Malware, Phishing

Phish quota exceeded In your mailbox

This is a type of phishing scam that was brought to my attention on a specialist list a few days ago by my good friend Rob Slade, though apparently the ploy has been in use for a few months.

It's actually a variation on the approach of: "This is your system administrator speaking: login here or Something Bad will happen." That's a ploy that has been successfully used by phishers and malware distributors for many years, but it's worth reminding people that it exists – and as this example turned up in my mail this morning, I thought you might find it interesting.

The message looks something like this. (Actually, the one I received looks exactly like this apart from a little judicious removal of headers and the URL.)

Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re-Validate - > Click Here: []

Note: Do not send email or Password to any one via email.

System Administrator.

The example Rob flagged was a little longer, though not much better written. It gave a spurious figure for the allowed mailbox size and told him how many kilobytes his mailbox is supposed to have reached (nothing impresses a victim like a spurious statistic). It also told him that his account would be disabled if he didn't validate it within 48 hours. (That's a characteristic attempt to panic a phishing victim into doing something rash.)

In both cases, “something rash” would be clicking on a link which turns out to be a spreadsheet located at spreadsheets.google.com, via an SSL/TLS connection, to give it a spurious appearance of safety – using HTTPS means nothing if the connection is to a malicious site. And there's no doubt about the malicious intent here: These spreadsheets are capturing sensitive data into a database, not personalized administrative requests.

A more sensible response would be to advise Google of the malicious link. Apparently, use of this particular vector is tailing off, as Google has been responding quite effectively. However, Google spreadsheets are not the only way to capture data. The internet is bulging with PHP form templates and other freeform styling tools that can be used by a malicious site.


Additional tips of the hat to Steven Adair and Jose Nazario for information and discussion.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.