What is the “Mailbox Abuse Notice” phishing email

“Mailbox Abuse Notice” is a phishing email that tries to trick users into revealing their email login credentials. The email claims that suspicious behavior has been detected on your email account. To supposedly prevent your account from being compromised, the email asks you to click on the provided button and review recent activity. If you engage with the email, your email login credentials will be phished, which could lead to the account being hijacked.

 

 

This “Mailbox Abuse Notice” email is a very typical phishing email. It first tries to get users’ attention with an alarming subject line “Unusual activity detected in your email account”. This is something an email provider would send to customers so it wouldn’t be unusual if users opened it.

If users do open it, they will be greeted with a message saying their email provider has detected activity on the account that violates their security policy. Specifically, the violation is a login from an unrecognized device. The email advises that you review your recent activity by clicking on the provided “Review recent activity” button.

The full text from “Mailbox Abuse Notice” phishing email is below:

Subject: Unusual Activity Detected in Your Email Account

Mailbox Abuse Notice

Security Alert – – ,

We have detected suspicious behavior in your email account that violates our security policy (Email account logged In from an unrecognized device) . You must log in to your account to review this information and verify the status of your mailbox immediately.

Review recent activity

Take these timeouts to protect your account:
– Click the above immediately in order to log into your email account.
– Go through recently carried out activities and look for anything suspicious

Any action taken in this regard will prevent your email account from being compromised.

Best Regards,

Email Service Provider
Domain Name: –

If you engage with the email and click on the button, you will be redirected to a fake email login page. The website you will be redirected to will look more or less identical to the actual email provider website but it does have the signs of being a phishing site. The site asks that you type in your email credentials. If you type in your password, it will be sent to the malicious actors operating this phishing campaign immediately.

Email accounts are linked to hundreds of other accounts, some more important than others. They also contain a lot of highly personal information. This is why email account credentials are such valuable information to cybercriminals. Hijacked email accounts also have very serious consequences for users. If malicious actors gain access to your email account, they could gain access to all other connected accounts. For example, they could gain control of your Facebook account and send messages to your contacts to ask for money.

Because email accounts are full of highly sensitive information, you need to be particularly careful with your login credentials.

Signs of a phishing email

The majority of phishing attempts are very generic because they target many users with the same type of email. More sophisticated and difficult-to-recognize phishing campaigns are usually reserved for specific and high-profile targets. Fortunately for most users, they’re likely to be targeted with generic and easily recognizable phishing emails.

Malicious actors always disguise phishing emails as ones sent by legitimate companies. For example, this “Mailbox Abuse Notice” email wants you to believe that it was sent by your email provider, specifically Google. However, it looks nothing like an email that a legitimate email provider would send.

One of the first things to notice is how the email addresses you. When you receive an email from a company whose services you use, note that you are always addressed by name. Using customers’ names makes emails more personal. However, malicious actors rarely have access to personal information, unless the phishing campaign is very sophisticated. Thus, phishing emails usually use generic words to address users, including “Customer”, “Member”, “User”, etc. Phishing emails also use users’ email usernames to address them, as is the case with this “Mailbox Abuse Notice” phishing email.

Grammar and spelling mistakes are obvious signs of a phishing email and a good way to identify them. Normally, you will not see any mistakes in emails sent by legitimate companies because that looks very unprofessional. That is particularly the case with automatically sent emails. However, for whatever reason, phishing emails are almost always full of mistakes, whether in spelling or grammar.

Phishing emails almost always claim that there’s something wrong with your account to force you to click on the provided links. This is a common tactic, used even in this “Mailbox Abuse Notice” email. However, whenever you receive an email that asks you to do something, instead of clicking on any links in the email, log in to your account manually and check whether there’s actually an issue. You should do that even when the email looks entirely legitimate.

Finally, before logging in anywhere, you should always check the site’s URL. Phishing sites are made to look identical to legitimate sites but the URL will always give them away. If a site’s URL looks even remotely suspicious, do not type in your credentials.

“Mailbox Abuse Notice” phishing email removal

If you get this email, you can just remove “Mailbox Abuse Notice” phishing email. If you have clicked on the provided button and typed in your login credentials, you need to change your email account password immediately. If you cannot access your email account, contact the provider to see if you can get it back. If it’s no longer possible to access your email account, you need to disconnect the email from all other accounts to prevent them from being hijacked as well.