Bleeping computer reported a new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form.
Corin Imai, Senior Security Advisor at DomainTools:
“The phishing message prompting victims to click on a link to release undelivered emails is a variant on a classic: phishing scams tend to leverage on urgency so as to elicit an instinctive response in the receiver.
Security aware users would have noticed however that the subjects of the allegedly undelivered emails were all quite suspicious, and that the URL of the landing page did not match the one of the users’ email server. This is something all email and Internet users should check before clicking on anything unsolicited.
Organisations need to remember that nothing trumps prevention when it comes to cyberattacks in general, and phishing scams in particular: user awareness can block a breach before it happens and save them time and resources. An investment in employees’ security training is never a bad investment.”