A Sample of the "Your Mailbox Will Expire and Email Address Disabled" Phishing Scam
From: Account Team <email@example.com>
Subject: Upgrade your Sign-in security
Date: 5 September 2017 04:06:30 BST
To: "firstname.lastname@example.org" <email@example.com>
Security Info Update
Your Mailbox will expire on Sept 07, 2017
This is to notify you that we are currently updating the windows services agreement and privacy statement. Please keep your security information updated.
Do not ignore!
NOTE: YOUR EMAIL ADDRESS WILL BE DISABLED IF NOT UPDATED. (UPDATE IS FREE)
Thank you for using our services.
If the links in the phishing email messages are clicked by the recipients, they will be taken to a phishing website and ask to sign-in. If they attempt to do so, their email account credentials (usernames and passwords) will be sent to the cybercriminals behind the scam. Once the cybercriminals have gotten the stolen credentials, they will gain access to the accounts, hijack them, and use them fraudulently.
Therefore, online users who have received email messages with a link to update their information or make changes to their accounts should always go directly to their email account provider's website and sign into their accounts instead of clicking on the link. Once online users have signed into their accounts, they will be noticed of changes or updates, if there are any. Going directly to their email provider's website and signing in from there is the only guaranteed way of preventing online users from becoming victims of phishing scams.
Online users who have already been tricked by the phishing scam are asked change their passwords immediately before their accounts are hijacked and used fraudulently. If their accounts have already been hijacked by cyber criminals they need to contact their email providers for help.