Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









'Email Deactivation Warning' Phishing Scam

Outline
Email claiming to be from the Mail Administrator claims that the recipient's email address has been queued for deactivation due to an account error. The message instructs the recipient to click a link to resolve the problem and avoid account deactivation.



Brief Analysis
The message is not from any mail administrator and the claim that the recipient's address is set to be deactivated is untrue. The message is an attempt by cybercriminals to trick users into handing over their email account login details.

Bookmark and Share
Detailed analysis and references below example.





Last updated: August 9, 2012
First published: August 9, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: Email Deactivation Warning

Dear [email address removed]

This is an automatic message from our servers; If you are receiving this message it means that your email address has been queued for deactivation. This was as a result of a continuous error received from this email address (code:505).

Please Click [Link Removed] to resolve this problem.

Note: Failure to resolve this problem by ignoring this message would result to the deactivation of your account.
We apologize for any inconvenience and appreciate your understanding.

Regards,
Mail Administrator.




Detailed Analysis
This message, which purports to be from a "Mail Administrator", warns recipients that their email address has been queued for deactivation due to a "continuous error" received from the account. The message instructs users to click a link in order to resolve the problem. But, warns the message, ignoring the instructions will result in the deactivation of the email account.

However, the email is not from any administrator nor are the email addresses set to be deactivated as claimed. In fact, the message is a phishing scam designed to trick users into divulging their account login details to online scammers. Those who fall for the ruse and click the link will be taken to a bogus email login page as depicted in the following screenshot:

Email Deactivation Phishing Login

Users who comply with the request and enter their details will then be presented with the following message:

Your Information Has Been Submitted Successfully.

Note: Inputting Wrong Information will result to de-activation of your email address.

Click Here to correct your submitted information.

It is true that the information has been "submitted successfully', at least from the point of view of the criminals operating the scam. In fact, the login information will be sent to these criminals and may subsequently be used to hijack the victim's real email account. Once they have gained access to the compromised account, the criminals can then lock out the legitimate owner. They can then use the account to send scam and spam emails that will look like they have been sent by the legitimate owner. Often, such hijacked account are used to send emails that falsely claim that the account owner is stranded in a foreign country or has suffered a serious mishap and is therefore in desperate need of money. Because these emails seemingly come from someone they actually know, at least a few recipients of these emails may fall for the ruse and send money as requested.

Many similar phishing scam emails have been distributed by criminals in recent years. Most versions target a specific email provider such as Hotmail, Yahoo, Gmail or Bigpond. This version takes a more generic approach, apparently in an attempt to snare users of any email service. The warning message makes no attempt to identify which email service that it supposedly originates from. So regardless of which email provider they use, victims who fall for the trap and submit their details may find that their accounts are quickly hijacked.

No email provider is ever likely to send such a generic deactivation warning. Be cautious of any email claiming that their is a problem with your email account and you must click a link or open an attachment to resolve the problem or verify account details. It is always safest to login all of your online accounts by inputting their account address into your browser's address field rather than by clicking a link in an email.

Bookmark and Share References
Phishing Scams - Anti-Phishing Information
Friend Stranded in Foreign Country Scam Emails
Hotmail Account Deactivation Phishing Scam
Yahoo 'E-Mail Account Exceeded' Phishing Scam
Gmail Account Phishing Scam
Bigpond 'Broadband Service Suspension' Phishing Scam



Last updated: August 9, 2012
First published: August 9, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer