What is “Your Password Expires Today” email scam

“Your Password Expires Today” email is a fake warning email sent by malicious actors to phish personal information/login credentials and/or trick users into downloading malicious software. The email is disguised to look like it’s sent by Microsoft to warn about your account closing if you do not validate it. It’s a very common type of scam that either intends to phish your sensitive information (e.g. login credentials) or to trick you into downloading something malicious. The email itself, like most phishing/malicious emails, is harmless as long as you do not interact with it. If you didn’t interact with it, you can just remove “Your Password Expires Today” email scam from your inbox. If you have clicked on a link, proceed to the last section of this report.

 

 

This particular email claims that “Your 90 day(s) account security validity period expires today” and that you need to re-validate your account. The email falsely explains that Microsoft will supposedly delete your account if you do not re-validate it. You will see a “Keep Password” button that the email wants you to click so you can supposedly confirm your account. Depending on which version of the scam you’re dealing with, you may be redirected to a fake Microsoft website that will ask you to provide your Microsoft login credentials. If you were to type in the credentials, they would immediately be sent to the cybercriminals operating this scam. They could then take over the account. If you have typed in your credentials on a phishing page, you need to change your password immediately.

You may also end up on many questionable websites by clicking on the link. Those sites may ask you to download something or claim that you’ve won a prize. Do not interact with those sites, and certainly do not download anything you are offered. For future reference, keep in mind that you should not download programs from advertisements or questionable websites. If you encounter an advertised program you’d like to download, research the program first and if it’s legitimate, use official sources to download it. There are many advertisements that promote malicious software so by using official sources, you will avoid a lot of malware.

How to recognize a phishing/scam email?

Unless a phishing attempt is very sophisticated, it’s usually not difficult to identify a malicious email. One of the most obvious signs is grammar and spelling mistakes. For whatever reason, the majority of spam and phishing emails are full of them. This particular email, while lacking any obvious spelling mistakes, does have many tells. For example, Microsoft is not spelled with a capital letter in this email. There are also several grammar mistakes. When you receive an email that asks you to engage in some way (e.g. open an attached file, click on a link, etc.), always read the email carefully looking for any kind of mistakes.

Another thing to take note of is the sender’s email address. Even if it looks legitimate, do not let your guard down because it’s not difficult to make an email address look convincing. If the email address looks random, contains random combinations of letters and numbers, you can likely disregard the email altogether. No legitimate company will use unprofessional-looking email addresses to contact customers. We also recommend always double-checking email addresses. A simple search with Google can usually provide adequate results. Companies usually have email addresses they use listed on their websites so you can use them to double-check. You should also be aware that malicious actors often change certain letters to make email addresses look identical to legitimate ones. For example, the letters “r” and “n” may look like an “m” if combined together.

When it comes to links in emails, we generally do not recommend clicking on them. If an email asks you to fix something about your account and provides a link, you should go to the account manually, not click on the link. While it may seem like an excessive practice, it will be safer to avoid clicking on links altogether if you are not confident you can recognize a phishing email. You can also check where a link will take you by hovering over it with your mouse. The site’s address will appear at the bottom of the window.

Finally, think before clicking. This particular email asks you to re-validate your Microsoft account, and that is not something Microsoft would actually ask you to do. Microsoft does not delete accounts without reason, nor do passwords expire. So when you receive an email that says there’s a problem with your account, always question whether the issue makes sense. You should also never type in your login credentials before you double-check the site’s URL. Malicious actors can closely imitate how a site may look but they cannot use the same URL.

What to do if you clicked on the link in “Your Password Expires Today” email scam?

If you now realize that you interacted with a malicious email, you may need to do a couple of things to ensure your computer and data are safe. There are many scams that use the same template so your actions should depend on what happened when you clicked on the link. If you were taken to a site that asked you to log in to your Microsoft account and you did type in your credentials, you need to change your Microsoft account password immediately. Furthermore, you should enable two-factor authentication for not only your Microsoft account but also for all other accounts. This will ensure that no one can access your account(s), even if they know your password. There are several two-factor authentication options so you can definitely find one that is most convenient for you to use.

If you opened the link and were spammed with various pop-ups, it may be a good idea to scan your computer with anti-malware software in case some kind of infection was able to get in. If you downloaded something from one of the sites you were redirected to, delete it and scan your computer with anti-malware software right away.