Email claiming to be from the Mail Administrator claims that the recipient’s email address has been queued for deactivation due to an account error. The message instructs the recipient to click a link to resolve the problem and avoid account deactivation.
The message is not from any mail administrator and the claim that the recipient’s address is set to be deactivated is untrue. The message is an attempt by cybercriminals to trick users into handing over their email account login details.
Subject: Email Deactivation Warning
Dear [email address removed]
This is an automatic message from our servers; If you are receiving this message it means that your email address has been queued for deactivation. This was as a result of a continuous error received from this email address (code:505).
Please Click [Link Removed] to resolve this problem.
Note: Failure to resolve this problem by ignoring this message would result to the deactivation of your account.
We apologize for any inconvenience and appreciate your understanding.
This message, which purports to be from a “Mail Administrator”, warns recipients that their email address has been queued for deactivation due to a “continuous error” received from the account. The message instructs users to click a link in order to resolve the problem. But, warns the message, ignoring the instructions will result in the deactivation of the email account.
However, the email is not from any administrator nor are the email addresses set to be deactivated as claimed. In fact, the message is a phishing scam designed to trick users into divulging their account login details to online scammers. Those who fall for the ruse and click the link will be taken to a bogus email login page as depicted in the following screenshot:
Users who comply with the request and enter their details will then be presented with the following message:
Your Information Has Been Submitted Successfully.
Note: Inputting Wrong Information will result to de-activation of your email address.
Click Here to correct your submitted information.
It is true that the information has been “submitted successfully’, at least from the point of view of the criminals operating the scam. In fact, the login information will be sent to these criminals and may subsequently be used to hijack the victim’s real email account.
Once they have gained access to the compromised account, the criminals can lock out the legitimate owner. They can then use the account to send scam and spam emails that will look like they were sent by the legitimate owner.
Often, such hijacked accounts are used to send emails that falsely claim that the account owner is stranded in a foreign country or has suffered a serious mishap and is therefore in desperate need of money. Because these emails seemingly come from someone they actually know, at least a few recipients of these emails may fall for the ruse and send money as requested.
Many similar phishing scam emails have been distributed by criminals in recent years. Most versions target a specific email provider such as Hotmail, Yahoo, Gmail or Bigpond.
This version takes a more generic approach, apparently in an attempt to snare users of any email service. The warning message makes no attempt to identify which email service that it supposedly originates from. So regardless of which email provider they use, victims who fall for the trap and submit their details may find that their accounts are quickly hijacked.
No email provider is ever likely to send such a generic deactivation warning. Be cautious of any email claiming that there is a problem with your email account and you must click a link or open an attachment to resolve the problem or verify account details.
It is always safest to log in all of your online accounts by inputting their account address into your browser’s address field rather than by clicking a link in an email.