSS/spam/confirm11.shtml Wed, 03 Sep 2008 08:44:00 EST We're now into the double digits on this particular phishing scam. The recipients "are to forward the following informations" so that the "utk.edu Engineer" can preserve their account(s). Do we get pay raises now that we're Engineers? http://security.tennessee.edu/RSS/spam/confirm10.shtml Wed, 27 Aug 2008 09:25:00 EST This is similar to the previous AntivirusXP2008 scam with the added benefit of asking for money! http://security.tennessee.edu/RSS/spam/antivirus2009.shtml Thurs, 14 Aug 2008 10:09:00 EST Supposedly from the UK Lottery, claims that the recipient has won and must acknowledge receipt of the email as the first step towards claiming their winnings. http://security.tennessee.edu/RSS/spam/attention.shtml Thurs, 14 Aug 2008 10:09:00 EST Supposedly from Facebook, this message claims that someone has added the recipient as a friend and confirmation is required. They have helpfully attached a picture to the message so the recipient can see the friend before loging in. The kicker is that the picture file (picture.zip) is actually a virus. McAfee currently does not detect the virus so a copy of it has been sent to them so we can get updated DAT files. http://security.tennessee.edu/RSS/spam/facebook.shtml Thurs, 14 Aug 2008 09:52:00 EST This scam doesn't get delivered via email but it's a scam just the same. It's Malware pretending to be software that finds Malware. http://security.tennessee.edu/RSS/spam/antivirus.shtml Wed, 13 Aug 2008 15:48:00 EST Supposedly from the Webmail Administrator, this is a newer version of the previously seen verify phishing script. They still haven't learned that "database" is one word. http://security.tennessee.edu/RSS/spam/verify5.shtml Tues, 6 Aug 2008 09:29:00 EST The "oldie but goldie" is back. We're now on our tenth iteration of the original phishing attempt. They still haven't embraced spell check (they're performing "maintainance") and didn't bother replacing the placeholder "{EDU}" with "UTK". http://security.tennessee.edu/RSS/spam/confirm9.shtml Mon, 4 Aug 2008 10:34:00 EST This phishing attempt doesn't even try to hide the fact that it isn't from an official university address. They claim there will be new features and that they are trying to find any "inative" users. It asks for the standard fare of username and password. http://security.tennessee.edu/RSS/spam/update.shtml Thurs, 31 Jul 2008 08:26:00 EST Supposedly from "UTK WEBMAIL", claims the recipient must respond with the usual username and password combo along with the name of their webmail "serever". This one is a little different from the others in that it is down right threatening, including the phrase "Be Warned". I'm still amazed that in phishing, spelling and grammar don't count. http://security.tennessee.edu/RSS/spam/upgrade2008.shtml Tue, 22 Jul 2008 08:38:00 EST Supposedly from the UTK TECH SUPPORT TEAM, it's the canned phishing attempt that won't die. As with its predecessors, it requests that users reply with their username and password to ensure they (not their accounts, interestingly enough) are not deleted. http://security.tennessee.edu/RSS/spam/confirm8.shtml Mon, 21 Jul 2008 14:47:00 EST Supposedly from the UTK.EDU Support Team, yet another canned phishing attempt requests that users send information such as their "Fiest Name" along with their username and password to ensure their account is not deleted. http://security.tennessee.edu/RSS/spam/reconfirm.shtml Mon, 14 Jul 2008 06:53:00 EST Supposedly from the Web Support Team, yet another canned phishing attempt requests that users send their username and password to ensure their account is verified. http://security.tennessee.edu/RSS/spam/dear.shtml Fri, 27 Jun 2008 14:49:00 EST Supposedly from a "verification desk", this not-completely-modified canned phishing attempt requests that users send their username and password to ensure their account is verified. http://security.tennessee.edu/RSS/spam/feature.shtml Tues, 24 Jun 2008 15:01:00 EST Supposedly from the IRS, claims the recipient is due a refund and must visit a website which asks for personal information to receive the funds. http://security.tennessee.edu/RSS/spam/refund2.shtml Mon, 23 Jun 2008 08:10:00 EST This is a modification of a targeted phishing attack on the CS department last month. It claims that the recipient must respond with