Ignore the Password is about to expire today email scam
Written by Tomas Meskauskas on
(updated)
Password is about to expire today email scam removal guide
What is Password is about to expire today email scam?
Phishing is a popular method for cybercriminals to deliver malicious software by encouraging recipients to open a malicious attachment or website links. It is also a popular method for scammers to extract personal information (e.g., credit card details, login credentials). As a rule, cybercriminals disguise their phishing emails as official, important letters from legitimate companies or other entities. Emails of this kind should never be responded, or links, files/attachments in them opened.
This phishing campaign consists of at least three emails claiming that the password for an email account is going to expire soon (on the same day as the email has been received or two days after that). The main purpose of these phishing emails is to trick recipients into opening a website via the "Confirm", "Keep Current Password", "Keep My Current Password," or other button and entering their email account login credentials such as email address or username and a password. In other words, the scammers behind this phishing campaign attempt to steal login credentials for email accounts. Usually, cyber criminals attempt to steal email accounts so they could use them to steal even more accounts by spreading phishing emails to people in the contacts list, or to deliver malware (e.g., ransomware, Trojans). Also, they can use stolen email accounts to send spam, trick unsuspecting recipients into making monetary transactions, sell those accounts on the darknet (to other cybercriminals). It is important to mention that users who fall for such scams and use the same login credentials for more than one account are likely to lose access to those accounts too. It is common that cybercriminals use stolen credentials not only to hijack one account, but also try to steal other accounts using the same credentials. Recipients who have entered login credentials on unofficial pages are strongly advised to change their passwords as soon as possible.
Name | Password is about to expire today email scam |
Threat Type | Phishing, Scam, Social Engineering, Fraud |
Fake Claim | Email account password is about to expire |
Disguise | Letter from email service provider |
Symptoms | Unauthorized online purchases, changed online account passwords, identity theft, illegal access of the computer. |
Distribution methods | Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains. |
Damage | Loss of sensitive private information, monetary loss, identity theft. |
Malware Removal (Windows) | To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Malwarebytes. |
More examples of phishing emails that cybercriminals have used (or are still using) to deceive recipients into providing personal information are "Your Mailbox Is Full Email Scam", "MOBI GRAND TELECOM Lottery", and "Clustered E-mails Pending Email Scam". It is common that such emails are disguised as letters from an email service provider, a bank, shipping company, or company, organization of another type, and asking to provide personal information. As mentioned in the first paragraph, phishing emails can contain links or attachments used to deliver malware as well.
How do spam campaigns infect computers?
Users infect computers through emails when they open malicious attachments or click on malicious links (or open malicious files downloaded via links in phishing emails). When cybercriminals deliver malware via email, they pretend to be legitimate companies and disguise their emails as official, urgent, important. A. couple of examples of files that cybercriminals attach to their phishing emails are RAR, ZIP and other archive files PDF, Microsoft Office documents, executable files (like .exe), JavaScript files. It is noteworthy that not all files that cybercriminals attach to their emails infect computers after they are opened. For example, MS Office documents infect computers only if recipients enable editing/content (macros commands) in them. It is important to mention that this does not apply to malicious documents opened with the Microsoft Office versions released prior to the year 2010 - older versions do not have the "Protected View" mode and install malware automatically.
How to avoid installation of malware?
It is not recommended to ever download (or install) programs via third-party downloaders, installers, Peer-to-Peer networks (e.g., torrent clients, eMule), unofficial websites, or using other tools, channels of this kind. The safest way to download software and files is by using official websites and direct links. Also, it is never safe to update or activaste installed software using unofficial, third-party tools. Those tools often are bundled with malware. Installed programs have to be updated, activated using implemented functions or tools from the official developers. It is important to mention that it is not legal to activate licensed software with various third-party, unofficial ('cracking') tools. Furthermore, website links and email attachments received from unknown senders should not be opened. Especially, if those links or files are in emails that are not relevant. Cybercriminals often disguise their emails as important, official to trick recipients into infecting their machines via attached files or included links. Additionally, it is recommended to scan the operating system for threats with a reputable antivirus or anti-spyware software and run virus scans regularly. If you've already opened malicious attachments, we recommend running a scan with Malwarebytes for Windows to automatically eliminate infiltrated malware.
Text presented in the first phishing email variant:
Subject: Validate Your Email Password
Dear ********
Password for ******** is about to expire today . You can change your Password or continue using current Password.
Keep Current Password
you may visit ******** to see email activity
Screenshot of the deceptive website used in this variant:
Screenshot of the second phishing email variant:
Text in this email:
Subject: account password update
Email Account Verification Feb 2021
To: ********
Secure Messaging
Notification
********
Dear ********
Kindly inform your password to ******** Expires today.Date and Time: 3/15/2021 3:29:26 a.m.
Please kindly use the below button to continue with the same password.
Confirm
Further messages might be prevented if any of the above actions are not performed.
This email was sent to ********
Screenshot of the deceptive website used in this variant:
Screenshot of the third phishing email variant:
Text in this email:
Subject: New Notification: 53
********
Hello postmaster,
Password for ******** will expire in 2day time.
Keep' Current password Update below:
keep my current passwordWe respect your priѵacy
Screenshot of the deceptive website used in this variant:
Yet another variant of password expiration-themed spam email:
Text presented within:
Subject: ******** Password Expiry
******** password notification.
Hi ******** ,your ******** password expires today, please
follow the steps below to keep the current password and update your account.Keep current password
password notification.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Malwarebytes is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Malwarebytes
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.
Quick menu:
- What is Password is about to expire today email scam?
- STEP 1. Manual removal of possible malware infections.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Malwarebytes for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:
If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run the Autoruns.exe file.
In the Autoruns application, click "Options" at the top and uncheck "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.
Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.
You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".
After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.
Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.
To be sure your computer is free of malware infections, we recommend scanning it with Malwarebytes for Windows.
Click to post a comment