By Emily Long
Gmail users on Reddit and in Google’s support pages have reported receiving repeated messages with the subject line “Delivery Status Notification (Failure)” over the last year (they’ve found their way into my inbox more frequently in recent weeks as well). Here’s how this attack works and what you need to do about it.
How mailer-daemon phishing works
Mailer-daemon is a program that manages email delivery and sends automated notifications to the sender if the message bounces—for example, if you type the address incorrectly or the recipient’s inbox is full. This is obviously a legitimate and useful service, but it can be co-opted relatively easily to trick people into clicking malicious links and compromising their information or devices.
The Gmail version of this scam comes from mailer-daemon[at]googlemail[dot]com and includes a text box at the top stating “Address not found: Your message wasn’t delivered to [your handle]@google.com because the address couldn’t be found, or is unable to receive mail.” There’s a clickable “Learn More” link as well as a link to Google support pages.
This looks pretty legit at first glance—however, your email is @gmail.com, not @google.com. Then if you scroll down, there’s likely an included image, attachment, or additional forwarded message that pretty clearly looks like spam. If you were to click anywhere or download the attachment, you could install malware on your device. You could also be taken to a spoofed page, such as the Facebook login screen, with a prompt to enter your credentials. At the very least, engaging may alert the scammers that your email address is live.
The reason this works is because of how mailer-daemon is set up. Scammers can put any address in the email header. If it’s yours, you’ll receive anything that bounces back. They could blast thousands of people with spam that appears to come from you, but this attack makes messages look like they are both to you and from you, so it could be a more targeted phishing attempt to make you believe there’s a problem with receiving mail to your inbox and that there’s something you need to do about it.
What to do if you get mailer-daemon spam
If you get failed delivery notifications, you can ignore and delete them. You can also report these emails as spam without opening them to block similar messages from reaching your inbox. Note, though, that mailer-daemon is legitimate, and you may still want to know if an email you send bounces.
As always, don’t click any links or images in the message or open any attachments in unsolicited communication.
Bad actors don’t actually need access to your account to set this up, so more than likely your account itself is safe. But you should make sure you have a strong password with multi-factor authentication or a passkey enabled for Google.
Disclaimer
The information contained in South Florida Reporter is for general information purposes only.
The South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service.
In no event shall the South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice.
The Company does not warrant that the Service is free of viruses or other harmful components
