Storage Limit Reached Scam Tricks Users Out of Email Credentials

There is a lot of data to store these days. The average user gets somewhere between 50 and 100 email messages per day and that takes up storage space somewhere. It might be stored in the cloud, but it may also be stored on a server in the cold room of the IT department. Wherever it is stored, the servers have limited space. Therefore, most organizations set a limit on how much of a hard drive each person can use. When that limit is reached, it’s time to do a clear out of messages. Scammers are using this tidbit to trick people into giving up email login credentials.

The Better Business Bureau (BBB) reported that its users were receiving an email message that claimed their storage was full and they needed to click an included link to validate the account and add storage. When the link was clicked, a form appeared that requested email address and password. Once the information was entered, the form disappeared and a dialogue box appeared stating that all is well.

Unfortunately, those users gave up their information to someone who could use it to send spam, distribute malware, or to commit some other type of fraud.

There are ways to identify potentially harmful messages.

-Don't just believe what you see. Scammers can fake anything from a company logo to the sender’s email address with relative ease.

-If an email arrives unexpectedly or by an unknown sender, do not click on links or open files that may be attached to them.

-Use your sixth sense. If something appears to be suspicious, confirm it first. Contact the sender directly from a number you know is accurate or by starting a new email message. Don’t reply to the original one. Walking to the sender’s desk or office may be another option.

-If something is generic, it should be met with suspicion.

-Always be wary of messages that don't contain your name or other personalized information or references.

-Use unique passwords for each online account you create. This will reduce your risk of password reuse being successful for a cybercriminal.

The subject line reported by the BBB was “[name]@[company.com] update required” and appeared to come from a webmaster domain account. If you receive something similar, confirm its legitimacy with your IT department before taking any action.

© Copyright 2017 Stickley on Security