Remove “IT Security Alert: Your Password Expires in 24 Hours” email

The “IT Security Alert: Your Password Expires in 24 Hours” email falls into the phishing scam category. The email is a standard phishing attempt that tries to steal users’ email login credentials. It’s disguised as a notification from the IT Support Team and claims that your password is set to expire within the next 24 hours. According to the email, action is required to “maintain uninterrupted access to internal resources”. If you were to interact with the email, you would be redirected to a phishing site that asks for your email account password. If you fall for this phishing attempt, your account may be hijacked.

 

 

The “IT Security Alert: Your Password Expires in 24 Hours” email contains a link leading to a phishing site, disguised as a button prompting users to retain their current passwords. Clicking on this button redirects you to a phishing site designed to mimic a legitimate login page. You are instructed to enter your login credentials, which are immediately transferred to the cybercriminals behind the phishing campaign. It is important to note that, despite the site’s resemblance to a genuine one, the URL will always reveal the phishing attempt.

Cybercriminals may exploit the stolen credentials themselves or sell them to other malicious actors. Keep in mind that login credentials, especially for email accounts, are highly sought after in the cybercriminal community because accounts contain a lot of highly sensitive information. Email accounts are also connected to many other accounts, so gaining access to an email account could result in other accounts being hijacked as well.

The full “IT Security Alert: Your Password Expires in 24 Hours” email is below:

Subject: ********: IT Security Alert: Your Password Expires In 24 Hours

Dear ********,

This is an automated alert from the IT Support Team regarding your system credentials. Your current password is scheduled to expire within the next 24 hours, and action is required to maintain uninterrupted access to internal resources.

Click the button below to keep your current password active:

KEEP PASSWORD

If you have interacted with this email and typed your email account password on a phishing site, you need to change your password immediately. If you can no longer access your account and no account recovery options work, you need to remove the address from all linked accounts to prevent them from being hijacked as well.

How to recognize a phishing/scam email?

Unless a phishing attempt is particularly sophisticated, identifying it is usually not difficult. We should mention that more sophisticated attempts are generally reserved for specific targets. Most users will not be specifically targeted and will receive mostly generic phishing emails. One of the things that makes generic phishing emails obvious is the presence of grammar and spelling mistakes. For some reason, the majority of spam and phishing emails are riddled with such mistakes. While this “IT Security Alert: Your Password Expires in 24 Hours” email has too little text to have mistakes, it still does not look professional enough to be written by a legitimate service provider.

An important thing to check when dealing with unsolicited emails is the sender’s email address. Even if it appears legitimate, be cautious, as it is relatively easy to create a convincing-looking email address. If the email address seems random or includes a mix of letters and numbers, it is likely safe to disregard the email entirely. Legitimate companies do not use unprofessional-looking email addresses to contact their customers. We recommend always verifying email addresses. A quick Google search often provides enough information. Many companies list their official email addresses on their websites, which can be used for cross-checking. Be aware that malicious actors may slightly modify email addresses to mimic legitimate ones. For example, combining the letters “r” and “n” can make them resemble an “m”. It should also be mentioned that email spoofing allows malicious actors to make it seem like the emails were sent from users’ own accounts.

Regarding links included in emails, it is generally recommended not to click on links in emails in general. If an email requests that you resolve an issue with your account and provides a link, it is safer to access your account manually rather than clicking on the link. While this may seem overly cautious, it significantly reduces the risk if you are uncertain about recognizing phishing emails. You can also inspect a link by hovering your mouse over it, which will display the URL.