Home » Blog » Cybersecurity » Scams » “Email Password Expired” Email Message Steals Your Passwords
Email Password Expired

“Email Password Expired” Email Message Steals Your Passwords

  • The Email Password Expired email message tries to phish your email account’s password.
  • The email message contains a link to a fake email login page.
  • This page explains the scam and what to do if you fell for it.

If you receive an email message that says “Email Password Expired” and claims that your password expires in a few days, don’t be alarmed, and don’t click any links in that email message!

Email Password Expired


A new email scam campaign is currently on the move and many people around the world are receiving unwanted email messages that say “Email Password Expired” and urge the recipient of the message to change their password or keep the same password by visiting a link and logging into their email account again.

In some cases the email message is able bypass spam filters and be delivered right into an inbox making it appear more legitimate than known spam; However, the message is not legitimate and those who fall for this phishing scam will have their email account’s password stolen.

Transcript of the email message:

Email Password Expired.
From Email Server

Hello ,

The password for expires in a few days
You can change your password or continue to use the current password.

Keep the same password

Web-Mail Support.

Clicking on the link in the email message will bring you to a fake email login webpage asking you to provide your password. Do not enter your password!

If you fell for the scam and provided the password to your email account it is advised to immediately change the password to your account to something new and unique in order to stop unwarranted access to your account.

Here are some guidelines to follow when creating a new password:

  • Create a unique password. Don’t use the same password for more than one account.
  • Use special characters such as !@#$& to make your passwords harder for people to crack.
  • Use multi-factor authentication (MFA) such as two-factor authentication (2FA) whenever possible to add an extra layer of security.

Lead Editor

Sean is a tech author and engineer with over 20 years of experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and other topics. He is featured in several publications.

More Reading

Post navigation

Does Mary Johnson want to send you $8.5 million?

The “Know Your Customer” Email Scam Steals Your Email Account

Scammers ask for Bitcoin in latest email scam