their password to ensure their account doesn't get deactivated. http://security.tennessee.edu/RSS/spam/up-grade.shtml Tue, 27 May 2008 13:18:00 EST This is a resurgance of the "Verify..." phishing attempts. They've given it a new subject line but it's the same scam, even down to the same "warning code". http://security.tennessee.edu/RSS/spam/important-notice.shtml Tue, 27 May 2008 10:13:00 EST Now the fourth variant of an earlier scam, claims the recipient must reply with their username and password or their UTK email account will be deleted. http://security.tennessee.edu/RSS/spam/verify4.shtml Tue, 27 May 2008 07:52:00 EST Supposedly from EPPICard, claims the recipient needs to verify their card online to prevent identity theft. http://security.tennessee.edu/RSS/spam/eppicard.shtml Tues, 20 May 2008 10:00:00 EST Supposedly from "BELLNET", claims the recipient must respond with a surname and password to prevent their account from being closed. http://security.tennessee.edu/RSS/spam/notification.shtml Thurs, 15 May 2008 9:27:00 EST Supposedly from an unknown lottery agency, claims the recipient has won and must respond to claim their winnings. http://security.tennessee.edu/RSS/spam/lottery.shtml Tues, 13 May 2008 16:55:00 EST Yet another variant of an earlier scam, claims the recipient must reply with their username and password or their email account will be suspended. http://security.tennessee.edu/RSS/spam/verify3.shtml Fri, 09 May 2008 10:26:00 EST We're now up to the seventh reported variant of an earlier scam, claims the recipient must reply with their username and password or their UTK email account will be deactivated. http://security.tennessee.edu/RSS/spam/confirm7.shtml Thur, 08 May 2008 11:13:00 EST Supposedly from the Internal Revinue Service, claims the recipient is due a refund and must enter personal inforamtion such a SSN and Credit Card number to receive the refund. http://security.tennessee.edu/RSS/spam/refund.shtml Mon, 21 Apr 2008 11:40:00 EST Supposedly from the Computer Science department, claims the recipient must reply with their CS username and password. http://security.tennessee.edu/RSS/spam/upgrade.shtml Tue, 15 Apr 2008 16:02:00 EST Supposedly from "UTK.EDU", claims we're updating our website and need you to reply with your username and password. http://security.tennessee.edu/RSS/spam/reply.shtml Tue, 08 Apr 2008 08:49:00 EST Supposedly from Home Federal Bank, claims the recipient's account has been disabled and that they must call the listed (long-distance) number to reactivate the account. http://security.tennessee.edu/RSS/spam/homefederal.shtml Mon, 31 Mar 2008 10:35:00 EST Supposedly from BancorpSouth, claims they have brought a new web-based portal online to enhance security and that all customers must sign on to update their account information. http://security.tennessee.edu/RSS/spam/bancorp.shtml Mon, 31 Mar 2008 10:22:00 EST A variant of an earlier scam, supposedly from the UK National Lottery, claims the recipient has won and needs to send email to a Hotmail account with demographic information to claim their winnings. http://security.tennessee.edu/RSS/spam/uklottery2.shtml Mon, 31 Mar 2008 10:00:00 EST We're up to the sixth reported variant of an earlier scam, claims the recipient must reply with their username and password or their UTK email account will be deactivated. http://security.tennessee.edu/RSS/spam/confirm6.shtml Fri, 28 Mar 2008 12:33:00 EST Now the fifth reported variant of an earlier scam, claims the recipient must reply with their username and password or their UTK email account will be suspended. http://security.tennessee.edu/RSS/spam/confirm5.shtml Tues, 25 Mar 2008 11:14:00 EST Supposedly from the UK Lottery Headquarters, claims the recipient has won the UK lottery and must send personal information to the coordinator to receive payment. http://security.tennessee.edu/RSS/spam/uklottery.shtml Mon, 24 Mar 2008 09:36:00 EST Supposedly from a textbook reprinting service, invites the recipient to provide non-sensitive data to have out-of-print textbooks reprinted. It is assumed this the first step in a multiple-step phishing campaign. http://security.tennessee.edu/RSS/spam/reprint.shtml Thurs, 20 Mar 2008 15:42:00 EST An interesting take on the oldie but goldie Nigerian Scam, claims the sender has won some money but needs the recipient's help to claim