The “Know Your Customer” Email Scam Steals Your Email Account

If you received an email message from your email service provider that says you need to verify your account due to the latest regulations concerning online safety and KYC (Know Your Customer) ignore it, it’s fake! Your email service provider did not actually send the message; the message is part of an ongoing campaign designed to phish sensitive data.

The email message may claim that you need to verify your account and may provide buttons and links to a website to do so. Do not click the links or buttons, and do not visit a third-party website associated with this email message. The purpose of the website linked in the message is to masquerade as an email service provider in order to trick you into providing your email address and password.

Here’s an example of a scam email message:

Due to the latest regulations concerning online safety and KYC
procedure ( Know your Customer ), we are sending this urgent notice to all
Email Administrator users, in order to filter real and active accounts.
In order to avoid your accounts from being shut down and disabled,
please confirm you are still using your account now:

As you see, the email message may appear to be from a legitimate source requesting verification. When directed to a website the website may also appear to be a legitimate website used to sign into your email account, but it’s not. The logo of the email provider will change when the URL is changed.  In addition, you can enter the incorrect password twice before it shows an Update Completed webpage.

If you fell victim to the Know Your Customer scam it is advised to immediately change the password to your email account and passwords to other online accounts if they share the same password. Email service providers like Gmail have two-factor authentication in place which is great at keeping your email account protected. If someone tried to access your Gmail account you would be notified. However, this may not be the case with third-party email clients like Roundcube or Zimbra so make sure to check your security settings and/or contact your email service provider to ensure no unauthorized access can be made to your account.