Email Phishing With Digital Background
Home ScamsPhishing Scams ‘Email Account Pending Deactivation’ Phishing Scam

‘Email Account Pending Deactivation’ Phishing Scam

by Brett M. Christensen

Outline

Email purporting to be from the “Mail Administrator” claims that the user’s email account is pending deactivation and will be terminated within 24 hours if the user does not click a link to sign in and update the account.

Brief Analysis

The message is not from any genuine Mail Administrator and the claims of impending account deactivation are untrue. Instead, the email is a phishing scam designed to trick unwary users into giving their email account login details to cybercrooks.

Example

Subject: Important News About Your Account (Closure)
From: Mail Administrator

Hello Account Holder,

Just a short note to inform you that our records indicate that your account is “Pending De-activation” we have previously contacted you requesting account update, however as no update, your e-mail account will now be temporarily suspended if you ignore to update your account within the next 24 hours, to avoid the termination of your e-mail service, kindly click on your Ticket ID below, sign on with your VALID e-mail and password in order to avoid service disruption

CLICK TO VERIFY

Notice Month:            September 2013
Received from:          Accounts and Administrator
Status:            Pending De-activation
Ticket ID:        FIQ-868119

Please note that the ticket will automatically be closed within 48 hours if no response is received from you and your account permanently de-activated.

Kind regards,

Gao Lee Wu

Customer Experience Officer

Email Account Deactivation Scam Email

 

Detailed Analysis

This deceptively simple phishing email attempts to panic unwary users into sending their email account details to cybercriminals.  The email, which purports to be from the Mail Administrator, claims that the user’s account is “pending de-activation” and will be terminated within 24 hours unless the user provides an account update. The user is instructed to click a link to begin the update and save his or her account from permanent deactivation.

Those panicked into clicking the link in the message will be taken to a generic webpage that asks them to login with their email address and email account password.
If users comply and provide their account details, they will be taken to a new page with the message “Congratulation! Your Account Has Been Lifted”.

Thus, believing that they have successfully saved their accounts from deactivation, users may go about their business with no inkling that they have just been scammed.

Unlike many other email phishing scams, this one does not target customers of a specific email provider. It deliberately does not mention the name of the email service provider that the message was supposedly sent by. In this way, the scammers can collect account data from users of any email system.

Once they have harvested the account details, the criminals can then hijack the real email accounts belonging to their victims and use them to launch various spam and scam campaigns.

Be cautious of any unsolicited email that claims that you must update your email account by clicking a link or opening an attachment. Such “account update” scam emails are a very common scammer ploy.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer