Ignore the Password is about to expire today email scam

Also Known As: possible malware infections
Distribution: Low
Damage level: Medium

Password is about to expire today email scam removal guide

What is Password is about to expire today email scam?

Phishing is a popular method for cybercriminals to deliver malicious software by encouraging recipients to open a malicious attachment or website links. It is also a popular method for scammers to extract personal information (e.g., credit card details, login credentials). As a rule, cybercriminals disguise their phishing emails as official, important letters from legitimate companies or other entities. Emails of this kind should never be responded, or links, files/attachments in them opened.

Password is about to expire today email scam email spam campaign

This phishing campaign consists of at least three emails claiming that the password for an email account is going to expire soon (on the same day as the email has been received or two days after that). The main purpose of these phishing emails is to trick recipients into opening a website via the "Confirm", "Keep Current Password", "Keep My Current Password," or other button and entering their email account login credentials such as email address or username and a password. In other words, the scammers behind this phishing campaign attempt to steal login credentials for email accounts. Usually, cyber criminals attempt to steal email accounts so they could use them to steal even more accounts by spreading phishing emails to people in the contacts list, or to deliver malware (e.g., ransomware, Trojans). Also, they can use stolen email accounts to send spam, trick unsuspecting recipients into making monetary transactions, sell those accounts on the darknet (to other cybercriminals). It is important to mention that users who fall for such scams and use the same login credentials for more than one account are likely to lose access to those accounts too. It is common that cybercriminals use stolen credentials not only to hijack one account, but also try to steal other accounts using the same credentials. Recipients who have entered login credentials on unofficial pages are strongly advised to change their passwords as soon as possible.

Threat Summary:
Name Password is about to expire today email scam
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim Email account password is about to expire
Disguise Letter from email service provider
Symptoms Unauthorized online purchases, changed online account passwords, identity theft, illegal access of the computer.
Distribution methods Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.
Damage Loss of sensitive private information, monetary loss, identity theft.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Malwarebytes.
▼ Download Malwarebytes
To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.

More examples of phishing emails that cybercriminals have used (or are still using) to deceive recipients into providing personal information are "Your Mailbox Is Full Email Scam", "MOBI GRAND TELECOM Lottery", and "Clustered E-mails Pending Email Scam". It is common that such emails are disguised as letters from an email service provider, a bank, shipping company, or company, organization of another type, and asking to provide personal information. As mentioned in the first paragraph, phishing emails can contain links or attachments used to deliver malware as well.

How do spam campaigns infect computers?

Users infect computers through emails when they open malicious attachments or click on malicious links (or open malicious files downloaded via links in phishing emails). When cybercriminals deliver malware via email, they pretend to be legitimate companies and disguise their emails as official, urgent, important. A. couple of examples of files that cybercriminals attach to their phishing emails are RAR, ZIP and other archive files PDF, Microsoft Office documents, executable files (like .exe), JavaScript files. It is noteworthy that not all files that cybercriminals attach to their emails infect computers after they are opened. For example, MS Office documents infect computers only if recipients enable editing/content (macros commands) in them. It is important to mention that this does not apply to malicious documents opened with the Microsoft Office versions released prior to the year 2010 - older versions do not have the "Protected View" mode and install malware automatically.

How to avoid installation of malware?

It is not recommended to ever download (or install) programs via third-party downloaders, installers, Peer-to-Peer networks (e.g., torrent clients, eMule), unofficial websites, or using other tools, channels of this kind. The safest way to download software and files is by using official websites and direct links. Also, it is never safe to update or activaste installed software using unofficial, third-party tools. Those tools often are bundled with malware. Installed programs have to be updated, activated using implemented functions or tools from the official developers. It is important to mention that it is not legal to activate licensed software with various third-party, unofficial ('cracking') tools. Furthermore, website links and email attachments received from unknown senders should not be opened. Especially, if those links or files are in emails that are not relevant. Cybercriminals often disguise their emails as important, official to trick recipients into infecting their machines via attached files or included links. Additionally, it is recommended to scan the operating system for threats with a reputable antivirus or anti-spyware software and run virus scans regularly. If you've already opened malicious attachments, we recommend running a scan with Malwarebytes for Windows to automatically eliminate infiltrated malware.

Text presented in the first phishing email variant:

Subject: Validate Your Email Password

Dear ********

Pa‏‏‏‏ss‏‏‏‏wor‏‏‏‏d for ********  is ab‏‏‏‏out to exp‏‏‏‏ire today . You can change your P‏‏‏‏ass‏‏‏‏wor‏‏‏‏d or co‏‏‏‏ntinue  usi‏‏‏‏ng curr‏‏‏‏ent Pas‏‏‏‏sw‏‏‏‏ord.

Keep Current Password
you may visit ********  to see email activity

Screenshot of the deceptive website used in this variant:

password is about to expire today email scam main website

Screenshot of the second phishing email variant:

password is about to expire today email scam second variant

Text in this email:

Subject: account password update

Email Account Verification Feb 2021
To: ********

Secure Messaging
Dear ********
Kindly inform your password to ******** Expires today.

Date and Time: 3/15/2021 3:29:26 a.m.

Please kindly use the below button to continue with the same password.

Further messages might be prevented if any of the above actions are not performed.
This email was sent to ********

Screenshot of the deceptive website used in this variant:

password is about to expire today email scam second variant website

Screenshot of the third phishing email variant:

password is about to expire today email scam third variant

Text in this email:

Subject: New Notification: 53


Hello postmaster,

Password for ******** will expire in 2day time.

Keep' Current password Update below:
keep my current password

We respect your priѵacy

Screenshot of the deceptive website used in this variant:

password is about to expire today email scam third variant website

Yet another variant of password expiration-themed spam email:

Password expires spam email (2021-03-18)

Text presented within:

Subject: ******** Password Expiry

******** password notification.
Hi ******** ,

your ******** password expires today, please
follow the steps below to keep the current password and update your account.

Keep current password

password notification.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Malwarebytes is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Malwarebytes By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.

Quick menu:

How to remove malware manually?

Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Malwarebytes for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:

malicious process running on user's computer sample

If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:

manual malware removal step 1Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:

screenshot of autoruns application

manual malware removal step 2Restart your computer into Safe Mode:

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.

windows 10 safe mode with networking

Video showing how to start Windows 10 in "Safe Mode with Networking":


manual malware removal step 3Extract the downloaded archive and run the Autoruns.exe file.

extract autoruns.zip and run autoruns.exe

manual malware removal step 4In the Autoruns application, click "Options" at the top and uncheck "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.

Click 'Options' at the top and uncheck 'Hide Empty Locations' and 'Hide Windows Entries' options

manual malware removal step 5Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.

You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".

locate the malware file you want to remove

After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.

searching for malware file on your computer

Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.

To be sure your computer is free of malware infections, we recommend scanning it with Malwarebytes for Windows.

Click to post a comment

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
possible malware infections QR code
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of possible malware infections on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Malwarebytes

Platform: Windows

Editors' Rating for Malwarebytes:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.