Remove “Expiration Notification” email

The “Expiration Notification” email falls into the phishing scam category. The email is disguised as a notification about the email account’s password expiring in 24 hours. You are asked to either update or keep your current password. Failure to act will supposedly result in the account being permanently closed and data being lost. Clicking on the provided button will result in you being taken to a phishing site that asks you to log in to your account. If you type in your password, it will be sent to malicious actors immediately. They may then try to hijack your email account.

 

 

This particular email claims that your email account password will expire in 24 hours, and your account will be closed permanently if you do not update your password or choose to keep the current one. The email is supposed to look like it was sent by your email provided, though the design is quite low-effort. The email has a “Keep Current Password” button, and if you were to click on it, you would be taken to a phishing site.

The button will lead you to a phishing site imitating Webmail. The site will display a login window, with your email address already typed in. If you were to enter your password, it would be sent to the malicious actors operating this phishing campaign. If your account is not protected with multi-factor authentication, stealing your password may give the malicious actors access to your email account.

There are several reasons why email accounts are so valuable to malicious actors. First of all, many users use the same email address for years and rarely delete old emails, which means they accumulate a lot of information. This information may be used by malicious actors to blackmail account holders. What’s more, email accounts are connected to many other accounts, and gaining access to the email may give access to all connected accounts as well.

The full text from the “Expiration Notification” email is below:

Subject: – EXPIRATION NOTIFICATION Inbox

EXPIRATION NOTIFICATION

Dear –

Please be informed that the password for your – will expire in 24 hours.

You may either update your password or continue using your current password by clicking on our URL below to keep current Password.

Keep Current Password

Note:failure to update your password will result in the permanent closure of your account, and all your data will be lost permanently.

Thanks,
– IT Service Message

This message is automatically generated from email security server. Any reply sent to this email cannot be delivered.
This email is meant for: –

Unsubscribe – Unsubscribe Preferences

How to recognize a phishing/scam email?

Detecting a phishing email is often easier than one might think, unless it’s particularly sophisticated, which is rarely the case for regular home users. A key sign to look out for is poor grammar and spelling mistakes, which are common in spam and phishing emails. This “Expiration Notification” email has several obvious mistakes, which are an immediate giveaway. Whenever you receive an email urging you to take action—like opening an attachment or clicking a link— check the email for mistakes, as it’s one of the easiest things to notice.

Another important thing to check is the sender’s email address. Even if it seems legitimate, maintain a high level of skepticism, as making convincing email addresses is relatively easy for scammers. If the address looks random or has an odd mix of letters and numbers, the email is malicious. Reputable companies don’t use unprofessional email addresses to engage with customers. Always verify email addresses, and a quick online search can give you the necessary confirmation. In the case of the “Expiration Notification” email, it’s very obvious that the email is malicious because it was sent from a nonsense email address.

Regarding links in emails, it’s generally best to avoid clicking on them. If an email asks you to resolve something related to your account via a link, it’s safer to go directly to the site by typing the URL into your browser rather than clicking the link. While this may feel overly cautious, it greatly minimizes your risk of falling for phishing scams. Additionally, you can hover over links with your mouse to see the actual destination URL, helping you confirm whether it’s legitimate before you click.

What to do if you clicked on the link in “Expiration Notification” email scam?

If you’ve engaged with this or some other suspicious email, it’s essential to act quickly to protect your accounts. If you entered your password on a phishing site, you need to change it immediately. If your account can still be accessed, you need to check account activity after changing your password, remove any unrecognized logins, as well as enable multi-factor authentication if you haven’t already done so. If your email account can no longer be accessed and no account recovery options work, you must remove the email address from all connected accounts.