Email Exceeded Storage Limit Phishing Scam

Outline:
Email claims that you have exceeded the storage limit for your mailbox and, therefore, your email account will be closed if you do not click a link to increase your storage capacity.




Brief Analysis:
The email is not a legitimate support notification. It is a phishing scam designed to steal your email account password.  There have been many variations of this scam message. Such scams have been targeting email users for many years. If you receive one of these emails, do not click any links or open any attachments that it contains.

Example:
Subject: You Have Exceeded The Storage Limit For Your Mailbox !
Dear [email address removed]

Your E-mail Account will be closed if you fail to increase Storage capacity Kindly Click here to increase your storage capacity by 30.00GB Free..

Click here to add up free 20GB storage.

If not gotten from you in the next 24 hours, We shut down your E-mail Account,Until after proper verification before you can access your E-mail Account Again….!!!Thanks.
Domain Security 2016/2017.Email Exceeded Storage Limit Phishing Scam





Detailed Analysis:
According to this email, you have exceeded the storage limit for your mail box. The message warns that, if you fail to increase your storage capacity, your email account will be closed. It instructs you to click a link to increase your storage and thereby resolve the issue.

However, the email is certainly not from any legitimate email service provider and the claim that your email account will be closed if you do not click to increase storage capacity is untrue. Instead, the email is just a crude phishing scam that is designed to steal your email account password. Clicking the “add free storage” link takes you to a fraudulent web page that asks you to enter your email address and email account password into a login box. If you click the “continue” button, you will see a message that advises that your extra storage capacity has been added and the problem with your account has been fixed.

But, alas, online criminals can now collect the details you supplied and use them to hijack your email account. Once they have gained entry, they can use your account to send spam, scam, and malware emails in your name.

And, if the  email address and email password that you entered on the fake form also provides access to connected services such as online stores and cloud storage, the scammers can gather even more of your personal information and conduct fraudulent transactions in your name. In fact, the criminals may manage to harvest and collate a large amount of your personal information and they may be able to use this information to steal your identity.

The “exceeded storage limit” scam tactic goes back many years. Such scam emails have been hitting inboxes for at least a decade. Some, such as the 2009 version I have included below, simply asked victims to reply to the email with their account username and password:

From: System Administrator
Subject: RE; Your E-MailBox Has Exceeded Storage Limit!

Attention:

RE; Your E-MailBox Has Exceeded Storage Limit!

Your Emailbox has exceeded the storage limit. You may not be able to send or receive new mail until your mailbox size is increased by your System Administrator.

To help us re-set increase the size on our database prior to maintain your Mailbox, you must contact your system administrator via Email with these informations, to increase your storage limit automatically. You do not need to be present at our Office.

Username: …………….
Password:……………..

You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit or between 18MB and 20 MB.

Email accounts sometimes do exceed their allotted quota and some mail systems may send out automated messages informing their users of this issue. However, no legitimate mail administration system is likely to threaten an account closure or demand that users click a link to log in and increase storage.  Nor would they ever ask users to send their username and password via an unsecured email in order to fix an over-quota account. Users can normally remedy the problem of an over-quota account themselves by simply logging in and freeing up space by deleting unnecessary emails.

Scammers regularly use such tactics to steal login information. Some scam emails may claim that the user must submit login details to prove his or her identity after a system upgrade. Others, like the one discussed here, claim that there is a problem with the account and the user must supply login information so that the “problem” can be rectified. Be wary of any unsolicited message that asks you to supply your email password. If you receive one, do not click any links or open any attachments that it may contain.




Last updated: November 18, 2016
First published: November 29, 2009
By Brett M. Christensen
About Hoax-Slayer

References
‘Re-Validate Your Mailbox’ Email Phishing Scam
Microsoft Outlook ‘Account Exceeded Storage Limit’ Phishing Scam
“Mailbox Exceeded The Quota Warning Threshold” Email Phishing Scam