steven36 Posted June 3, 2019 Share Posted June 3, 2019 A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form. Recently, we have seen quite a few interesting spam campaigns such as account cancellation notices and alerts about unusual volumes of file deletions. This campaign is just as interesting as it uses the subject line of "Notifications | undelivered emails to your inbox" and pretends to be a list of email being held on the server for you. Office 365 Phishing Email The text of this phishing scam can be read below. Notifications | undelivered emails to your inbox [email protected] Incoming Message Report for [email protected] Messages are pending to be deliver to Mailbox since: 27 May2019, due to email validation error. You have below mails pending to be release kindly (Release, Allow OR Deny). Date From Subject May 27, 2019 11:43:12 a.m. PT. Kones Taeya Industry RE: Shipping info for PO # PPWINPVC094 Score: 5.8, For: [email protected], Size: 4.45 KB Release | Always Allow | Deny May 27, 2019 07:30:21 p.m. [email protected] Re:RE:Fwd: Bank swift Score: 7.5, For: [email protected], Size: 7.13 KB Release | Always Allow | Deny May 27, 2019 11:28:14 p.m. [email protected] RE: Payment Authorization Form - WIRE - All State Express Load # 1689 Score: 7.5, For: [email protected], Size: 13.37 KB Release | Always Allow | Deny May 26, 2019 12:38:08 p.m. [email protected] DHL - Air Waybill Score: 8.1, For: [email protected], Size: 22.94 KB Release | Always Allow | Deny This phishing email then prompts you to decide whether you want to delete all of the emails, deny them, allow them to be delivered, or to whitelist them for the future. Regardless of the link you click on , you will be brought to a fake "Outlook Web App" landing page that asks you to enter your login credentials. Phishing Scam Landing Page Once you enter your credentials, the page will save them so that they can be retrieved by the scammer at a later date. Thankfully, unlike recent phishing landing pages hosted on Excel Online or Microsoft Azure, this phishing scam utilizes a landing page hosted on a hacked site. This make it easier to detect as suspicious as the URL will not be the correct one for your email server. As always, when receiving emails that lead to login forms, make sure to examine the URL where the form resides before entering your login credentials. If there is any doubt, always ask your system administrators. Thx to Michael Gillespie for the sample. Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.