MailGuard 14 October 2021 14:36:34 AEDT 5 MIN READ

“Email Password Expired” Hook in Phishing Email Scam

No business is immune from a cyber-attack, as is the case with this recent phishing scam intercepted by MailGuard. Scammers are targeting victims with an email titled, ‘Warning: Your email password has expired’. Recipients of this email are advised to be cautious before clicking on any links. Cybercriminals use social engineering tactics such as phishing to trick innocent victims into providing them with data to further their criminal activity.  

The email is addressed to the domain name of the targeted recipient, with the email address of the sender belonging to the compromised admin account of a U.S. automotive trader. Victims are advised that their ‘email password has expired’ and are referred to a link in the body of the email, encouraging them to ‘Keep the same password’.  

Here’s what the email looks like:  

Warning- Your email password has expired - Mozilla Thunderbird_697-1


After clicking on the phishing link, ‘Keep the same password’, users are directed to the following pages requesting their email address and corresponding password.

Sign In to Update — Mozilla Firefox_696

After the victim enters their details, scammers harvest these credentials under the guise of the ‘updating’ notification displayed in the green text box below. Users are then redirected to their respective company page.  


Sign In to Update — Mozilla Firefox_698

There are a few noticeable red flags present in the scam, beginning with the email itself. A legitimate email, particularly those requesting for a password verification or similar, would address the recipient by name. Furthermore, the body of the email is unprofessional in its layout and does not provide any context with regards to why the email password needs to be verified. The ‘Email Password Centre!’ with the use of red font, and an exclamation mark, further speaks to its illegitimacy.  

Although the scammers have tried to appeal to victims with a professional looking image as a background for the phishing pages, upon closer inspection, you can see that the image has been provided by “” and is a generic image – unlikely for a company to use for an account login page.  

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity.    

MailGuard urges users not to click links or open attachments within emails that:   

  • Are not addressed to you by name.  
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.  
  • Are from businesses that you were not expecting to hear from, and/or  
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.    

One email is all that it takes   

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.   

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates