Do not trust the PASSWORD EXPIRATION NOTICE scam

What is the "PASSWORD EXPIRATION NOTICE" email scam?

In most cases, scammers behind email phishing scams attempt to trick recipients into providing personal information such as bank account numbers, credit card details, passwords and other sensitive details, which can then be misused for malicious purposes.

In this particular case, scammers attempt to deceive recipients into entering their Office 365 login credentials onto a fake Microsoft website.

"PASSWORD EXPIRATION NOTICE" email scam overview

Scammers behind this phishing email seek to trick recipients into believing that the password for their Microsoft Office account is going to expire soon and they need to update this as soon as possible if they wish to avoid any login problems and/or loss of access to the account.

The provided website link is designed to open a fake Microsoft Office account login page on which visitors are asked to enter their email address, current password, new password, and then confirm the new password.

No information should be entered onto websites like this, or any other fake, unofficial or untrusted websites. By entering the requested details, users simply provide their MS Office login credentials to scammers/cyber criminals.

These people can misuse stolen accounts to access files, photos, and other personal files/data. Depending on files accessed, cyber criminals could misuse them to make fraudulent purchases and transactions, spread phishing scams like this one further, send malspam, steal identities, etc.

They can also sell stolen MS Office accounts and data to third parties/other cyber criminals. Note that using the same login credentials for multiple accounts can result in loss of access to all of them.

Spam campaign examples

There are various email scams online. Some examples are "Spotify Email Scam", "POLÍCIA SEGURANÇA PÚBLICA Email Scam", and "Your Email Is Out Of Date Email Scam".

To summarize, scammers behind these scams attempt to trick users into providing sensitive information, which can be used for malicious purposes and to generate revenue in various ways.

Typically, users who trust these scams become victims of identity theft, suffer monetary loss, lose access to various accounts, etc. Note that emails can be used to distribute malware (e.g. ransomware, Trojans) as well. How this is achieved is described below.

How do spam campaigns infect computers?

Ransomware and other malware infections are commonly spread through malspam campaigns, untrusted file/software download sources, fake (third party) software updating tools, Trojans and unofficial software activation tools.

Using malspam, criminals send emails that have a malicious file attached, or include a website link designed to download a malicious file. Their main goal is to trick recipients into executing the file, which then infects the computer with malware. Cyber criminals usually attach a Microsoft Office document, archive file (ZIP, RAR), PDF document, executable file (.exe) or JavaScript file, and wait until recipients open it.

Note that malicious MS Office documents can install malware only when users enable editing/content (macros commands). If the documents are opened with MS Office versions prior to 2010, however, the documents install malicious software automatically, since these older versions do not include "Protected View" mode.

Examples of untrusted file and software download sources are Peer-to-Peer networks (torrent clients), free file hosting websites, freeware download sites, and unofficial web pages. These are used to distribute malicious files by disguising them as legitimate and regular. When users download and open (execute) the files, however, they inadvertently install malware.

Fake software updating tools cause damage by installing malware rather than updates/fixes for installed software, or by exploiting bugs/flaws of outdated software. Trojans are malicious programs that can cause chain infections by installing other software of this kind. Note that malware can only be distributed in this way if Trojans are already installed on computers.

Unofficial activation ('cracking') tools are illegal programs that supposedly activate licensed software free of charge and bypass activation, however, they often install other malicious programs instead.

How to avoid installation of malware

To avoid malware spread via spam mail, you are strongly advised against opening suspicious or irrelevant emails, especially those with any attachments or links present within them.

Additionally, use Microsoft Office versions released after 2010. Malicious programs also proliferate through untrusted download channels (e.g. unofficial and free file-hosting sites, Peer-to-Peer sharing networks and other third party downloaders), illegal software activation ("cracking") tools, and fake updaters.

Therefore, only download from official/verified sources and activate and update software with tools/functions provided by legitimate developers.

To ensure device integrity and user privacy, have a reputable anti-virus/anti-spyware suite installed and kept updated. Furthermore, use these programs to run regular system scans and to remove detected/potential threats.

If you have already opened malicious attachments, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.

Text presented in the PASSWORD EXPIRATION NOTICE email message:

Subject: Important- Password Expiration Notice

PASSWORD EXPIRATION NOTICE

Your password for account "********" expires today. You can retain and update your current password or change to a new one.

Update the password as soon as possible using the pcrisk secure portal below to prevent login problems and loss of access.

https://*****.com/*****-passwordreset
© 2020​  - HelpDesk

Screenshot of the fake MS Office login website:

Another password expiration-themed spam email:

Text presented within:

Subject: Password Expiry

 

Dear -

Password for **** is about to expire today. You can change your Password or continue  using current Password.

Keep Current Password

you may visit **** to see email activity

Screenshot of the phishing site promoted via this spam email:

Another example of password expiration-themed spam email:

Text presented within:

Subject: Password Expiry

Hello ******** ,
password ******** expires after 24 hours (18 Feb 2021) .

You can use the link below to continue using the current password .
Keep Current Password
******** Suppor⁠t⁠

Another example of password expiration-themed spam email promoting a phishing website:

Text presented within:

Subject: Problem with your ******** account!

 

PASSWORD EXPIRED

Dear ********   

This is a second notification message sent Tuesday, July 13, 2021 from our database that the password of your email account ******** will expire on 15/07/2021 .

To continue using your ******** kindly re-confirm ownership below.

Re-Confirm

Thanks,

Ooutlook Web  Administrator

This email was sent to ********
Organization: ******** Corporation. All rights reserved. @ 2021

Screenshot of the promoted phishing website:

Another password expiration-themed spam email promoting a phishing site:

Text presented within:

Subject: IT Support
 
Dear ********
Your password expires today Thursday, July 15, 2021
You can use your current password

Keep Same Password

Yet another example of password expiration-themed spam email promoting a phishing website:

Text presented within:

Subject: Your Password Expires Today ********

 

Hello ********

Password for ******** expires today 7/23/2021 1:21:09 a.m.

You can change your password or continue using current password.

Keep Same Password
********

Screenshot of the promoted phishing site (thompsonestateathletics[.]com.au):

Yet another example of password expiration-themed spam email:

Text presented within:

Subject: Password Expiry

 

Your ******** password expires today

Follow instructions below to keep using your current password.

KEEP SAME PASSWORD

This is a mandatory service sent to ********

Yet another example of password expiration-themed spam email:

Text presented within:

Subject: Report-ID: 4516192

 

‌Me‌s‌sa‌ge ‌fr‌om T‌ru‌st‌ed s‌er‌v‌er t‌o‌ ********
‌T‌im‌e o‌f e‌r‌ro‌r‌:‌ ‌02 September 2021 ‌

‌D‌ue t‌o ‌o‌u‌r‌ ‌c‌u‌r‌r‌e‌n‌t‌ ‌s‌y‌s‌t‌e‌m‌ ‌e‌r‌ro‌r,‌ ‌The p‌a‌ss‌wo‌r‌d f‌o‌r‌ ‌
(********)‌ ‌e‌x‌p‌i‌r‌e‌s‌ ‌t‌o‌d‌a‌y‌ ‌f‌o‌r‌ ‌s‌e‌c‌u‌r‌i‌t‌y‌ ‌r‌e‌a‌s‌o‌n‌s‌.‌

‌K‌e‌e‌p M‌y Cu‌rr‌ent P‌as‌sw‌o‌r‌d‌
‌P‌o‌we‌r‌e‌d‌b‌y: ******** ‌©‌2‌0‌2‌1‌

Text presented within:

Subject: ********  ACCOUNT DE-ACTIVATION IN PROGRESS ™

 

******** Notification For Your Passcode.    
    
Hi, ******** ,

Your password for  ********  expires today
Follow below to keep your current password and update your account.

Keep Current Password

******** Notification For Your Passcode.

Yet another example of password expiration-themed spam email promoting a phishing site:

Text presented within:

Subject: Passwords Reset Support Ticket #:59 -

 

Hi ********,

Password Expiry notice!

You need to retain or change your password now to avoid login issues with all apps related to your account.

Follow the button below to retain current password.
KEEP PASSWORD
******** account

To opt out or change where you receive security notification, goto (pcrisk.com) email settings.

Screenshot of the promoted phishing site:

Yet another example of password expiration-themed spam email:

Text presented within:

Subject: ******** : Termination Scheduled 8/19/2021 7:31:29 a.m.

 

Your password for ******** is due to expire today 8/19/2021 7:31:29 a.m.

Click on the link below to keep account active

Validate Password

We respect your privacy.

********

Another example of password expiration-themed spam email:

Text presented within:

Subject: - Password Expired on 5 Dec 2021

Mailbox Protection

Hello -

Password for ******** expires today

You can continue using your current password via the link below, Else we may change & update automatically.

Keep current Password

******** Support

Yet another example of password expiration-themed spam email:

Text presented within:

Subject: Password Expiration Notice for -

 

Mail Support for -

Password Expiration Notice

Hello -

Your account password is set to expire in 3hours.

-

We encourage you to take the time now to maintain your password activity to avoid login interruption.

Verify your e-mail account

Notice: - domain host will not be held responsible for any account loss

Thank you,
2022 Help Center

Another example of password expiration notice-themed spam email used to promote a phishing site:

Text presented within:

Subject: Password Expiration Notice Mail ********.

Password Expiration Notice!

Your password for ******** has expired on 4/29/2022 10:48:54 a.m..

Keep Your Password
******** admin support
Security Center: 4/29/2022 10:48:54 a.m.
Do not reply to this message as this mailbox is not monitored.

Yet another example of password expiration-themed spam email:

Text presented within:

Subject: Password Expired

Dear ********

The password of your email (********) expires on 5/5/2022 7:52:10 a.m..

Please re-confirm your account using same password to continue using same password.

Re-Confirm

WebMail Admin

This email was sent to ********
Organization: ******** Corporation. All rights reserved. @ 2022

Yet another example of password expiration-themed spam email promoting a phishing site:

Text presented within:

Subject: ******** Password Due For Change.

Hello ********
This is the last reminder that the password for ******** will expire in 12 hours. You can change your password or keep using the same one.

Password Manager
Admin Support

Screenshot of the promoted phishing site:

Yet another example of password expiration-themed spam email promoting a phishing site:

Text presented within:

Subject: ******* Update Required

ID : *******

Your email password will expire 11/03/2022，
Kindly verify e-mail to continue using your current password.
keep the same password

This email has been sent to *******
You are receiving this email to notify you of important changes to your email account and services

*******© 2022 All Right Reserved.

Screenshot of the promoted phishing site which is designed to replicate the design accordingly to user's email:

Yet another example of password expiration-themed spam email promoting a phishing site:

Text presented within:

Subject: UPDATE YOUR PASSWORD

 

Password Expiration Notice

Please Note URGENTLY,

Your password is set to expire tomorrow 22/12/2022 .
-
We encourage you to take the time now to maintain your password activity to avoid interruption.

KEEP MY PASSWORD

Screenshot of the promoted phishing site designed to imitate the appearance of user's email provider:

Yet another example of password expiration notice-themed spam email used to promote a phishing site:

Text presented within:

Subject: Email Security Notification

Password Expiration Notice

Tomas, your password for ******** is set to expire on 2/1/2023 8:52:37 a.m.

Keep same password with the button below

Keep Same Password

Do not ignore these warnings in order to avoid login interruption after 24 hours.

Thanks,

********

© ******** 2022 All Rights Reserved

Instant automatic malware removal:

Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Quick menu:

• What is PASSWORD EXPIRATION NOTICE spam?
• Types of malicious emails.
• How to spot a malicious email?
• What to do if you fell for an email scam?

Types of malicious emails:

Phishing Emails

Most commonly, cybercriminals use deceptive emails to trick Internet users into giving away their sensitive private information, for example, login information for various online services, email accounts, or online banking information.

Such attacks are called phishing. In a phishing attack, cybercriminals usually send an email message with some popular service logo (for example, Microsoft, DHL, Amazon, Netflix), create urgency (wrong shipping address, expired password, etc.), and place a link which they hope their potential victims will click on.

After clicking the link presented in such email message, victims are redirected to a fake website that looks identical or extremely similar to the original one. Victims are then asked to enter their password, credit card details, or some other information that gets stolen by cybercriminals.

Emails with Malicious Attachments

Another popular attack vector is email spam with malicious attachments that infect users' computers with malware. Malicious attachments usually carry trojans that are capable of stealing passwords, banking information, and other sensitive information.

In such attacks, cybercriminals' main goal is to trick their potential victims into opening an infected email attachment. To achieve this goal, email messages usually talk about recently received invoices, faxes, or voice messages.

If a potential victim falls for the lure and opens the attachment, their computers get infected, and cybercriminals can collect a lot of sensitive information.

While it's a more complicated method to steal personal information (spam filters and antivirus programs usually detect such attempts), if successful, cybercriminals can get a much wider array of data and can collect information for a long period of time.

Sextortion Emails

This is a type of phishing. In this case, users receive an email claiming that a cybercriminal could access the webcam of the potential victim and has a video recording of one's masturbation.

To get rid of the video, victims are asked to pay a ransom (usually using Bitcoin or another cryptocurrency). Nevertheless, all of these claims are false - users who receive such emails should ignore and delete them.

How to spot a malicious email?

While cyber criminals try to make their lure emails look trustworthy, here are some things that you should look for when trying to spot a phishing email:

• Check the sender's ("from") email address: Hover your mouse over the "from" address and check if it's legitimate. For example, if you received an email from Microsoft, be sure to check if the email address is @microsoft.com and not something suspicious like @m1crosoft.com, @microsfot.com, @account-security-noreply.com, etc.
• Check for generic greetings: If the greeting in the email is "Dear user", "Dear @youremail.com", "Dear valued customer", this should raise suspiciousness. Most commonly, companies call you by your name. Lack of this information could signal a phishing attempt.
• Check the links in the email: Hover your mouse over the link presented in the email, if the link that appears seems suspicious, don't click it. For example, if you received an email from Microsoft and the link in the email shows that it will go to firebasestorage.googleapis.com/v0... you shouldn't trust it. It's best not to click any links in the emails but to visit the company website that sent you the email in the first place.
• Don't blindly trust email attachments: Most commonly, legitimate companies will ask you to log in to their website and to view any documents there; if you received an email with an attachment, it's a good idea to scan it with an antivirus application. Infected email attachments are a common attack vector used by cybercriminals.

To minimise the risk of opening phishing and malicious emails we recommend using Combo Cleaner Antivirus for Windows. 

Example of a spam email:

What to do if you fell for an email scam?

• If you clicked on a link in a phishing email and entered your password - be sure to change your password as soon as possible. Usually, cybercriminals collect stolen credentials and then sell them to other groups that use them for malicious purposes. If you change your password in a timely manner, there's a chance that criminals won't have enough time to do any damage.
• If you entered your credit card information - contact your bank as soon as possible and explain the situation. There's a good chance that you will need to cancel your compromised credit card and get a new one.
• If you see any signs of identity theft - you should immediately contact the Federal Trade Commission. This institution will collect information about your situation and create a personal recovery plan.
• If you opened a malicious attachment - your computer is probably infected, you should scan it with a reputable antivirus application. For this purpose, we recommend using  Combo Cleaner Antivirus for Windows.
• Help other Internet users - report phishing emails to Anti-Phishing Working Group, FBI’s Internet Crime Complaint Center, National Fraud Information Center and U.S. Department of Justice.

Frequently Asked Questions (FAQ)

Why did I receive this email?

Spam emails are not personal. Cyber criminals send this mail in mass-scale operations - hence, thousands of users receive identical emails.

I have provided my personal information when tricked by this spam email, what should I do?

If you have provided account credentials - immediately change the passwords of all potentially compromised accounts and inform their official support. And if you have disclosed other private data (e.g., ID card details, credit card numbers, etc.) - contact the corresponding authorities without delay.

I have read a spam email but didn't open the attachment, is my computer infected?

No, merely reading a spam email will not initiate any malware download/installation processes. Infections are caused when the files attached to such emails or the links included in them - are interacted with (i.e., opened/clicked).

I have downloaded and opened a file attached to a spam email, is my computer infected?

Whether an infection process was triggered might depend on the file's format. If it was an executable (.exe, .run, etc.) - then most likely, yes. However, you might have avoided jumpstarting an infection - if it was a document (.doc, .xls, .pdf, etc.). These formats may require additional actions (e.g., enabling macro commands) - to begin downloading/installing malware.

Will Combo Cleaner remove malware infections present in email attachments?

Yes, Combo Cleaner can detect and eliminate most of the known malware infections. It is noteworthy that sophisticated malicious programs usually hide deep within systems. Therefore, performing a complete system scan is paramount.