ESET Ireland has been seeing an increased amount of a new fake email, which claims to come from an email provider and asks the receiver to click a link and “update account recovery information” using their actual email address as bait and threatening to close their email account if “not verified in 48 hours”:
Hi <receiver’s email address>,
Starting from Friday, 07 Aug 2015 We’ll be updating the terms and privacy statement for your account due to recent security incidents online.
Your E-mail Account, (<receiver’s email address>) need to be verified as required by our new online security policy. Failure to verify within 48hours will result in permanent closure.
please click HERE to update your account recovery information.
Thanks for taking these additional steps to keep your account safe.
Such emails fall in the social engineering category of phishing, since they “bait” the victim with a promise or a threat, to complete an action the attackers want them to. In this case to click a link, leading to their page, where they either can either get the victim’s email password, or infect their computer with malware.
Upon receiving such emails, do not click on the links in them, mark them as spam and delete them. Never reply to them, as this can just verify to the attackers they’re dealing with a live email account and can try to attack it further.