it. This scam is unique in that it includes a calendar invitation that automatically is added to the recipient's calendar if they are using a compatible client. See the link for more information. http://security.tennessee.edu/RSS/spam/invitation.shtml Thurs, 20 Mar 2008 15:07:00 EST Supposedly from Wachovia, claims a problem with their server room requires customers to validate personal information. http://security.tennessee.edu/RSS/spam/wachovia.shtml Thurs, 13 Mar 2008 17:09:00 EST Supposedly from CitiBank, advertises a new security feature that customers must sign up for. http://security.tennessee.edu/RSS/spam/citibank.shtml Mon, 10 Mar 2008 10:25:00 EST Yet another variant of an earlier scam, claims the recipient must reply with their username and password or their UTK email account will be suspended. http://security.tennessee.edu/RSS/spam/verify2.shtml Fri, 29 Feb 2008 09:04:00 EST Supposedly from Knoxville Post Office Credit Union, claims the recipient must call a toll-free number to reactivate or confirm their debit or credit card to prevent fraud. http://security.tennessee.edu/RSS/spam/kpocu.shtml Thurs, 28 Feb 2008 10:37:00 EST A variant of an earlier scam, Supposedly from the US Internal Revenue Service, claims the recipient is entitiled to a refund. http://security.tennessee.edu/RSS/spam/irs.shtml Tues, 26 Feb 2008 11:29:00 EST Another variant of an earlier scam. Supposedly from central support, claims the recipient must reply with their password. http://security.tennessee.edu/RSS/spam/confirm4.shtml Tue, 19 Feb 2008 09:06:00 EST Supposedly from Yahoo and/or MSN, claims the recipient has won the Yahoo MSN Lottery http://security.tennessee.edu/RSS/spam/congratulations.shtml Fri, 15 Feb 2008 09:14:00 EST Supposedly from VISA, claims the recipient must call a toll free number to "unlock" their VISA account. This scam is unique in that it does not ask the recipient to reply via email, but call a toll free number. It is sophisticated enough to mimic an authentic call-in service including verifying the credit card number given is a valid number (it must be a valid Luhn algorithm number). If you or someone you know has called the number in this or similar scams, see our Unauthorized Access FAQ for information on getting a free credit report and/or a Fraud Alert placed on your account. http://security.tennessee.edu/RSS/spam/urgent-notification.shtml Wed, 13 Feb 2008 15:48:00 EST A variant of an earlier scam. Supposedly from the UK National Lottery, claims the recipient has won. This variant is unique in that the messages are sent "from" UTK addresses. http://security.tennessee.edu/RSS/spam/final-notices.shtml Mon, 11 Feb 2008 08:53:00 EST Another variant of an earlier scam. Supposedly from central support, claims the recipient must reply with their password. http://security.tennessee.edu/RSS/spam/confirm3.shtml Wed, 6 Feb 2008 09:10:00 EST Supposedly from JPMorgan Chase Bank, claims the recipient must login to a website and confirm their Chase account information. http://security.tennessee.edu/RSS/spam/chase.shtml Thurs, 31 Jan 2008 13:44:00 EST A variant of an earlier scam,supposedly from central support, claims the recipient must respond with their password. http://security.tennessee.edu/RSS/spam/confirm2.shtml Thurs, 31 Jan 2008 13:44:00 EST Supposedly from the US Internal Revenue Service, claims the recipient is entitiled to a refund. http://security.tennessee.edu/RSS/spam/irs-refund.shtml Thur, 31 Jan 2008 08:53:00 EST Supposedly from the UK Lottery Commission, claims the recipient has won. http://security.tennessee.edu/RSS/spam/winning-notification.shtml Tues, 29 Jan 2008 13:30:00 EST Supposedly from the Navy Federal Credit Union, claims the recipient must reactivate their VISA debit card. http://security.tennessee.edu/RSS/spam/navy-fcu.shtml Tues, 29 Jan 2008 13:40:00 EST Supposedly from the National Lottery Board, claims the recipient has won. http://security.tennessee.edu/RSS/spam/goodnews.shtml Tues, 29 Jan 2008 13:50:00 EST Supposedly from the HelpDesk, claims the recipient must respond with their password. http://security.tennessee.edu/RSS/spam/confirm.shtml Tues, 29 Jan 2008 14:00:00 EST Supposedly from the HelpDesk, claims the recipient must respond with username and password or their account will be deactivated. http://security.tennessee.edu/RSS/spam/verify.shtml Tues, 29 Jan 2008 14:10:00 EST