Mailbox Quota Exceeded – Email Notification
July 22, 2021
Here’s another example of an email you should always be suspicious of… the “hurry up your email is not working” message. Always be suspicious of messages that try to induce a bit of panic or fear – they do this to get you to click before thinking. The rule of thumb we always get on a soap box to preach about is “never click a link in an email you weren’t expecting.” It’s the fastest way to get a virus or malware installed on your system. And unfortunately, the jerks who send these kinds of messages only have to get you to do it once to get their hands into your system.
There were a number of red flags in this message – once you start to notice them, they’ll stand out to you more readily when you see them in the future.
- The subject of this email I received was “Your mailbox is almost full”, but the main header in the message reads “Mailbox Quota Exceeded”. Both are messages they hope will make you feel a bit anxious and more ready to click a link, but they are contradictory messages. If my mailbox is “almost” full, then its quota hasn’t been exceeded yet. Look for inconsistencies in emails.
- The “from” address has a .jp domain extension at the end, which in this case means the domain is a Japanese domain name. Since my email service is not managed from Japan, this would make no sense.
- The “from” name of “Roundcube Support Team” doesn’t match the “Mywebmaestro IT Team” name in the message signature. Another inconsistency. They will often use information they can match to your email address to create fake names that try to appear as if they are services you use. They often get the formatting wrong, however.
- If you hover over the button link (NEVER CLICK – but if you hover over a link, the browser will show you the address it links to) it shows a suspicious looking address. In this case, roundcube is a webmail app used on an individual domain name – any legit message would more likely include that domain name, or at least the domain name of the service provider you work with. Generic words in a domain like “web” and “app” are used to try to look authoritative.
- The footer has a typo in the code – they meant to use © to display a copyright symbol but missed the semi-colon so it just shows ©. While some dangerous emails do get very close to looking legitimate and are carefully constructed, most are sloppy and contain mistakes like this or spelling issues.
- Maybe the most important issue is that they sent this to me at firstname.lastname@example.org, telling me that email@example.com couldn’t receive more emails unless I took action. If my mailbox was actually full, they couldn’t have sent the notification to me by email.
I hope this example of what to watch for is helpful. And as always, be safe!Share, email, or print this post...