“Upgrade Account” – Do not trust this fake email

Written by Robert Bailey

The “Upgrade Account” virus is a common name for the unwanted email spam you can get in your mailbox. These messages consist of fake requests about your account in a certain application. In this message, you are told that your account’s service terms are changed, and you need to choose the new account type. As the letter says, you need to log into your account to get upgraded automatically. This link, however, leads to the phishing website. You will see the complete description of this scam, as well as the possible risks associated with it in this short article.

GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
Removing email scam manually may take hours and may damage your PC in the process. I recommend you to download GridinSoft Anti-Malware for threats removal. Allows to complete scan and cure your PC during the trial period.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

What is the “Upgrade Account” virus?

The name which was attached to this scam by alarmed users does not mean that an unknown person from the app development team really tells you about the changes, blockages, or other things. The fraudsters who steal the credentials in such a tactic just choose this callsign to lull the vigilance. Name of the company they choose is usually a famous thing, that is considered trustworthy by a big number of users. And when the user receives this letter, he/she will not even think that this is a phishing1. The chance that a user will follow the link or launch the file attached to this email message is very high.

UPGRADE ACCOUNT virus spam email

The example of “Upgrade Account” spam message

The hysteria is escalated by the text of the “Upgrade Account” virus email message: it says that you must choose another account type as soon as possible. The causes are mentioned in the message – the account type you used will be canceled for some reasons. This makes the “Upgrade Account” scam different from similar ones – Citibank virus or employee retention credit spam. This method can vary depending on the decision of malware distributors. All looks legitimate, so the victim will likely follow the offered link. The phishing occurs right on the page, which the attached link will open. The user sees the offer to log into his email account and types his credentials. Then, this login information is just transferred to the fraudsters.

Dear *%username%*
We are closing down all outdated versions of the webmail, and you are on the old version as of 3/30/2021
Click the button below and Sign-In to get the latest version of the mailbox to avoid being De-activated on current version.

*email provider name* Webmail support

How dangerous the Upgrade Account virus is?

Regardless of the stimulus the user clicked the link/file, he will lose his credentials. No viruses are downloaded on your PC – you give all the information to the crooks by yourself. Exactly, it is a reference example of phishing. No complicated methods, like exploit kit usage – users will do everything themselves.

Here is a short description of }Upgrade Account” virus:
NameUpgrade Account virus
TypeEmail spam
Hazard typePhishing website
Malware sourceMalicious link
DisguiseNotifications from the certain company about the need for account type upgrade
Protection methods
To remove possible virus infections, try to scan your PC

This malware spreading scheme is also used to spread spyware, banking trojans and keyloggers. All of them are targeted on your sensitive information, usually – on the important login credentials. The second possible type of the virus may be the most harmful one if you make use of online banking. It is aimed at collecting the login credentials on the web pages of the banks, so it can easily thief your login/password. So, the cybercriminals will be able to do whatever they want with your equity2. Meanwhile, spyware may miss your banking credentials but will definitely get all possible data about you and your computer. List of the installed programs, often-used apps, antivirus software onboard, credentials for the social networks – this and a lot of other information will be collected and sent to the command server.

Can I avoid this scam?

The things are not so pessimistic for the “Upgrade Account” virus. It is quite easy to find the difference between the counterfeited email. First, you need to reminisce if you ever had an “Upgrade Account”. It may be very comical to spectate this sort of spam in the case when you don’t have one. However, some users may open the added file/link just because of the simple interest. People can do rash acts, and this is just such a case. Another thing that can help you to see that somebody attempts to scam you is the sender’s email address. The official email address has a unique domain name, and the scammers will not be able to get an email address in this domain. Instead, they will likely create an email address like “noreply-support12961@gmail.com” or even “uasfbp02309@aol.com”. It is quite easy to find the difference between the first one from the second and third, isn’t it?


The example of dubious email address on another online spamming campaign

The final defence level is an anti-malware software. A lot of users have their email conversations in the separated app called mail client. Some of these clients download the attached document at the moment when you check the email. In this case, you must have an anti-malware tool that is capable of proactive protection. The last option makes it possible to block the malware opening when the situation is just like I have described above. The same situation is with added links: to discover that these links are malicious, the security tool must have an internet protection function. All of these functions are available in GridinSoft Anti-Malware, and I will recommend you to use it to protect your personal computer from the “UPGRADE ACCOUNT” virus and similar hazards.

What can I do if I have clicked on the link/file in the spam message?

Don’t panic. The spyware activity is not doom. Of course, the important information you have on your computer is definitely in danger, but the logging keys can easily be changed. First of all, you need to get rid of the viruses you have got through the Upgrade Account virus. I can offer you to make use of GridinSoft Anti-Malware to perform this step.

Removing the viruses with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of the viruses distributed through the described phishing the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - After Cleaning

Now, when the virus is removed, you need to remember which login credentials you inputted after clicking the spam message. Malware is not omnipotent and is not able to steal the logins and passwords which were not in use. So, keep calm and change the login details that are about to be compromised.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)


  1. About phishing methods and ways of counteraction.
  2. Detailed article about the banking trojans on Investopedia

About the author

Robert Bailey

I'm Robert Bailey, a passionate Security Engineer with a deep fascination for all things related to malware, reverse engineering, and white hat ethical hacking.

As a white hat hacker, I firmly believe in the power of ethical hacking to bolster security measures. By identifying vulnerabilities and providing solutions, I contribute to the proactive defense of digital infrastructures.

Leave a Reply