Remove “Account Validation Request” email

The “Account Validation Request” email is part of a phishing campaign that tries to steal users’ email login credentials. The email is disguised as a notification from the email service provider, supposedly informing the recipient about an SSL Certificate error, which supposedly resulted in some emails not being delivered. The email asks that users “re-validate the SSL Certificate on IMAP/POP3 Server” to enable email delivery by clicking on the provided button. However, if users engage with the email and click on the button, they are taken to a phishing site that asks them to log in to their accounts. If users do as asked, their login credentials will be stolen. This could lead to users’ accounts being hijacked by malicious actors.

 

 

The “Account Validation Request” email is a rather typical phishing attempt. It’s made to appear like it’s sent by the email service provider, though it’s a low-effort attempt. According to the email, recipients need to revalidate the SSL Certificate to enable email delivery, as some emails have failed to reach users’ inboxes. To validate the certificate, users are asked to click the provided button. If users click on the button, they will be taken to a phishing site. The site is made to imitate Gmail’s login page in design, but the URL is completely different. If users enter their login credentials, they will be stolen by the malicious actors operating this phishing campaign.

Email credentials are extremely valuable to cybercriminals for various reasons. Email accounts that users have had for years often contain extensive personal information and private conversations, which can be exploited for purposes such as blackmail or extortion. What’s more, email accounts are linked to many other services, which means an email account can be used to gain access to those accounts as well.

Users who clicked on the link in the email and entered their login credentials must change the account password immediately. If the account is no longer accessible because it’s been hijacked, users need to try all recovery options. If recovery is unsuccessful, the email address should be unlinked from all associated accounts to prevent the hijacker from going further.

The full “Account Validation Request” phishing email is below:

Subject: Action Required : Document BGU0396 – via – SmartVerify

Action Required
RE-VALIDATE SSL CERTIFICATE

Account Validation Request

Hi -,

Due to an SSL Certificate error, Some emails have failed to reach your inbox.

Proceed to re-validate SSL Certificate on IMAP/POP3 Server to enable email delivery.

Failure to Validate may lead to permanent email loss.

Go-to Re-validate Now

We appreciate your understanding and support and thank you for being a part of our community.

Sincerely,
– cPanel 2025.

Signs of a phishing email

All unsolicited emails, especially ones with links and/or attachments, should be approached with caution. Users should always carefully check their content and assess whether they are logical or credible. For example, the “Account Validation Request” email makes no sense, and email service providers never send such notifications.

When users receive unsolicited emails that urge them to open an attachment or click a link, they should start by examining the sender’s email address. If the sender claims to be from a well-known company but uses an address that appears random or unprofessional, it is more than likely a malicious or at least a spam email. Even if the address seems legitimate, users should verify that it genuinely belongs to the person or company the sender claims to represent, which can often be done through a quick online search. Users should also be aware that malicious actors sometimes manipulate email addresses to appear credible, using tactics such as substituting similar-looking letters (e.g., replacing “m” with “rn”) or adding extra characters to mimic trusted senders. In the case of the “Account Validation Request” email, it is clearly a phishing attempt because the sender’s address does not belong to your email service provider, as indicated by the different domain.

Users should also pay close attention to grammar and spelling mistakes in emails claiming to be from reputable companies. Many phishing emails are riddled with such mistakes and are poorly written, which makes them easily identifiable as malicious. The “Account Validation Request” email has several mistakes and is written quite awkwardly, so it’s quite clear that it’s written by malicious actors.

Users should take their time when reviewing emails and avoid rushing to click links or open attachments. Users can hover over any buttons or links to inspect where they lead before taking any action. Additionally, they should scan unsolicited attachments with antivirus software or use a service like VirusTotal to ensure they are free from malware before opening them. It is important to remain vigilant and cautious to protect oneself from potential threats.