New phishing campaign prompting users to take action on list of undelivered email

• A new phishing campaign is underway that pretends to be a list of undelivered email awaiting action.
• This phishing scam utilizes a landing page hosted on a hacked site making it easier to detect the suspicious URL.

Researchers have observed a new phishing campaign that pretends to be a list of undelivered emails being held on Outlook Web Mail service, prompting users to decide what they wish to do with each email.

More details on the campaign

The email pretends to be a list of undelivered email awaiting action.

• The phishing email has a subject line similar to ‘Notifications | undelivered emails to your inbox’, listing the emails pending to be delivered due to an email validation error.
• This phishing email then prompts users to decide whether they want to delete the emails, resend them, deny them, or to whitelist them for the future, with the respective links.
• Clicking on the links will redirect users to a fake "Outlook Web App" login page that asks them to enter their login credentials.
• Upon entering the login credentials, the page will save them so that they can be retrieved by the scammer at a later date.

Worth noting

This phishing scam utilizes a landing page hosted on a hacked site making it easier to detect the suspicious URL.

The bottom line

If you receive any such email pretending to be a list of undelivered email, remember, it is a scam. Further, it is always best to examine the URL of the login form before entering the login credentials.