Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share



'Email Account Pending Deactivation' Phishing Scam

Outline
Email purporting to be from the "Mail Administrator" claims that the user's email account is pending deactivation and will be terminated within 24 hours if the user does not click a link to sign in and update the account.

Cat fishing

© Depositphotos.com/ Lars Christensen



Brief Analysis
The message is not from any genuine Mail Administrator and the claims of impending account deactivation are untrue. Instead, the email is a phishing scam designed to trick unwary users into giving their email account login details to cybercrooks.

Bookmark and Share
Example

Subject: Important News About Your Account (Closure)
From: Mail Administrator

Hello Account Holder,

Just a short note to inform you that our records indicate that your account is "Pending De-activation" we have previously contacted you requesting account update, however as no update, your e-mail account will now be temporarily suspended if you ignore to update your account within the next 24 hours, to avoid the termination of your e-mail service, kindly click on your Ticket ID below, sign on with your VALID e-mail and password in order to avoid service disruption

CLICK TO VERIFY
 
Notice Month:            September 2013
Received from:          Accounts and Administrator
Status:            Pending De-activation
Ticket ID:        FIQ-868119

Please note that the ticket will automatically be closed within 48 hours if no response is received from you and your account permanently de-activated.

Kind regards,

Gao Lee Wu

Customer Experience Officer

Example


Detailed Analysis
This deceptively simple phishing email attempts to panic unwary users into sending their email account details to cybercriminals.  The email, which purports to be from the Mail Administrator, claims that the user's account is "pending de-activation" and will be terminated within 24 hours unless the user provides an account update. The user is instructed to click a link to begin the update and save his or her account from permanent deactivation.

Those panicked into clicking the link in the message will be taken to a generic webpage that asks them to login with their email address and email account password:

 
Account
If users comply and provide their account details, they will be taken to a new page with the message "Congratulation! Your Account Has Been Lifted".

Thus, believing that they have successfully saved their accounts from deactivation, users may go about their business with no inkling that they have just been scammed.

Unlike many other email phishing scams, this one does not target customers of a specific email provider. It deliberately does not mention the name of the email service provider that the message was supposedly sent by. In this way, the scammers can collect account data from users of any email system.

Once they have harvested the account details, the criminals can then hijack the real email accounts belonging to their victims and use them to launch various spam and scam campaigns

Be cautious of any unsolicited email that claims that you must update your email account by clicking a link or opening an attachment. Such "account update" scam emails are a very common scammer ploy.

Bookmark and Share

Last updated: September 6, 2013
First published: September 6, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Gmail 'Update Account' Phishing Scam
Friend Stranded in Foreign Country Scam Emails