The Verify Your MailBox Scam is a new phishing scheme that is being orchestrated by an unknown hacker collective. It seeks to manipulate computer users into believing that their inbox is reaching its quota and redirects them to a hacker-comtrolled site.
|Name||Verify Your MailBox|
|Type||Scam / Malware|
|Short Description||Aims to trick victims to be redirected to a third-party site that hijacks sensitive personal data.|
|Symptoms||Email messages that claim that their inbox quota has been reached.|
|Distribution Method||Via e-mail messages that imitate legitimate email notification messages .|
|Detection Tool|| See If Your System Has Been Affected by Verify Your MailBox |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Verify Your MailBox.|
Verify Your MailBox Scam – Overview
Malware researchers have discovered a new phishing scam that is being distributed at users worldwide. There are several possible routes of delivery that can all be executed at the same time. There are several methods that remain the most popular:
- Email Messages — The hacker operators can orchestrate large email campaigns that carry the phishing message. It is disguised as being sent by a legitimate company by hijacking their original text, images, design elements and templates.
- Phishing Web Sites — The hacker operators create specific sites for the Verify Your MailBox scam. They may impersonate the domain names or use other tactics to confuse the users into falling victim to the scam.
- Scripts & Ad Redirects — Another probable scenario is the use of malicious scripts (pop-ups, redirects, banners, in-line hyperlinks and others) and ad networks that can possibly be made visible to legitimate sites as well.
An interesting feature is that once the users are redirected to the hacker-controlled page that ultimately presents the Verify Your MailBox Scam message the site will automatically pull a favicon of the relevant target site. In this partitcular this is the EmsiSoft company, a vendor of security software.
The message is constructed to read the following text:
Verify Your Mailbox
Your email has exceeded the storage limit. You cannot do it
Make the most of your mail account until you re-verify your
This is a service annoucements about your account.
Failure to comply with this notice will result in errors and
suspension of your membership.
Re-validate the mailbox now updated
The scam uses the familiar tactics of sending a message that warns users that their mailbox is to exceed its limit. There are several ways that the scam can be discovered. The service announcements will likely not include any links leading outside of the hosting provider’s domain. The other other serious issue with this phishing scam is the fact that users can check for themselves their inbox size by going to the relevant account information menu. In almost all cases the computer users that receive the fake message will be able to verify by themselves when the limit has been reached.
These email messages can be heavily customized to redirect the users to dangerous sites or phishing forms. They are programmed to harvest sensitive data about the victims by presenting text fields that pose as legitimate looking ones. Consequently the following data can be hijacked:
- Personally-Identifiable Data — This type of data includes information that can personally reveal the victim’s identity. Example content includes the victim’s name, address, location, interests, passwords and other account credentials.
- Campaign Metrics — The criminals can also hijack data that can be used to optimize the ongoing attacks. They can include a complete profile of the installed hardware components, certain operating system values and etc.
- Preset Web Tracking Data — The hacker operators can embed several types of web tracking elements that give the operators real-time information on how the victims interact with the presented content.
One of the interesting characteristics of this particular campaign is that the hacker operators redirect the victims to a site showcasing an Emsisoft maintenance portal. Computer users should know that the company is not connected to any email hosting solutions. The analysis reveals that the final page that the victims are redirected to a legitimate site that belongs to the company. This is done via a link redirect that displays the home page of EmsiSoft.
Verify Your MailBox Scam — Possible Development
Threats like this Verify Your MailBox Scam can be created in the future as well by possibly customizing this particular type. The operators can add new steps or replace the EmsiSoft final landing page with another legitimate service.
A dangerous characteristic of scams like this one is their ability to be used as payload delivery devices for viruses. This is caused by the fact that they lead to user interaction with hacker-crafted scripts. When navigating to the phishing pages the code may automatically trigger a download action that retrieves a virus instance from the hacker-controlled servers.
The security researchers note that downloading a legitimate favicon along with the redirect to an official page of a well-known vendor may evade certain security filters.
In the last few years threats like the Verify Your MailBox Scam include social media login buttons. They are placed in order to coerce the victims into interacting with a well-known service (usually Facebook or Twitter). When they enter in their credentials into the forms the criminals will automatically be able to retrieve any content that is being sent.