A new phishing campaign is underway that pretends
to be a list undelivered email being held for you on your Outlook Web
Mail service. Users are then prompted to decide what they wish to do
with each mail, with the respective links leading
to a fake login form.
This campaign is just as interesting as it uses the subject line of “Notifications | undelivered emails to your inbox” and pretends to be a list of email being held on the server for you.
Thankfully, unlike recent phishing landing pages hosted on Excel Online or Microsoft Azure, this phishing scam utilizes a landing page hosted on a hacked site. This make it easier to detect as suspicious as the URL will not be the correct one for your email server.