Skip to main content

Undelivered Mail Notification Could Be A Phishing Scam

By July 2, 2019May 17th, 2022Cybersecurity

Hackers are always on the lookout for new ways to freshen up time-tested techniques. Where time-tested techniques are concerned, few are older than the humble phishing email.

In one form or another, it seeks to trick an unsuspecting user to innocently hand over sensitive information, like usernames and passwords that the hacker can then use later for any purpose.

The latest variant on this old chestnut is to send what appears to be a legitimate email, politely informing the user that they’ve received a number of confidential emails that are currently being held for them on a server.  They’re given the choice to either refuse these messages, accept them, or delete them.

This is a case, however, of all roads leading to the same destination.  Whichever linked option is chosen, the user will be routed to a mock-up of a Microsoft Outlook login screen where the user will be prompted to enter his or her credentials.  As you might suspect, there are no actual emails, and the only purpose this box serves is to capture the information for later use.

If there’s a silver lining to this attack, it is that all of the samples that have been collected so far have the faux login box hosted on a hacked domain.  Careful users will quickly note that they haven’t been taken to Microsoft’s domain and the game will be up.

Unfortunately, ‘careful’ does not describe the vast majority of internet users, and this ploy has already taken in its fair share of victims.

Make sure your IT staff is aware of this latest iteration in the ongoing evolution of the phishing email. It wouldn’t hurt to send a company-wide communication to all employees so that it’s at the forefront of everyone’s minds.  It only takes one person to slip up and a hacker could gain access to your company’s network. That’s never a good thing.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.