Your mailbox has NOT been deactivated

Graham Cluley
Graham Cluley
@[email protected]

SophosLabs is currently intercepting a widespread malware attack, being spammed out to innocent internet users under the disguise of a mailbox deactivation notice.

The emails, which have a subject line of “your mailbox has been deactivated”, pretend to come from the recipient’s domain. For instance, if your email address was [email protected] the emails would pretend to be from [email protected].

Malicious email about mailbox deactivation


Sign up to our free newsletter.
Security news, advice, and tips.

your mailbox has been deactivated

Message body:

We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, [domain name] technical support.

Attached to the emails is a zip file – Under no circumstances should you run the program contained inside the Zip file as it contains the Mal/EncPk-LP Trojan horse.

The clever thing about this attack, of course, is the social engineering. We’ve seen this trick before (of pretending to be from the administrators of your email system) but the reason why it is still being used is because it works. Users panic if they think they might be at risk of having their umbilical cord to the internet cut off and may race to open the attachment before thinking about the malice that might lie behind it.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.