MailGuard 27 July 2021 14:54:10 AEST 5 MIN READ

Worth A Double-Take: False Email Quarantine Alerts from ‘Outlook’

This recent email attack threatens to steal user login credentials masquerading as trusted Microsoft email web app, Outlook. With over 400 million Outlook users globally, there is a good chance that you and your organisation are at risk of data theft.  

A fraudulent quarantine alert is the bait used for a recent email phishing scam currently being intercepted by MailGuard. Cybercriminals have used Outlook branding to trick unsuspecting recipients into entering their credentials (email username and password) for use in future criminal activity.  

The email arrives as an alert informing the victim of several emails whose delivery has been prevented due to system errors. After which, a link is provided to coerce the victim into reviewing the falsely quarantined emails. Recipients may be tricked into believing that the email is from the ‘Notifications Team’ however it appears to have come from a compromised Office 365 Account.  


This is what the email looks like:


Clicking on the ‘Restore Messages’ link then takes users to the phishing page below. At first glance, this page can be mistaken for the generic Outlook Web App login, however, a closer look at the URL (i.e. waauth1(dot)weebly(dot)com) reveals that it is plagiarized. The page is in fact hosted by Weebly, a popular free web hosting service, and not a legitimate site hosted by Microsoft.  

 MicrosoftTeams-image (2)

If a victim enters their details, they will be met with the following screen, falsely gratifying the recipient with submitting a ‘successful’ request.  

Please note the grammatical errors that appear in the content (in addition to the notable Weebly website hosting) below, provide a good indication that the page is not authentic:  

“NOTE: If password is incorrect, your account will be blocked for security purpose. Thank You. Outlook Team!”  

MicrosoftTeams-image (1)

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in grave consequences for you and your organisation’s security.  

MailGuard urges users not to click links or open attachments within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from, and/or
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 


One email is all that it takes

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network.

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates