'Email Security Update' Scam

Fraudsters are disseminating lure emails as part of a phishing campaign trying to trick users into providing their email account credentials. The fake emails are presented as important notifications about a security issue with the recipient's email. The subject of the lure messages could be a variation of the '[EMAIL ADDRESS] EMAIL-UPDATE WARNING!!' Unsuspecting users will be told that their emails are not sufficiently protected, due to a missing security update. Supposedly, this could lead to security issues.

To fix the problems, recipients of the misleading emails are told to click on the provided link to install the 'official' update. However, as is the case with most phishing tactics of this type, the link will take users to a dedicated phishing portal. The deceiving page will appear visually similar to the login portal of the victim's email service provider. Any information entered into the bogus site will become available to con artists.

The compromised account credentials could allow these people to establish control over the victim's email. Additional accounts using the same username and password or connected to the breached email also could be compromised. The operators of the phishing tactic could abuse the access they have obtained to run disinformation campaigns, assume the identity of the victim and perform fraudulent activities, spread malware threats and more.