There’s a new phishing scam circulating in which the victim receives an email claiming that undelivered mail is being held for them on their Outlook Web Mail service.
The email will have the subject line “Notifications | undelivered emails to your inbox”. The email body contains a table of undelivered emails including the date of the email, who it is from, and the subject of the email. This is supposed to tempt the user into taking action.
The email asks the user whether they want to delete all of the emails in the list, deny them, allow them to be delivered, or whitelist them for the future. It doesn’t matter which link the user clicks on, they will be redirected to a fake “Outlook Web App” landing page which asks them to enter their login credentials in order to progress further.
The login screen does emulate the Microsoft Office Outlook login screen which causes users to have some confidence in its legitimacy. Once the victim enters their credentials the page saves them so the scammer can retrieve them later on.
The URL of the fake landing page is the URL of a hacked site and does not pose as a Microsoft or Outlook URL which should cause users to be tipped off that this is a scam if they catch it before they enter their credentials.
We recommend that you don’t click on any links if you receive an email telling you that you have undelivered mail. This is because any undelivered messages will be placed in your Drafts or Outbox folder within your email app. Microsoft will never send you an email telling you that you have unsent email.
As an additional layer of security, you can adjust the settings of your junk mail filter to make it more sensitive to junk mail. This may mean that some non-junk emails will also fall into your junk folder, but as long as you check your junk folder regularly, this shouldn’t be a problem.
You can change the level of protection in the Junk Email Filter by following this guide from Microsoft.