'Password Expired' Scam Uses Old Tricks

There is a new email campaign used to distribute scam messages and try to deceive people.

The new scam uses a slight variation of an old trick from the scammer's playbook. Victims receive an email telling them their mailbox password has "expired". In order to avoid losing their password, potential victims are told to click a malicious link to "keep current password".

The full text of the scam email goes as follows:

******** Server - Password Expired

The password to your mailbox [address here] has expired.

System will log you out and generate a new password exactly at 24

hours from [date here]

You can continue using your current password. Click below.

Keep Current Password

Clicking the "Keep Current Password" button will redirect you to a fake login portal that acts as a phishing tool. Any login credentials you enter in the fake phishing page will simply be handed over to the bad actors running the scam and you will very likely lose access to your email. Once the bad actors have access to your account, they can perform all sorts of malicious actions using your contact list and impersonating you or performing fraud in your name.

October 26, 2022