Fake emails missed by Outlook

Office for Mere MortalsLast updated: 17 July 2018

Email Essentials,Microsoft Outlook,Office 2007,Office 2010,Office for Mere Mortals

There has been a rush of fake emails that are being missed by Outlook Junk email filters even in Outlook 2010 with the latest updates.

All of the messages look very like real messages and appear to come from legitimate companies. Often the only way to quickly pick the fake is to look at the real web link (mouse hover over the link and check the tooltip). Another ‘tell’ is when the message is sent to an address which you know isn’t recorded by that retailer.

As usual, we won’t disclose the fake web site that you’re tried to be tricked into visiting. Suffice to say you should not click on the link in any of these fake messages. Just delete the message.

We’ve included some suggested for making Outlook rules to trap these messages while leaving legitimate messages untouched. Office-Watch.com has written about making rules to block recent spam many times, for example here.

Eventually Microsoft should release a spam update to make these messages go straight to the Junk Email folder, in the meantime lookout for:

Amazon

Lots of fake Amazon orders. They generally pretend to be confirmations for non-existent digital download orders. The order number in the subject line changes. All the web links, including the ‘Click here and see items’ text are really links to another web site.

The subject line and From address are the same as a legitimate order message from Amazon. A real order message from Amazon has a DomainKey/DKIM signature but sadly there’s no way to test that signature inside Outlook.

We suggest you look at the hackers real domain name in the body of the message (use the tooltip) and make a rule to look for that domain name in the body of the message.

GoDaddy

A similar scam, this time supposedly from the large domain sales and hosting firm, GoDaddy.

The ‘order’ is a bulk domain name purchase for over $350.

Fake email - GoDaddy digital order.jpg image from Fake emails missed by Outlook at Office-Watch.com

If you have no dealings with GoDaddy.com you can make a rule to move any message with the phrase ‘GoDaddy.com Order’ in the subject.

Existing GoDaddy customers are probably best advised to just delete the fake messages until Microsoft updates their spam filter.

Microsoft Support

An oldie is back to try fooling people again. It’s curious that Outlook doesn’t pick this as a fake so it appears that the text has been carefully tested to bypass the current spam settings.

Microsoft NEVER sends patches or updates via email so any message like this should be deleted immediately.

Fake email - Microsoft support.jpg image from Fake emails missed by Outlook at Office-Watch.com

We don’t know what is in the attachment and we don’t care – any such file is suspect and should be deleted without further investigation.

Making an Outlook rule for this one is easy – just look for ‘Your Computer has probably been infected’ in the subject line. Any message with that title deserves to be ignored.