“Webmail Quota” Phishing

We’re seeing renewed activity in attempted Webmail identity theft Phishing emails. The current campaign attempts to get your attention by stating that you’re over your allowed storage limit. A typical example:

Subject:      Your Webmail Quota Has Exceeded The Set Quota

Your Webmail Quota Has Exceeded The Set Quota/Limit Which Is 20GB.

You Are Currently Running On 23GB Due To Hidden Files And Folder On Your Mailbox.

Please Click the Link Below To Validate Your Mailbox And Increase Your Quota.

Click here: http://icebrrg.com/Public/ViewForm.aspx?formID=47626

Alternatively copy and paste the link on your browser.
Failure To Click This Link And Validate Your Quota May Result In Loss Of Important Information In Your Mailbox/Or Cause Limited Access To It.


Users that follow the link are provided with a decent looking form asking them to validate their email username/password. Doing so will then enable the spammer to access your email account for the purpose of sending more spam, and committing additional fraud.

This campaign appears to be relatively successful as many of the samples we’ve reviewed have come from apparently legitimate email accounts already hijacked by the spammers, likely with the same Phish.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , ,

3 Responses to ““Webmail Quota” Phishing”

  1. bubik says:

    I was wondering, if I only typed my details but did not submit the form (since i realized a second before i sent it that it is a scam) would the spammer still got my details?

  2. Bruce Yager says:

    Sending the contents of a form without it being submitted, while possible, is very unlikely. You don’t need to worry about that. There is something you should worry about though: If you visited the site hosting the form it’s quite possible that it planted some kind of malware on your machine.

    You might want to try scanning with one of these:


    Both of the programs linked above have good free versions. Some particularly nasty viruses can prevent their installation though. If that happens you should consult a competent professional about having any viruses removed.

  3. bubik says:

    thanks!! this is very helpful! 🙂