With more people than ever working from home due to the current pandemic — not to mention the number of people streaming Netflix 18 hours a day — many Internet Service Providers are experiencing occasional slowdowns lending some believability to this scam in which the victim receives an email claiming that undelivered mail is being held for them on their email server.
The emails have subject lines similar to “Notification | You Have 10 Undelivered Emails”. In some emails, the body of the message contains a table of supposedly undelivered emails, including the date, sender and the subject of the email. This is supposed to tempt the user into taking action. Other versions of the scam will simply give you a number count of total messages supposedly undelivered.
The email then asks the user whether they want to delete all of the emails in the list, deny them, or allow them to be delivered. It doesn’t matter which link the user clicks on, they will be redirected to a fake “Webmail” landing page which asks them to enter their login credentials which the scammers will then collect.
How to Avoid This Scam
First of all, our servers will never send you an email telling you that you have unsent email. Neither will any other email servers with which we are familiar. Any undelivered messages will be placed in your Drafts or Outbox folder within your email application. As a general rule, we recommend that you don’t click on any links if you receive a suspicious email.
Also, if you do click on a link, verify the web address. For clients with web and email hosting on our servers, your webmail address is always in the format of 'www.yourdomain.com/webmail.' For those hosting on other 3rd-party servers, the format is generally very similar. Seeing any other address is a big red flag something is not right.
As always, if you recieve an email you're concerned about, please feel free to forward it to us for review.
Posted on April 7th, 2020 at 1:30 PM
by CodeMonkey