Home ScamsPhishing Scams ‘Warning Code: 11XXTT8765’ Email Phishing Scam

‘Warning Code: 11XXTT8765’ Email Phishing Scam

by Brett M. Christensen

Email purporting to be from the “Admin Team” claims that, due to a scheduled maintenance and upgrade, users must reply with their email password or their email account will be terminated. 

Brief Analysis
The message is not from a legitimate email account support team. In fact, the email is a phishing scam designed to trick users into divulging their email account passwords to Internet criminals.


From: “Admin Team”
Subject: Warning Code: 11XXTT8765

Dear Email user,

We would like to inform you that we are currently carrying out scheduled
maintenance and upgrade of our Email service and as a result of this our
Email client has been changed and your original password will reset. We
are sorry for any inconvenience caused.

To maintain your Email account, you must reply to this Email immediately
and enter your current Password here
(___________ )

Failure to comply will lead to the
termination of your Email Account.
Warning Code: 11XXTT8765

©Email ACCOUNT ABN 31 **** 3766 *** All Rights Reserved.
Admin Team.

Detailed Analysis
According to this email, the recipient’s email service provider is carrying out a scheduled maintenance and upgrade of the service that will require user passwords to be reset. The recipient is instructed to reply to the email with his or her email password so that the email account can be maintained. The message warns that users who do not comply and send their password as instructed will have their email accounts terminated. The message purports to be from the service provider’s “Admin Team” and features the ominous sounding subject line, “Warning Code: 11XXTT8765”.

However, the email is not from any legitimate service provider support team and the claims in the message are lies. The email is a phishing scam designed to lure unsuspecting users into placing their account passwords into the hands of criminals. Those who comply and send their password as requested may soon find that their email accounts has be hijacked by the scammers and used to launch ongoing spam and scam campaigns. The spam and scam messages sent by the criminals via the hijacked accounts will appear to come from the original account holders and may include their normal email signature and contact details. Thus, the hijackers send out fraudulent messages that cannot be easily traced back to them. And recipients of these messages may be more inclined to believe their claims because they appear to come from someone they know and trust.

A favourite ruse of such email account hijackers is to send out emails pretending that the account holders have become stranded in a foreign country and urgently need a short term loan to deal with their dire situation. Because the emails come from the accounts of people that recipients actually know, at least a few may fall for the scam and send money as requested.

The scammers will likely change passwords on the compromised accounts so that legitimate users can no longer access them. It can often be very difficult for victims to regain control of their accounts. By including elements such as the official sounding “warning code” and a fake ABN (Australian Business Number), the scammers hope to fool less experienced computer users into believing their claims.

Email account phishing scams like this one are very common and regularly target users of major email service providers around the world. Some, like this example, ask victims to simply reply with their login details. Others ask them to click a link or open an attached file to fill in a login form. These bogus forms are designed to resemble the service provider’s genuine website. No legitimate service provider is ever likely to ask its users to send passwords or other sensitive material via an unsecure email. Nor would they ask users to provide such details via an attached file or by clicking a login link.

Always login to any and all of your online accounts by entering the web address into your browser’s address bar. Do not reply to emails asking you to send your login details. Do not open attachments or click links in unsolicited emails claiming that you must provide account information.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,