A sneaky way of getting people to click on spam is to send a note that claims “your email couldn’t be delivered.” Let me show you some examples of the subtle Undeliverable Phishing that I’m seeing these days:
As spam goes, these are pretty convincing. The sender addresses usually look legit, and the undeliverable-verbiage is mirrored from other mail delivery messages. So where’s the phish come in?
When someone receives this sort of email, they may start to look around for more info. There’s not a whole lot of detail at the top, but if you scroll down, other things will grab your attention:
There’s your bait. The initial email raised questions to lure the victim into scrolling and looking for answers. Phishers are hoping that you’ll click on the first detailed item at the bottom of the message.
To be clear, the buttons and graphics shown in the above screenshots are fake, and they do not do what you would expect. If someone is duped into clicking on any links, pics or messages at the bottom of these phishes, they run the risk of:
- Attracting more spam by confirming your email to the crooks
- Visiting a scam website, like a fake Microsoft Alert page
- Opening a new outbound email, that is pre-addressed to many unknown addresses
- Being phished for their email or social media passwords
If you receive an undeliverable notification, and it doesn’t make sense, just delete it. Don’t interact with it. You may report it as spam/junk, but do not “block” the sender. Why? Because remember: the From: address has been faked, to show a real email address. If you block it, then you may not receive legitimate notices in the future.