I received this message today ...
Dear UTORONTO.CA Email Account Owner,My question is serious. Is there any data out there to suggest that scams2 like this actually succeed? Are there people who respond to these notices by sending off their email passwords?
This message is from UTORONTO.CA messaging center1 to all UTORONTO.CA email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused UTORONTO.CA email account to create more space for new accounts.
To prevent your account from closing you will have to update it below so that we will know that it's a present used account.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username :
EMAIL Password :
Attention!!! Account owner that refuses to update his or her account within ten days of receiving this Notification will lose his or her account permanently.
Thank you for using UTORONTO.CA!
Also, what's the purpose behind this attempt to get email passwords? What do they plan to do with them? Are they hoping that the email passwords will give them access to the user accounts or do they just like to read email messages?
1. The sender is "Online Services (email@example.com)." A domain that does not exist. The reply-to address is "firstname.lastname@example.org." I've often wondered how these scams work. How do the perps get the replies if the return address is bogus?
2. It's easier to recognize that this is a bogus message because of the language—obviously not written by someone whose native language is English—but even if it was grammatically correct most people would know that it's a scam, right?