Webmail Password Expiration Scam

One of my e-mail addresses was targetted with a quick succession of emails claiming my webmail password was due to expire and that I had to update it by clicking on the link(s) which took you to a copycat of an actual cPanel Webmail login page where your login details could be "harvested".

Here's what the e-mails looked like:

Date: 09/05/2025, 00:35

From: [Your domain name] liqiong.he@minicircuits.com

To: [E-Mail address redacted]

Subject: Final Reminder: Email Password Expiration Today

webmail scam email

A second email came 2 hours later.

Date: 09/05/2025, 02:05

From: [Your domain name] liqiong.he@minicircuits.com

To: [E-Mail address redacted]

Subject: Final Reminder: Email Password Expiration Today

webmail scam email

Notes

The sender e-mail address bears no connection to webmail and the click-through link https://greenpanel.pro/ which when I first visited showed an exact copy of a webmail login. Since that time the page has been blocked.

greenpanel fake webmail login page

 

Further emails followed stressing the urgency.

Date: 09/05/2025, 02:40

From: [Your domain name] adilson.madeira@remax.pt

To: [E-Mail address redacted]

Subject: Account Alert: IMAP/POP3 Disabled – Re-validation Needed

webmail scam email

 

Further emails followed stressing the urgency.

Date: 09/05/2025, 02:48

From: [Your domain name] adilson.madeira@remax.pt

To: [E-Mail address redacted]

Subject: Notice: 9 Emails Quarantined – Review Needed

webmail scam email

 

And the same email a few hours later.

Date: 09/05/2025, 07:57

From: [Your domain name] adilson.madeira@remax.pt

To: [E-Mail address redacted]

Subject: Notice: 9 Emails Quarantined – Review Needed

webmail scam email

 

And in quick succession.

Date: 09/05/2025, 07:58

From: [Your domain name] adilson.madeira@remax.pt

To: [E-Mail address redacted]

Subject: Account Alert: IMAP/POP3 Disabled – Re-validation Needed

webmail scam email

 

 

Recommendation:

Just delete the e-mail.

 

 

Another phishing email received, this time describing itself as a system update;

Date:

From: [Your domain name]

To: [Your domain name]

Subject: Action Required: [your email address redacted] Please confirm to continue.

webmail scam email

Notes: The click through address... https://adclick.g.doubleclick.net/pcs/click?sqi=SPXoR7c4t35lLEpZ_YMvCKWCEAE&urlfix=1&adurl=https://ipfs.io/ipfs/bafkreie7vvwqmkoxi3plxo4ye
7xpj2uwsdvmj6kk7j7ybrccyjkmx5n3ym#[your email address] This looks to be a redirect from the first web address to the second address to confuse both humans and scam filters.

 

 

Recommendation:

Just delete the e-mail.

 

 

Michael Fowler

 

 

Other articles by Michael Fowler:

Vendor Scam E-Mail - Michael Fowler
Individuals not in business might quickly determine that this spam e-mail is not intended for them but persons in business especially ones who trade internationally might fall for this scam...   more >>

Immediate Peak Phishing Scam - Michael Fowler
So an e-mail purporting to have been sent from the Immediate Peak Investment platform but actually from scammers seeking most probably to obtain your login details to the application...   more >>

Cortts Bank Scam Website - Michael Fowler
Fake Bank websites are often set up by scammers to use in conjuction with other scams. These may copy or mimic an existing genuine Bank website, using a slightly different domain name than the genuine bank or may by an entirely "new" bank you probably won't have heard of because however long they say it has been in existence, it does not and never has existed....   more >>

Another Fake Beneficiary Scam - Michael Fowler
This time USD 40.7 million awaits you if you pretend to be the next of kin of the deceased client of a UK based barrister, well that is the start of a web of lies...   more >>