Beware of the 'Authenticate Account' Email Scam

One of the oldest phishing scams is being distributed again in a new malicious email campaign. The scam is called simply the "authenticate account" scam.

The scammers are using one of the oldest tricks in the book, telling potential victims their inbox somehow did not receive all pending messages and the unread messages will be deleted soon, unless the user "authenticates" their account. The full text of the scam goes as follows:

Dear Subscriber (name here)

You have some pending messages on your server.

Kindly AUTHENTICATE your (email address here) account below to access pending messages.

Activation expires after 12hours from 10/25/2022 11:41:46 a.m. after which your pending messages will be deleted.

AUTHENTICATE ACCOUNT HERE

This is a simple trick to get the user to click the "Authenticate Account Here" link and load up the phishing page. Clicking the link will open a fake login portal. If you enter your email credentials in there, your account info will be stolen and your account will likely be taken over, locking you out of it.

This, in turn, will allow scammers to perform all sorts of illegal and malicious activities in your name and use your contacts to spread the scam further.

October 28, 2022