'Password Expired' Email Scam
Infosec researchers are warning about another phishing campaign aiming to trick users into unknowingly providing sensitive information to con artists. The operation involves the dissemination of lure emails presented as if coming from the victim's email service provider. The dubious emails will claim that the recipient's password for the associated email address has expired. They would even give an exact date when a new password would supposedly be automatically generated by the system. Of course, these claims are entirely false and their only purpose is to trick the user into clicking the provided 'Keep Current Password' button by implying that this is the only way to preserve their current password.
Like most phishing tactics, the button will redirect victims to a specially crafted phishing page. However, in this case, the hoax website was down. Whether the fraudsters will proceed to change the redirect to a different phishing page or they will fix the existing one, remains to be seen. Still, users should exercise caution. These misleading pages are designed to appear as legitimate login portals. They would ask for the victim's email account credentials or other important details.
With the compromised information at their disposal, the con artists could take over the victim's email or even any other related accounts, such as those for social media platforms or banks.