'Unusual Sign-in Activity' Email Scam

Fraudsters have launched another phishing campaign involving the dissemination of lure emails. Users will receive emails with a fake warning about someone trying to sign in to their email accounts. The fraudsters will present some details, such as country of origin, IP address, and the date of the supposed login attempt to make the fake warning appear more legitimate. To put further pressure to their victims, the emails will claim that if no action is taken within 24 hours, the email account will stop receiving new messages while all the current emails will be deleted.

The operators of this tactic direct their victims into clicking the provided 'Secure my account' button. Doing so will take users to a phishing portal, where they are supposed to enter their email accounts and password. All provided information will become available to the con artists who can then proceed to exploit it in a variety of ways, depending on the particular goals. The compromised email account can be used in additional phishing, spam or disinformation campaigns. The threat actors could use it to spread malware or try to extend their reach to other accounts belonging to the victim, such as those for social media platforms or messenger applications. The con artists also can simply package all the collected data and offer it for sale to any interested third parties.