Outline
Email purporting to be from the “Mail Administrator” claims that the user’s email account is pending deactivation and will be terminated within 24 hours if the user does not click a link to sign in and update the account.
Brief Analysis
The message is not from any genuine Mail Administrator and the claims of impending account deactivation are untrue. Instead, the email is a phishing scam designed to trick unwary users into giving their email account login details to cybercrooks.
Example
Subject: Important News About Your Account (Closure)
From: Mail Administrator
Hello Account Holder,
Just a short note to inform you that our records indicate that your account is “Pending De-activation” we have previously contacted you requesting account update, however as no update, your e-mail account will now be temporarily suspended if you ignore to update your account within the next 24 hours, to avoid the termination of your e-mail service, kindly click on your Ticket ID below, sign on with your VALID e-mail and password in order to avoid service disruption
CLICK TO VERIFY
Notice Month: September 2013
Received from: Accounts and Administrator
Status: Pending De-activation
Ticket ID: FIQ-868119
Please note that the ticket will automatically be closed within 48 hours if no response is received from you and your account permanently de-activated.
Kind regards,
Gao Lee Wu
Customer Experience Officer
Detailed Analysis
This deceptively simple phishing email attempts to panic unwary users into sending their email account details to cybercriminals. The email, which purports to be from the Mail Administrator, claims that the user’s account is “pending de-activation” and will be terminated within 24 hours unless the user provides an account update. The user is instructed to click a link to begin the update and save his or her account from permanent deactivation.
Those panicked into clicking the link in the message will be taken to a generic webpage that asks them to login with their email address and email account password.
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?
Thus, believing that they have successfully saved their accounts from deactivation, users may go about their business with no inkling that they have just been scammed.
Unlike many other email phishing scams, this one does not target customers of a specific email provider. It deliberately does not mention the name of the email service provider that the message was supposedly sent by. In this way, the scammers can collect account data from users of any email system.
Once they have harvested the account details, the criminals can then hijack the real email accounts belonging to their victims and use them to launch various spam and scam campaigns.
Be cautious of any unsolicited email that claims that you must update your email account by clicking a link or opening an attachment. Such “account update” scam emails are a very common scammer ploy.
Since you’ve read this far…
…can I ask you for a big favour?To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.
Thank-you.
Brett Christensen
