Threat Database Phishing 'Password is Scheduled to Expire' Scam

'Password is Scheduled to Expire' Scam

The 'Password is Scheduled to Expire' emails are part of a phishing tactic trying to obtain users' email account credentials. The scheme operates in the same way as other threatening campaigns of this type. The operators behind the 'Password Is Scheduled To Expire' scam spread numerous lure emails. These fake messages contain a link leading to a dedicated phishing website, which is disguised as a legitimate login page.

The subject line of the con emails used in this particular phishing attack may be similar to 'Ticket ID: [NUMBER]: IMPORTANT: You have 1 new message(s) in your [USERS EMAIL ADDRESS] Mailbox Service(s).' The lure message itself will mention the recipients' username and email account in an attempt to seem like an actual notification coming from the email service provider. Users will be told that their email account password is 'scheduled to expire' on a certain date. To keep using the same password, recipients must follow the provided 'KEEP SAME PASSWORD HERE' button. The fake emails will warn that failure to authorize the password may lead to the whole email account being locked.

Pressing the button will take users to a phishing website that is likely to match the design login page of their email service provider. The unsafe site is hosted on a legitimate cloud service and could not be detected as being suspicious. When users try to sign in through the page, their account credentials will be collected and sent to the con artists.

The consequences of having their email accounts compromised could vary, depending on the specific goals of the threat actors. The fraudsters may send fake messages to the victim's contact asking for money, spreading disinformation, or distributing dangerous malware threats. They may also try to breach any additional accounts connected to the email address. It is also possible that the scammers will package all stolen credentials and simply offer them for sale.


Most Viewed