Undelivered Email Scam

Cybercriminals are using a very simple undeliverable email to trick people into sharing their login credentials with them.

In the latest scam, cybercriminals send out an email letting the employee know that some emails were unable to be delivered. This email tends to trick a lot of people even those who are security aware because it is a plain text type of email with no logos/images that looks like the real thing.

This email urges the employee to click on the link to review the emails that are unable to send. If the employee clicks on the link they are taken to a spoofed credential page that prompts the employee to login with their credentials.

Since this is a plain text email, it’s hard to determine if it is a fake and a scam. The cybercriminals even made the link, a long URL instead of a link called “Click Here.” They want to trick the person into trusting the link they have provided. One smart tactic and safety tip that anyone can use is hovering over the link to see where clicking the link would actually take them. If the employee hovers over the link they would see that it actually goes to a suspicious URL.


  • If there are no logos or images to help spot a phishing email always remember to check the sender, time, subject and hover over any links to determine if it is legitimate or not.
  • Never click on a link or open an attachment from an email you were not expecting. With this particular scam it will look like it came from a program you use. Remember to always be cautious of those emails as well.
  • If you think this might be a real email, log into the application or program yourself to determine if it is. Also, when in doubt have your IT technicians take a look at it to let you know if it’s real.
  • When you receive a notification ask yourself: Have I received alerts like this before? Did I sign up for email notifications?

Learn more tips like this and train your employees with our Security Awareness Training Program.