There’s a new phishing scam circulating in which the victim receives an email claiming that undelivered mail is being held for them on their Outlook Web Mail service.
The email will have the subject line “Notifications | undelivered emails to your inbox”. The email body contains a table of undelivered emails including the date of the email, who it is from, and the subject of the email. This is supposed to tempt the user into taking action.
The email asks the user whether they want to delete all of the emails in the list, deny them, allow them to be delivered, or whitelist them for the future. It doesn’t matter which link the user clicks on, they will be redirected to a fake “Outlook Web App” landing page which asks them to enter their login credentials in order to progress further.
The login screen does emulate the Microsoft Office Outlook login screen which causes users to have some confidence in its legitimacy. Once the victim enters their credentials the page saves them so the scammer can retrieve them later on.
World-Wide Business Centres
Office Space, Meeting Rooms, Virtual Offices, CoWorking and FlexSpace
575 Madison Avenue – 10th floor
New York, NY 10022