Corporate Active Spoofing Attack Mimicks MailChannels Cloud Bounce Messages By Ken Simpson | 2 minute read Cybercriminals caught impersonating MailChannels with fake email bounce messages. When an email message can’t be delivered to its recipient, the mail server generates a so-called “bounce” message that is delivered back to the original sender to let them know about the delivery failure. In an effort to be friendlier to our end users, MailChannels Cloud generates helpful, graphical bounce messages with a big green button the end user can click on to learn more about why the message was not delivered. A sample bounce message is shown below: Recently, we have been getting reports of fake MailChannels Cloud bounce messages, delivered to email recipients in an attempt to get them to click a fake green button, which takes their web browser to an unsafe location on the web. Here’s a recent sample of such a fake message: (note: original email addresses have been blanked out for privacy reasons) If you receive an email message that looks like it came from MailChannels, you can verify whether it’s really us in one of the following ways: 1. MailChannels Cloud always delivers bounce messages from the domain “relay.mailchannels.net”.2. Messages sent from MailChannels Cloud are always sent from IP addresses that can be verified against the SPF record for relay.mailchannels.net.3. Before clicking on a link in a message that you think came from us, verify that the URL starts with “https://console.mailchannels.net”. If the bounce message does not have all of these characteristics, then it’s probably a fake. Feel free to report fakes to us by forwarding bounce messages to firstname.lastname@example.org. A real human will review your submission with gratitude.