Forum Discussion
Can't see sender email address (Outlook web)
Unfortunately I have bad news. Scammers are taking advantage of this bug. Yesterday I got two new emails (indeed both emails were exactly the same) trying to scam me.
The procedure is similar to the TV Licensing email. This time, when I place the mouse over the email, I don't see the sender email address:
If I place the mouse over a legitimate email, I can see the sender email address:
This behaviour is different from the TV Licensing email. In the TV Licensing email I see my own email address as sender email address, while in these two new emails no email address is shown.
Moreover, if I check the message source of any of those two scamm emails, what I see is the following:
Sender: BitcoinSystem <noreply@pccomponentes.com>
To: xxxxxx@hotmail.es<xxxxxx@hotmail.es>
From: Notificación, <enzo@newsletter.spartoo.com>
Subject: xxxxxx ¡Tiene un pago agregado a su cuenta! Necesitamos una Confirmación
Date: Thu, 8 Apr 2021 16:57:19 -0400
I have replaced the first part of my email address by "xxxxxx".
Anyway, as you can see the field "Sender" tells me that the sender email address is "mailto:noreply@pccomponentes.com", however, the "From" field tells me the real sender email address which is "mailto:enzo@newsletter.spartoo.com".
Finally, I have on my phone (Android) the Outlook app installed. When I check this scam email on my phone, the thing is even worse, because the app shows "mailto:noreply@pccomponentes.com" as sender email. This email is a legitimate email from the website https://www.pccomponentes.com/. Therefore, some non-advanced users could easily fall into this scam thinking PC Componentes is really sending them an email...
Everything this is slightly different from the TV Licensing email, but the final result is pretty much the same. Hence, scammers are taking advantage of this bug and even finding more sophisticated ways to scam people.
Thankfully, I am an experienced user, but I am pretty sure that many users will be scammed.
It's been almost one year since I post this message and nobody has fixed this bug. Apparently, Microsoft doesn't care about their users security. Maybe is time to switch to another email provider...
- Hi, in this case marking the email as phishing and report ir to Microsoft doesn't help. If I do it, Microsoft may block the sender email address, but the real problem would still be there. The scammers only need a new email address to continue their work, while people will still see their own email address or a legitimate email address as the sender email address. This is the real problem here.
Moreover, in the case of the TV Licensing email, the "From" field has two email address, the scammer's one and my own email address. What would happen if I report that email to Microsoft? Would they block my email address?
By the way, since I updated this case the 9th of April, I have receive two new emails using taking advantage of the same bug.- Hi I certainly will not block your address because it will be a detailed report about the sender and it will not be what you see only the sender's IP, etc. and block this sender and from this address nothing will come to you for sure, provided that you have not given your consent in any agreement!
DeletedHi, thanks for replying, but like I said before, the problem is not one scammer email address, the problem is that Outlook has a serious security issue with this bug.
I can block the email addresses of those scammers, that's easy, but it will not fix the problem, that is only a workaround to me, but what about the other millons of Microsft users that are receiving these emails and they are not able to identify the email as phising because the sender email address is legitimate to them? This is not a solution.
By the way, on Monday I got a new scam email using the same bug, and today a new one. Different email addresses. Microsoft needs to fix this ASAP!!!!!