‘E-MAIL DELIVERY BLOCKED’ Email Scam [Explained]

Photo of author

Written by: Stelian Pilici

Published on:

A new phishing scam has emerged that aims to steal email account credentials. The malicious emails carry the subject line “[Review] Mail Delivery Suspended For” followed by the recipient’s email address. The body of the email states that email delivery has been temporarily blocked and provides a “REACTIVATE DELIVERY” link to reactivate access. This is a complete scam designed to trick victims into giving up their login information.

Online Scam

What is the E-MAIL DELIVERY BLOCKED Email Scam?

The E-MAIL DELIVERY BLOCKED email scam is a phishing attack that aims to steal email login credentials from victims. Scammers send out emails pretending to be from major email service providers such as Gmail, Yahoo, AOL, Outlook, etc. The subject line will say something like “[Review] Mail Delivery Suspended For” and include the recipient’s email address.

The body of the email claims that the recipient’s incoming email access has been temporarily blocked by the service provider. It instructs them to click on a “REACTIVATE DELIVERY” link included in the email to regain access to their account. However, this link does not actually go to any account reactivation page. Instead, it takes victims to a fake phishing site carefully designed to mimic a real email login page.

Any credentials entered on this phishing site will go directly to the scammers behind the attack, giving them full access to the victim’s real email account. From there, they can potentially reset passwords and take over many other online accounts that use the same email address and password combination. This scam can quickly spiral into devastating identity theft and financial fraud if precautions are not swiftly taken.

How Does the E-MAIL DELIVERY BLOCKED Email Scam Work?

The criminals running this phishing scam put significant effort into making their emails and websites look authentic in order to trick victims.

The messages are made to appear as if they are official notifications from trusted email providers. The subject lines will be urgent and personalized with the recipient’s email address. The body content warns that access has been cut off and provides a call-to-action link to immediately regain access.

The “REACTIVATE DELIVERY” link included does not actually go to any real account reactivation page on the email provider’s website. Instead, it takes victims to a sophisticated phishing site that mimics the login page for services like Gmail, Yahoo, AOL, Outlook, and others. The fake site looks very similar to the real one with identical logos, web design, and branding. Any unsuspecting user who enters their credentials hands them right over to the scammers.

Once the criminals have captured a username and password through their phishing site, they quickly access the victim’s actual email account using that login information. From within the real email account, the scammers can potentially reset the passwords on any other accounts linked to that email through the standard “forgot password” process.

By clicking forgot password and having the reset link sent to the compromised email, the criminals can now access and take over the victim’s social media, banking, shopping, and other accounts. They can steal personal information, make fraudulent purchases, impersonate the victim, and access any other private data connected to those accounts.

The scammers can also use the hacked email account to send out more phishing scams and malware. By impersonating the victim, they can email all of the account’s contacts promoting new phishing links, infected file attachments, or scam pleas for money or assistance. This allows them to spread their criminal operations wider through the victim’s trusted relationships and contacts.

Overall, the highly deceptive nature of the fake delivery block emails and convincingly designed phishing sites makes this scam dangerously effective. Those who fall for it risk identity theft, financial loss, and compromised personal data if action is not quickly taken.

What to Do If You Have Fallen Victim?

If you entered your email login credentials on a phishing site linked from a suspicious delivery block email, you should immediately take these steps to secure your accounts:

Reset Your Email Password

If you still have access to your email account, quickly change your password and security settings. Enable two-factor authentication if available from your email provider. Update your password to something completely new that has not been used on any other accounts. Make sure it is a strong, complex password.

Doing this will block the scammers from further accessing your email even if they have your old login details. It will disrupt any efforts to reset passwords and take over your other online accounts.

Contact Your Email Provider

If you can no longer access your email because the scammers have already changed the password, contact your email provider immediately. Reporting unauthorized access will allow them to lock down the account and assist you in regaining control of it. Provide any relevant details about the phishing scam to help track down those responsible.

Audit Linked Accounts For Unauthorized Changes

The scammers may have already accessed and changed passwords on your other online accounts tied to the compromised email. Carefully check all your accounts that use the same username and password combination. Look for any password resets, email address changes, or other suspicious alterations. Also check for new unauthorized registrations using your email address.

Tighten all account security settings and reconnect accounts to a new, secure email address not known by the scammers. Enable two-factor authentication everywhere possible for an added layer of protection.

Scan Devices For Malware Infections

The device you used to login to the phishing site and enter your account details may have been infected with malware that is tracking your online activity or keystrokes. Run full antivirus scans to check for any infections. Also change passwords again from a completely different, clean device to be safe.

Place Fraud Alerts On Your Credit Reports

One of the risks of email account compromise is identity theft. The scammers may use your personal information to open fraudulent credit in your name. Contact Equifax, Experian and TransUnion to place alerts on your credit reports. This will flag any suspicious new activity and make it harder for accounts to be opened.

Monitor Financial Accounts Closely

Keep a very close eye on all of your financial accounts for signs of unauthorized access or fraudulent transactions. Report any suspicious activity immediately to limit losses and liability. If account numbers have been exposed, request replacement cards with new card numbers.

Warn Contacts Of Potential Scam Emails From You

The scammers may use your hijacked email account to run new phishing scams targeting your contacts. Warn all your friends, family, colleagues and followers on social media that scam emails could be sent from your account. Urge them not to click any links or attachments without first confirming with you over phone that the message is safe.

Conclusion

The E-MAIL DELIVERY BLOCKED phishing scam can inflict devastating damage through stolen identities, compromised accounts, and financial fraud if action is not quickly taken. Any email claiming your account has been blocked and asking you to reactivate it via a provided link should be considered highly suspicious. Avoid clicking any links in unsolicited messages. Verify you are on a legitimate login page before entering credentials. Use unique complex passwords and multifactor authentication to lock down accounts. With proper precautions, you can protect yourself from surrendering sensitive information and accounts to email phishing scams.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Walmart Online Clearance Store Scam Websites [Explained]

Next

Is Sorcard.com Legit or Scam? The Truth Here