Phishers Steal German E-Mail Passwords, Full Mailbox Scam Goes International

Bitdefender is issuing an alert over the German Full Mailbox scam, a fast-spreading phishing campaign that steals Germans’ e-mail credentials through a phony survey. The scam, also in English, redirects users to a Dutch phishing website.

“Your mailbox has the storage limit, the 20GB as set by the administrator,” reads a poorly crafted German-language email allegedly from the system administrator. “When you will exceed 20.9GB, you won’t able to send or receive new mail until you re-validate your mailbox.”

Clicking a link in the e-mail takes victims to a survey where they are meant to type in their name, e-mail address and password. They are then redirected to the survey site where they can download the confidential passwords and names of other users who were similarly duped.

A Bitdefender analysis of the data base used in the Full Mailbox scam shows that many victims’ passwords are insecure, and simply reproduce their usernames. Bitdefender would like to remind its users that passwords should be complex enough to prevent security breaches and shouldn’t be re-used on different accounts.

Bitdefender blocks the spam e-mails and the phishing websites, so users who have the antivirus solution installed are protected. The company advises users to keep their software updated, including their antivirus.

This article is based on the technical information provided courtesy of Andrei Serbanoiu, Bitdefender Software Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.