Account notification email warning? Don’t follow the instructions

If you’re returning to an overflowing inbox after the Easter holiday weekend, make sure that you don’t fall for the latest scam being distributed widely by spammers.

Emails claiming that recipient’s accounts have been temporarily suspended are being seen around the world today, attempting to trick users into believing that their email account has been accessed by somebody else.

The spammed-out emails try to hoodwink users into running the attached file (Instructions.zip) which is, predictably, carrying a malicious payload.

Malicious account notification email

Sign up to our free newsletter.
Security news, advice, and tips.

Here’s what the emails look like:

Dear Customer,

This e-mail was send by example.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions

(C) example.com

In an attempt to make the email more convincing, the attackers reference the domain name (for instance, example.com) used by the recipients’ email account in the emails they are spamming out.

Sophos detects the malicious attachment proactively as Mal/FakeAV-BT and Mal/BredoZp-B, but users of security products from other vendors would be wise to ensure that they are properly updated and protected.

The hackers are once again using a tried-and-trusted social engineering trick (in this case trying to fool you into believing that your account has been compromised) to lure you into the serious mistake of opening the attached file.

Wiser computer users should have learnt by now that you should always be extremely suspicious of unsolicited attachments.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.