Remove “Mail Cloud Server” email

The “Mail Cloud Server” email is part of a phishing campaign that tries to steal users’ email login credentials. The email is made to appear like a notification email from the email service provider, supposedly informing recipients about their passwords expiring today. According to the email, if users want to keep the same passwords, they need to click on the provided button. However, if users do as the email asks, they will be taken to a phishing site that asks them to log in to their email accounts. If users do as asked, their login credentials will be stolen by cybercriminals, which could lead to their accounts being accessed.

 

 

This “Mail Cloud Server” email is part of a phishing campaign designed to steal users’ email account credentials. It falsely warns recipients that their email account password is about to expire and urges them to click the “Keep same password” button in the email to maintain access. The message implies that accounts will be disabled if action is not taken.

The “Keep same password” button will lead users to a phishing website that closely resembles an email provider’s login page. If users click on the button, they are asked to put in their login credentials, which are then quickly handed over to the cybercriminals behind this phishing campaign. Even if the site appears identical to the legitimate one, the URL will always reveal the phishing attempt.

Cybercriminals may either use the stolen credentials themselves or sell them to other malicious actors. Login credentials are highly sought after by cybercriminals, as email accounts are often linked to various other accounts and contain a lot of sensitive information. If an email account is successfully compromised, it could easily lead to the hijacking of other accounts.

Users who have fallen for this phishing attempt must change their passwords immediately, if they can still access their accounts. If the accounts are inaccessible and no recovery options work, users have to disconnect the email address from all connected accounts to prevent them from being hijacked as well.

The full “Mail Cloud Server” email is below:

Subject: Account Security Notification

Mail Cloud Server

Password for (-) will expire today –

To keep same credentials for – check bellow.

Keep Same Password

Administrator for – Account and services.
© 2025

How to recognize phishing emails?

A lot of phishing emails tend to be quite generic and easy to identify as malicious because campaigns target many users with the same email. Low-effort emails often lack credible information, contain numerous grammar and spelling mistakes, and generally appear unprofessional despite senders claiming to be from legitimate companies. However, when phishing attempts are directed toward specific, high-profile individuals or companies, the emails are typically more sophisticated and can successfully deceive even the most cautious recipients.

For generic phishing emails like this “Mail Cloud Server” email, users usually can spot signs that indicate they are potentially unsafe. One of the first steps to take when receiving an unsolicited email that requests any action (like clicking a link or opening an attachment) is to verify the sender’s email address. In this case, the email address clearly does not belong to the email provider as it does not contain its domain. More sophisticated phishing emails may be sent from more professional and legitimate-looking email addresses but a quick online search can usually confirm if the email address is legitimate.

Another red flag to watch out for in unsolicited emails is the presence of grammar and spelling errors; generic phishing emails are notorious for having these mistakes. While this particular “Mail Cloud Server” email may not have enough text to display obvious mistakes, it looks nowhere near professional enough to come from an email service provider.

When users get unsolicited emails that urge them to click on links or download attachments, users should always consider the contents of the email logically. For example, this “Mail Cloud Server” email states that users’ passwords will expire if they don’t take action. In reality, legitimate passwords don’t expire on random days, and users will never be asked to change their email passwords in this manner.

Lastly, users should avoid clicking on links in emails altogether. When links are present, hovering over them will typically reveal the actual URL at the bottom of the screen. If this URL appears suspicious in any way, users should refrain from clicking on it. If an email suggests that there’s an issue with an account, it’s always safer to access the account manually instead of following any provided links.