Mailbox Storage & Security Check Email Scam

Unexpected emails that create a sense of urgency or request account verification should always be treated with caution. Cybercriminals frequently disguise phishing campaigns as routine administrative notices to trick recipients into revealing sensitive information. The so-called 'Mailbox Storage & Security Check' emails are a prime example of this tactic. These messages are not associated with any legitimate company, organization, IT provider, or email service and are solely designed to steal users' login credentials.

The Disguised IT Notification

The phishing emails typically arrive with the subject line 'Storage & Security Check' and attempt to appear as official communications from an organization's IT and Systems department. The message claims that mailbox maintenance is being performed and instructs recipients to:

• Clear spam and trash folders.
• Remove large email attachments.
• Click a link to review mailbox settings through a supposed company portal.

To enhance their credibility, the emails display fabricated details such as a fake Message ID and a 'TLS • Secure' label, creating the impression that the communication originated from a legitimate internal system.

The Fake Login Page Trap

Recipients who click the embedded link are redirected to a website hosted at ndptech.cam, where they encounter a fraudulent page labeled 'Email Login.' The site is designed to imitate a genuine webmail portal and includes fields requesting an email address and password. Additional elements, such as a 'Secure login session' checkbox and a 'Forgot password?' option, are added to make the page appear authentic.

In reality, any information entered into these fields is transmitted directly to the scammers operating the phishing campaign.

Why Stolen Email Credentials Are Dangerous

An email account often serves as the gateway to numerous personal and professional services. If attackers gain access to an account, they may be able to:

• Read confidential correspondence and gather sensitive information.
• Send phishing emails from the compromised account to friends, colleagues, or customers.
• Reset passwords for other services linked to the email address.
• Commit identity theft or financial fraud.
• Sell the stolen credentials on underground criminal marketplaces.

Because email accounts are frequently interconnected with banking platforms, social media profiles, cloud storage, and work-related systems, a single compromised mailbox can lead to far-reaching consequences.

A Potential Gateway for Malware Infections

Although the primary objective of the Mailbox Storage & Security Check campaign is credential theft, phishing emails of this nature are also commonly used to distribute malware.

Threat actors often include malicious attachments or links that can install harmful software on a victim's device. These files may appear as:

• Executable programs
• Office documents containing malicious macros
• ZIP or RAR archives
• PDF files
• Script files

In many cases, the infection requires some degree of user interaction, such as opening an attachment, enabling macros, or downloading and running a file from a malicious website.

Warning Signs That Reveal the Scam

Several indicators expose the fraudulent nature of these emails:

• Unexpected requests to verify mailbox settings or storage information.
• Messages that create unnecessary urgency regarding account maintenance.
• Embedded links leading to unfamiliar domains rather than official company websites.
• Requests to provide login credentials through a link in an email.
• Generic greetings and vague references to an unnamed company or IT department.

Legitimate organizations rarely ask users to submit passwords through emailed links, especially under the guise of routine maintenance.

How to Protect Yourself

If a Mailbox Storage & Security Check email is received, the safest course of action is to ignore and delete it immediately. Do not click any links, download attachments, or provide login credentials.

Individuals who have already entered their information on the fake website should change the affected password immediately, update passwords on any accounts using the same credentials, and enable multi-factor authentication wherever possible. Additionally, affected users should monitor their accounts for suspicious activity and notify their email provider or IT department if the compromised account belongs to an organization.

Final Thoughts

The Mailbox Storage & Security Check emails are a carefully crafted phishing operation masquerading as a routine IT maintenance notice. Their sole purpose is to lure recipients to a counterfeit login page and harvest email credentials. Remaining skeptical of unsolicited emails, verifying requests through official channels, and avoiding unexpected links are essential practices for preventing account compromise and protecting sensitive information from cybercriminals.