'Warning Code: 11XXTT8765' Email Phishing Scam
Email purporting to be from the "Admin Team" claims that, due to a scheduled maintenance and upgrade, users must reply with their email password or their email account will be terminated.
© Depositphotos.com/Fabio Berti
The message is not from a legitimate email account support team. In fact, the email is a phishing scam designed to trick users into divulging their email account passwords to Internet criminals.
From: "Admin Team"
Subject: Warning Code: 11XXTT8765
Dear Email user,
We would like to inform you that we are currently carrying out scheduled
maintenance and upgrade of our Email service and as a result of this our
Email client has been changed and your original password will reset. We
are sorry for any inconvenience caused.
To maintain your Email account, you must reply to this Email immediately
and enter your current Password here
Failure to comply will lead to the
termination of your Email Account.
Warning Code: 11XXTT8765
@Email ACCOUNT SUPPORT TEAM".
©Email ACCOUNT ABN 31 **** 3766 *** All Rights Reserved.
According to this email, the recipient's email service provider is carrying out a scheduled maintenance and upgrade of the service that will require user passwords to be reset. The recipient is instructed to reply to the email with his or her email password so that the email account can be maintained. The message warns that users who do not comply and send their password as instructed will have their email accounts terminated. The message purports to be from the service provider's "Admin Team" and features the ominous sounding subject line, "Warning Code: 11XXTT8765".
However, the email is not from any legitimate service provider support team and the claims in the message are lies.
The email is a phishing scam designed to lure unsuspecting users into placing their account passwords into the hands of criminals. Those who comply and send their password as requested may soon find that their email accounts has be hijacked by the scammers and used to launch ongoing spam and scam campaigns. The spam and scam messages sent by the criminals via the hijacked accounts will appear to come from the original account holders and may include their normal email signature and contact details. Thus, the hijackers send out fraudulent messages that cannot be easily traced back to them. And recipients of these messages may be more inclined to believe their claims because they appear to come from someone they know and trust.
A favourite ruse of such email account hijackers is to send out emails pretending that the account holders have become stranded in a foreign country
and urgently need a short term loan to deal with their dire situation. Because the emails come from the accounts of people that recipients actually know, at least a few may fall for the scam and send money as requested.
The scammers will likely change passwords on the compromised accounts so that legitimate users can no longer access them. It can often be very difficult for victims to regain control of their accounts. By including elements such as the official sounding "warning code" and a fake ABN (Australian Business Number), the scammers hope to fool less experienced computer users into believing their claims.
Email account phishing scams
like this one are very common and regularly target users of major email service providers around the world. Some, like this example, ask victims to simply reply with their login details
. Others ask them to click a link or open an attached file
to fill in a login form. These bogus forms are designed to resemble the service provider's genuine website. No legitimate service provider is ever likely to ask its users to send passwords or other sensitive material via an unsecure email. Nor would they ask users to provide such details via an attached file or by clicking a login link.
Always login to any and all of your online accounts by entering the web address into your browser's address bar. Do not reply to emails asking you to send your login details. Do not open attachments or click links in unsolicited emails claiming that you must provide account information.
Last updated: April 5, 2013
First published: April 5, 2013
By Brett M. Christensen