‘Re-Validate Your Mailbox’ Email Phishing Scam

Email purporting to be from ‘Your Domain Admin’ claims that your email account has exceeded its storage limit and you must therefore open an attached file to re-validate your mail box.

Brief Analysis:
The email is not from any domain or webmail admin and the claim that you must validate your account is untrue. The email is a phishing scam designed to steal your email account login credentials.

Subject: Re-Validate Your Mailbox..

Dear Email User,Your mailbox has exceeded the storage limit, which is defined by the administrator,
You are running at 99.8 gigabytes,you can not send or receive new messages until you re-validate your mailbox


Thank you!


Your Domain Admin.

©2010 – 2016 Mail . All Rights Reserved.

Attached HTML file opens the following login form in your default browser:

Revalidate Mailbox Phishing Scam

Detailed Analysis:
According to this email, which purports to be from ‘Your Domain Admin’, your mailbox has exceeded its storage limit and you will therefore be unable to send or receive new emails. To deal with the problem, claims the email, you must open an attached file to validate your mailbox.  The email includes an attached file called ‘revalidate.html’.

However, the message is certainly not an official admin notification and the claim that you must re-validate your mailbox is untrue.

Instead, the message is a phishing scam that is designed solely to steal your email account address and password. If you open the attached .html file, an email account login form will load in your default browser. The form asks you to sign in to update your account by entering your email address and password.  After entering your account details, another page will appear that notifies you that the ‘update’ is now complete. Thus, you may carry on with your day in the mistaken belief that you have dealt with the supposed exceeded storage issue.

Meanwhile, however, Internet criminals can use the information you supplied to hijack your email account and redeploy it for their own purposes. Once they have gained access to your account, the criminals can use it to launch spam, scam, and malware campaigns in your name.

In this attack, the scammers have deliberately not identified the email service provider they are supposedly representing. By using this generic approach, they can target all email users, not just those who use a particular provider such as Gmail or Yahoo.

Depending on the type of account you have and how it is configured, your email inbox may indeed exceed its allotted storage limit from time to time. And, your email provider may be configured to automatically send you a message warning you that the storage limit has been reached. However, no legitimate service provider will ever instruct you to provide your login details via an unsecure form contained in an email attachment.

It is always safest to login to all of your online accounts by entering the address into your browser’s address bar or via an official app. If your email account does exceed its limit, you can usually deal with the issue by deleting messages stored in the account to free up room or, in some cases, asking for or allotting a larger storage limit.

Criminals have used this ‘exceeded storage limit’ ruse in various forms for years and this type of phishing scam is still quite common.

Last updated: June 13, 2016
First published: June 13, 2016
By Brett M. Christensen
About Hoax-Slayer

Email Exceeded Storage Limit Phishing Scam
Phishing Scams – Anti-Phishing Information