Phishing Alert: “Mailbox Upgrade” Scam Targets Email Users
Fake Account Update Email Threatens Deactivation to Steal Logins
tl;dr
Scammers are sending phishing emails that claim your email account will be deactivated unless you “upgrade” it. The links lead to fake websites that steal your email login details. Using this stolen information, criminals can hijack your account, steal sensitive data, reset passwords, and send spam or scam emails from your address. Delete these messages immediately.
The Scam Emails
A new wave of “account upgrade” phishing emails is currently hitting inboxes.
The emails, which pretend to be from your email service provider, warn that your mailbox is due to be deactivated and urge you to click a link to “upgrade” your account.
Here’s a sample excerpt:
“FINAL REMINDER: New update to Our Terms… We wish to notify you that your Mailbox is set to be deactivated today due to recent updates. Please click the link below to complete the upgrade process.”
The messages use urgent language to push you into clicking without thinking.
Not Just Telstra
While the examples of the scam included in this article impersonate the Australian telecommunications company Telstra, almost identical phishing attempts target customers of email providers worldwide, including Microsoft, Google, Yahoo, and smaller local services.
The message and branding may change, but the goal is always the same: to steal your login details.
What Happens if You Click
The “UPGRADE NOW” link does not lead to your email provider. Instead, it takes you to a fake website designed to look like an official login page.
There, you’ll be asked to enter your email address and password. If you comply, scammers gain full access to your account.
Once they’re inside, they can:
Steal personal information from your inbox, including sensitive documents or financial data.
Reset other accounts (such as banking, social media, or shopping) by intercepting password reset emails.
Send out spam and scam emails to your contacts, making the messages appear more trustworthy.
How to Spot the Scam
Generic greeting: “Dear User” instead of your real name.
Threats of deactivation: Claims that your account will be closed unless you act.
Suspicious sender address: Address not associated with the service provider.
Suspicious links: Hovering over the link shows it doesn’t lead to the official provider’s site.
Poor grammar or strange formatting: Common in phishing attempts.
How to Stay Safe
Never click “update”, “upgrade”, or “verify” links in unsolicited emails.
Access your email account only by typing the official address directly into your browser or via a trusted app.
Enable multi-factor authentication (MFA) where possible. Doing so renders stolen passwords less effective.
Report phishing attempts to your provider, then delete them.
Conclusion
These supposed “email upgrade” messages are a very common phishing ploy that has been used in various forms for decades. Stay vigilant, and remember that your service provider will not suddenly deactivate your account if you ignore one email.
Screenshots of the scam emails:
Screenshots of the fake login pages:
