The "Emails Failed To Deliver" Scam May Be Used To Steal Personal Data
The "Emails Failed To Deliver" scam is a deceptive tactic used by cybercriminals to extract personal information from recipients. These emails are designed to look like notifications about a system error in the email server. Commonly known as phishing emails, they are crafted to trick recipients into taking action that compromises their personal information.
How Does the Scam Work?
In these phishing emails, scammers claim that 14 important incoming emails have failed to deliver due to a system error. They urge the recipient to retrieve these "stuck" emails by clicking a provided button, warning that the emails will be automatically deleted if no action is taken.
Clicking the "Retrieve 14 Emails" button redirects the recipient to a fake login website that mimics the design of their email service provider. For example, if the recipient uses Gmail, the fraudulent web page will resemble a Gmail login site. The purpose of this phishing website is to steal email account login credentials, including email addresses and passwords.
Consequences of Falling for the Scam
If scammers obtain email account login credentials, they can access the compromised email account and steal sensitive information. This allows them to send phishing emails to contacts, distribute malicious links or files, and access other accounts linked to the compromised email. Additionally, they can sell the stolen information to third parties, exacerbating the risk of identity theft and other cybercrimes.
Recognizing Similar Scam Emails
Phishing emails aim to deceive recipients into disclosing sensitive information, either directly through email or via deceptive websites. Scammers often target login credentials, credit card details, ID card information, and social security numbers. Examples of common phishing emails include:
- "Email Account Requires Verification"
- "Messages Have Been Blocked By Your Server"
- "Official Notification: Performance Evaluation Access"
Cybercriminals also use emails to distribute malicious software, adding another layer of risk.
Table of Contents
How Spam Campaigns Infect Computers
Methods of Malware Delivery
Threat actors use emails to deliver malware by including malicious attachments or links. Clicking these links can redirect users to sites designed to trick them into downloading malware or to pages that automatically initiate the download. Attachments can come in various file types, such as Word documents, PDFs, compressed archives, scripts, or executable files.
Execution and Infection
Executable files can inject malware upon opening. Other infected files usually require additional user interactions, like enabling macro commands in malicious MS Office documents.
Preventing Malware Installation
Best Practices
- Avoid Opening Unknown Files or Links: Do not open files or links in emails from unknown senders or those that are unexpected or irrelevant.
- Keep Software Updated: Ensure your operating system, browser, and other software are up to date.
- Download from Reputable Sources: Only download software and files from official websites or app stores. Avoid P2P networks, third-party downloaders, and shady websites.
- Avoid Interacting with Suspicious Content: Steer clear of ads, pop-ups, buttons, and links on suspicious pages.
- Regular Security Scans: Regularly scan your computer for threats using a reputable security tool.
What to Do If You Suspect Malware
If you have already opened malicious attachments, run a scan using an anti-malware program to automatically eliminate any infiltrated malware. Taking these precautions can help safeguard your personal information and keep your devices secure.
