I always share scams and identity theft schemes aimed at me because I know that if I am being targeted so are you. On October 3rd I warned you about a a scam in which you receive an email informing you that your email mailbox is full and that you will not be able to receive any new emails until you revalidate your account. Recently I received another email which I am copying below:
Your Mailbox Has Exceeded It Quota/Limit As Set By Your Administration, And You May Not Be Able To Send Or Receive New Mails Until You Re-Validate It. To Re-Validate, Please CLICK: (The phony email then provided a link to click on to purportedly revalidate your mailbox).
This email indicated that it was from email@example.com. It also indicated that rather than being sent to me, the email was being sent to firstname.lastname@example.org which certainly was an indication that this was a scam. Mailbox.com is a legitimate company, but they have nothing to do with email. They make mailboxes for snail mail. Their company name was merely hijacked and emails sent out purporting to be from a company that might sound like it relates to your email. This particular phony email never indicates with whom I have my email and never uses my name which are also good indications that this is a scam. This scam is a particularly dangerous one because, as all good scams do, it has a grain of truth and appears to be legitimate. Many of us, myself included, do not delete many emails that are not important to keep and if you do truly exceed your email mailbox size, it can effect your ability to send or receive emails. In that instance, you will receive a warning from your system’s administrator telling you to move items to your folders and to delete items. The phony email request I copied above tells you to click on a link to revalidate your account. If you do, you will turn over control of your account to a scammer who can go through your emails and take information that can make you a victim of identity theft as well as hijack your account to send out emails to your friends and correspondents that will appear to come from you, but will be loaded with malware that will catch your friends and correspondents unaware. That scam is called spearphishing where your email address is hijacked and emails are sent to your friends that look like they are coming from you.
Your real systems administrator will never ask for your user name and password. If you do get such an email and you think that it may be legitimate, contact your system’s administrator at an email address or telephone number that you know is accurate to inquire as to the status of your account. Any email that you get that asks for you to turn over your user name and password is undoubtedly a phishing scam. Also do not click on links in such emails because unwittingly you may end up downloading a dangerous keystroke logging program that can steal all of the information in your computer and make you a victim of identity theft. You also should make sure that you have an effective firewall and up to date security software to provide further protection.