Message purporting to be from the eMail Security Team claims that your Mail Box will expire soon and you will therefore be blocked from sending and receiving emails if you do not click an update link within 24 hours.
The email is not from any legitimate security team. It is a phishing scam designed to steal your email account password so that the account can be hijacked and used to launch spam and scam campaigns
According to this email, which purports to be from an entity that identifies itself as the ‘eMail Security team’, your Mail Box will expire soon. The message warns that, if you do not confirm by clicking an update link within 24 hours, your account will be deactivated and you will be blocked from sending and receiving emails. The email includes a ‘Powered by’ line that features a row of icons belonging to several well known email service providers.
However, the email is not from any ‘security team’ and the claim that your email account is about to be deactivated is untrue. In fact, the email is a phishing scam designed to steal your email account password.
If you click the link, you will be taken to a fraudulent website that asks you to supply your email password, supposedly to allow your account to be verified (see screenshot below). The link in the scam email is configured so that your own email address will appear on the fake update site, apparently in an attempt to add a degree of authenticity.
If you enter your password and click the ‘sign in to continue’ button, a ‘Page Not Found’ error will be displayed.
Meanwhile, however, the scammers can collect your email password and email address and use the data to hijack your real email account. Once they have gained access to your account, they can use it to blast out further spam and scam emails in your name.
Phishing scams like this one are very common. Keep in mind that legitimate email providers will never send you a message demanding that you click a link to provide account login details. It is always safest to login to your webmail account by entering the address into your browser’s address bar or via a legitimate email app.
Last updated: July 20, 2016
First published: July 20, 2016
By Brett M. Christensen