Windows 10 News and info | Forum
August 23, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New Phishing Scam Asks You to Manage Your Undelivered Email  (Read 78 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30367


I Do Windows


WWW Email
« on: June 03, 2019, 02:18:04 AM »
ReplyReply



A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form.

Recently, we have seen quite a few interesting spam campaigns such as account cancellation notices and alerts about unusual volumes of file deletions.

This campaign is just as interesting as it uses the subject line of "Notifications | undelivered emails to your inbox" and pretends to be a list of email being held on the server for you.


Office 365 Phishing Email

The text of this phishing scam can be read below.

Quote
Notifications | undelivered emails to your inbox xxx@xxx.com

Incoming Message Report for xxx@xxx.com           
Messages are pending to be delivered to Mailbox since: 27 May 2019, due to email validation error.

You have below mails pending to be release kindly (Release, Allow OR Deny).

Date   From   Subject
May 27, 2019 11:43:12 a.m.   PT. Kones Taeya Industry   RE: Shipping info for PO # PPWINPVC094
  Score: 5.8, For: xxx@xxx.com, Size: 4.45 KB   Release | Always Allow | Deny

May 27, 2019 07:30:21 p.m.   medicalandhealthcarespecialis@trade-advertise.com
Re:RE:Fwd: Bank swift
  Score: 7.5, For: xxx@xxx.com, Size: 7.13 KB   Release | Always Allow | Deny

May 27, 2019 11:28:14 p.m.   professionalequipment@entrygeneral.de
RE: Payment Authorization Form - WIRE - All State Express Load # 1689
  Score: 7.5, For: xxx@xxx.com, Size: 13.37 KB   Release | Always Allow | Deny

May 26, 2019 12:38:08 p.m.   info@mehtaherbals.com
DHL - Air Waybill
  Score: 8.1, For: xxx@xxx.com, Size: 22.94 KB   Release | Always Allow | Deny


This phishing email then prompts you to decide whether you want to delete all of the emails, deny them, allow them to be delivered, or to whitelist them for the future. Regardless of the link you click on, you will be brought to a fake "Outlook Web App" landing page that asks you to enter your login credentials.


Phishing Scam Landing Page

Once you enter your credentials, the page will save them so that they can be retrieved by the scammer at a later date.

Thankfully, unlike recent phishing landing pages hosted on Excel Online or Microsoft Azure, this phishing scam utilizes a landing page hosted on a hacked site. This makes it easier to detect as suspicious as the URL will not be the correct one for your email server.

As always, when receiving emails that lead to login forms, make sure to examine the URL where the form resides before entering your login credentials. If there is any doubt, always ask your system administrators.

Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page June 26, 2019, 06:17:07 AM