Outlook isn’t catching ‘CNN.com Daily Top 10’ phishing trap


Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

A new phishing message is arriving in Inboxes and mostly not being caught by Microsoft Outlook’s anti-spam and phishing filters. We have details and how to block the fake emails.

A new phishing message is arriving in Inboxes and mostly not being caught by Microsoft Outlook’s anti-spam and phishing filters.

The message is headed ‘CNN.com Daily Top 10’ with the sender as ‘Daily Top 10’ and a constantly changing (and probably fake) senders address.

Outlook 2007 - fake CNN message image from Outlook isn

The phishing message looks sincerely from CNN. It mimics the design of the CNN site, the headlines used are current ones and the top link does point to the real CNN site. But the majority of the links are NOT legitimate and point to various phishing sites you don’t want to visit. Many image links are to cnn.net – not the real cnn.com

Of course, the message is NOT really from CNN. CNN does have a ‘Daily Top 10’ email newsletter but the sender is consistent and all the links are to CNN.com

All up this is a clever phishing effort – designed to fool both people and computers. I suspect variations on this theme will appear over the next few days and weeks.

On our test machines set to High junk email filtering (Actions | Junk E-mail | Junk E-mail options) in Outlook 2003 and Outlook 2007 normally don’t move these messages to the Junk E-mail folder. Most are left in the Inbox.

On the upside, the picture links are blocked by default in Outlook.


A suggested Outlook rule

Since Outlook can’t currently deal with all these bogus messages, you can setup a rule to deal with them. If you don’t get the real CNN ‘Daily Top 10’ message then you can create a rule which looks for that text in the senders name and moves the message to the Junk E-mail folder. ( The senders address changes for each message so that won’t work in the rule. Using the subject line in the rule might conflict with real CNN messages. )

Outlook 2007 - suggested rule to deal with fake CNN message image from Outlook isn

A manually created rule is just an interim measure until Microsoft’s next update to their spam filter which should deal with these messages properly.

It’s quite possible that variations on this phishing scam will come out and any rule you create will be obsolete. You might decide the easiest option is to simply hit the delete key when you see these Inbox pests until a permanent solution is rolled out.

subs profile e1563205311409 - Outlook isn't catching 'CNN.com Daily Top 10' phishing trap
Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address