Date: June 22
Title: These fake voicemail phishing emails want to steal your passwords
Cyber Criminals are targeting people in US military and tech organizations with “vishing,” where supposed links to voicemail dupe victims into revealing credentials for Microsoft Office 365 software and Outlook email accounts. Since May, there has been a resurgence in vishing targeting software security employees, the US military, security solution providers, healthcare and pharmaceutical, and the manufacturing supply chain.
The goal of the threat actor is to steal credentials of Office 365 and Outlook accounts. They are sending an email with voicemail notifications that advise the target of a missed voicemail that prompts them to open an attachment from the web. Many people don’t check voicemail, but voice messages on WhatsApp and LinkedIn, have been issues for several years, so it can be an effective way to trick users into clicking a link in an email. There is no voicemail after clicking the link; instead, it leads the target to a credential phishing web page.
Solving a legitimate CAPTCHA test usually leads to a site the user intended to visit. This fake one leads to the phishing page, which attempts to steal the Office 365 credentials of the user.
The attack even uses a CAPTCHA as part of the ruse.
Voicemail-themed phishing campaigns are a successful social engineering technique for attackers since they can lure the victims into opening email attachments. Voicemail phishing works because victims still tend to click on email attachments. Attackers also use evasion tactics to bypass automated URL analysis solutions, helping the threat actor better success in stealing the users’ credentials.
What to do?
• Train your staff to be your first line of defense and not fall for the tricks.
• Do not click on email attachments without confirming the veracity
• Look for Suspicious links
• Look for Incorrect or unexpected senders
• Look for Faulty grammar or spelling
What can you do when this happens to you?
• If you find your network has been compromised, immediately shut down.
• Identify the breach and any type of virus or malware present.
• Identify any data which might have been compromised or stolen and inform appropriate parties.
• