Office365 “Non-Delivery” Phishing Scam

by | Jan 8, 2019

Below are two emails alleging to be Office365 informing the recipient of undelivered messages.  Can you spot which one is the phishing scam?

Email 1

Email 2

Quick Ways To Identify Phishing Scams

  1. Always look at the URL

If the URL looks in any way incorrect, don’t enter your account information.

If redirected in this case, the URL on the fraudulent landing page is incorrect.

  1. Specificity

Phishing scams will generally omit specific names, addresses, or titles and use phrases like “Dear User”

In this case, the email says “Your messages couldn’t be delivered” rather than “Your message to couldn’t be delivered.”

  1. Display Name

Make sure that the display name matches the URL from the email.

In the fraudulent email, the address is sent from the URL, rather than as from Microsoft Outlook. 

What Can You Do?

“Education and vigilance are the best line of defense against these types of attacks,” said Steve Condit, Director of Partner Development for ITonDemand. Keeping you and your staff informed on what to look for is the most effective way to stay secure.

If you have fallen victim to this scam, the best course of action is to make sure you change the affected passwords as well as any accounts or applications that may have been connected to the affected email address.

If you still have concerns on how to keep your business secure, contact us here.


Download our infographic and learn how to identify a phishing scam when you see one.

Get IT Support