Spoof emails can be a major problem for unsuspecting internet users. Claiming to be sent by well-known companies, these emails ask you to reply with personal information, such as credit card number, account password or call a given number.

These deceptive emails are called “Spoof Emails” because they fake the appearance of a web site or company in an attempt to commit identity theft. Also known as “hoax” or “phishing” emails.

Warning signs of a spoof email

Sender's Email Address: Spoof email may include a forged email address in the “From” line - Some may actually be real email addresses that have been forged. (From: admin@uonbi.com; From: UoNAcctMaintenance@uonbi.ac.ke).

Email Greeting: Many Spoof emails will begin with a general greeting such as “Welcome UoN User”, “Dear uonbi.ac.ke Account User”

Urgency: Claims that UoN ICT center is updating its files or accounts - Don't worry, it is highly unlikely that UoN will lose your account information, or will want to know your password.

Account Status Threat: Most Spoof emails try to deceive you with the threat that your account is in jeopardy and you will not be able to log in if you do not update it immediately.

Links in an Email: While many emails have links included, just remember that these links can be forged too.

Requests Personal Information: Requests that you enter sensitive personal information such as a User ID, password or bank account number by clicking on a link or completing a form within the email are a clear indicator of a Spoof email.

Poor grammar: Be on the lookout for poor grammar or typographical errors. Many phishing e-mails are translated from other languages or are sent without being proof-read. As a result, these messages can contain bad grammar or typographical errors.

Reporting spoof emails

If you have any doubt whether an email is really from UoN, here's how to report it;

1. Forward the message to mailadmin@uonbi.ac.ke
2. Do not alter the subject line or forward the message as an attachment - doing so prevents us from investigating it further.
3. Once you have forwarded the email, you can then delete it from your email account.

Tips on how to protect your account

If you get an email that looks like it is from mailadmin@uonbi requesting personal information it is a fake email. We do not ask for personal information, especially your password.

Scan for Viruses Frequently scan your computer for viruses and make sure your virus software, operating system, and browser patches are up to date.

Vigilance Is the Best Line of Defense. You should periodically check your account status to see if there is any suspicious activity.

Change Your Password Frequently. If you think your account security may have been breached, change your account password immediately.

Make Your Password Unique. To prevent someone accessing multiple accounts, it is effective to have different passwords for each account. Also, a good password will include a combination of letters and numbers - this makes it more difficult for people to guess the password.

Contact ICT center immediately if you think you entered your email password into a spoof site/email.

Contact Your Bank immediately if you think you entered your personal financial information into a spoof site.


There are many hoaxes circulating around the internet. A hoax is the human version of a computer virus. Instead of convincing the computer to pass the message along to many other computers, the message is written to convince a human to send the message to many other humans. For example there was an email circulating about “dying boy wants postcards, send this if you care” .

Sample spoof mail

Subject: Dear University of Nairobi Email Subscriber
From: “Administrator Webmaster” <angeliakattalakis@att>
Date: Fri, March 19, 2010 1:12 am
To: undisclosed recipients:;
Dear University of Nairobi Email Subscriber
This is To complete your account verification process of the past year for the maintanance of your email account, you are required to answer this message and enter your ID and PASSWORD space (***), you should do so before the next 48 hours of receipt of this email, Web mail or your account will be deactivated and deleted from our database.
Full Name:
Webmail User ID:
Webmail Password:
Date Of Birth :
Your account can also be monitored;htp:mail.uonbi.ac.ke/webportal/login.php
Thank you for using University of Nairobi Copyright administration.
Credits: Information Management Group Copyright 2010, All Rights Reserved.''

spoof_emails.txt · Last modified: 2020/05/06 08:51 (external edit)
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki