Your mailbox has NOT been deactivated

Graham Cluley
@gcluley

SophosLabs is currently intercepting a widespread malware attack, being spammed out to innocent internet users under the disguise of a mailbox deactivation notice.

The emails, which have a subject line of “your mailbox has been deactivated”, pretend to come from the recipient’s domain. For instance, if your email address was john.smith@example.com the emails would pretend to be from notifications@example.com.

Subject:

your mailbox has been deactivated

Message body:

We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, [domain name] technical support.

Attached to the emails is a zip file – utility.zip. Under no circumstances should you run the program contained inside the Zip…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.