Beware “Your mailbox is almost full” Spam (or Phishing) attempts

Have you received an email saying that your mailbox is almost full, and offering a link to click to reduce the size automatically?

This is an example of spam or phishing.

9 Jan, 2015

Have you received an email advising that your mailbox is almost full? You didn’t click the link in it, did you?

A client of mine received such an email (see below) and queried it with me.

Screenshot of spam or phishing email warning of full mailbox

This is spam and an example of many that have been sent out over the past few years to unsuspecting website owners. Spam is inconvenient but usually harmless.

Phishing attacks

However, some, like this one, can represent a threat. You’ll see from the screenshot that the email contains at least one link that recipients are invited to click. If you click a link in such an email you may allow malware/viruses to be installed on your computer. You might also be directed to a website that invites you to enter some personal details, and maybe a username and password to gain access to your mailbox. This is an example of ‘phishing’ and providing this information will let the perpetrators gain access to your mailbox, from which they can then get hold of (and send emails to) your contacts. You might also have other username and password information sitting in those emails for other services you use… anyway, you get the point!

How to spot a phishing email

Many tell-tale signs should alert you to the danger in these emails, but busy people don’t always have the time to read things properly – my clients’ initial reaction may well have been ‘I’d better action this quickly as I don’t want to lose any emails’. In the example above…

1. The email came from an email address that is not related to the business. This isn’t always a good indication of phishing, but if you don’t recognise the email address that should cause you to question things a little

2. The spam monitoring had already identified the email as potential spam and placed the ‘[spam]’ tag at the start of the subject line

3. The language isn’t quite ‘perfect’… ‘Click here to reduce size automatically’ is more than a little suspicious

4. The ‘Click here’ link points to a website that clearly has nothing to do with the recipient. Floating over the link shows the target URL as http://kirirumcurtain.com/hi/auto/newp/ii.php?email=[with the email address here]. Googling that domain name shows that it is a site owned by a business in Cambodia (although it looks like it is hosted in the US). Anyone clicking on the URL will trigger a script to run on the target website, and there’s no telling what it could do. So please don’t!

McAfee site advisor warns about this site as a potential phishing site that… “might send your personal information to people online who can use it to access your financial information, or steal your identity.”

Google search result showing phishing site warning

If you do happen to click on such a link, our advice would be to run a good virus-checking programme against your computer and change any login credentials that you passed over to the phishing site (and any more that you think might also be compromised).

Of course, it’s not a bad idea to keep your mailbox under regular control anyway – so why not take a look and see what you can delete? It’ll cut down the space taken, reduce backup times (you do back up don’t you?), make things a little easier to find, and could possibly improve the performance of your system.

Let us know if you’ve seen this or other phishing attempts. Did you click the links? What happened to you?

1 Comment

  1. Claudia

    I clicked on the link and got this website is blocked. Am I still safe or should I be worried?

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

You may also like…

How do canonical links work in wordpress?

How do canonical links work in wordpress?

Canonical links are used to indicate the preferred URL of a webpage that has multiple versions or duplicates of the same content. This article explains canonical links in depth.

Share This
Martin Jarvis

Martin Jarvis

I typically reply within an hour

We're here Monday - Friday during UK working hours. Drop us an email and we'll get back to you.

Martin Jarvis
Hi. It's Martin here. How can I help you?
Start Chat with:
chat