How this scam works
You get a message warning that one of your accounts - email, streaming, payment, or social media - will be suspended or permanently locked unless you confirm your identity right away. A button or link promises to fix it in a single step.
The link leads to a fake login page that mirrors the real service. When you sign in to save your account, you hand your username and password to the attackers, who then take over the real account.
Why it works and who scammers target
The threat of losing access to something you use every day creates fear and a strong urge to act fast. Because the message names a service you really have, it feels personal and believable.
Scammers send these lures to huge lists and to leaked email addresses. They do not need to know which services you use - they simply imitate the most popular ones and wait for matches.
The warning signs in detail
Watch for tight deadlines like 'within 24 hours' or 'account will be deleted today', combined with a link to log in. Real providers usually let you resolve account issues by signing in through the official app or site, not through a one-click email link.
Check the sender address and the web address of the page. Misspellings, odd domains, and pages that ask for your password plus extra details such as card numbers are strong signs of a fake.
How to protect yourself and what to do if hit
Do not use the link in the message. Open the service directly through its official app or by typing the address yourself, and check your account status there. Turn on two-factor authentication so your account stays protected even if a password leaks.
If you already entered your details, change that password at once - and anywhere else you reused it - then review recovery email and phone settings for changes. Contact the provider's official support to secure the account, and report the message as phishing.