If you receive an email like the below, delete and ignore it. We will never send you an email like this, and passwords at GEN never expire. (You can of course change your password at any time using the portal). It may appear to come from someone you know, or "IT" or another fake address.

Hello yourname,

The passwогd to your mailbox (someone@gen.net.uk) will expire today,

Your webmail will log you out and generate a new passwогd in the next few hours.

Alternatively, if want to continue using your current password. Please use the button below to retain your active password.

Keep Cuггent Passwогd

This email is generated by gen.net.uk's mail server for someone@gen.net.uk.

The actual link given in this case is "ipfs.io" which in this case is a third party being leveraged by the scammers probably unknowingly, but these will get shut down and then be varied almost endlessly. Once there you'll be asked for your current password and given some non-sense about changing it, but essentially the scammers just want your email password.

They avoid spam filters by obfuscating the email using encoding tricks, for example:

Keep Cu=D0=B3=D0=B3ent Passw=D0=BE=D0=B3d

which when decoded renders as "Keep Current Password". This is yet another reason why you should always use plain text in email's, scammers can't hide things in the encoding. If you need help switching your email to plain text, then contact your IT department or raise a ticket at the HelpDesk

When a scammer has your email password, they will login and download all your email's, scanning them for anything of use, that being images, other passwords, and financial information. They will leverage anything found. This can include accessing other sites of discovered passwords, attempting to leverage financial information, and if you are a business, attempting to divert payments to their own bank accounts, and many more.

Then they will either…

Monitor your email on an ongoing basis for anything of use Use your email to perpetrate scams on everyone in your address book, and then anyone else they want to - which will result in your email being blocked but not immediately.

IF YOU HAVE PUT YOUR PASSWORD INTO A SCAM LIKE THIS, LOGIN TO THE PORTAL AND CHANGE IT NOW. If you can no longer login to the portal, contact your IT Department for assistance. If you are managed directly by GEN then raise a ticket at the HelpDesk and we'll reset it for you, but you must provide a mobile phone capable of receiving a text message so we can send you the new password.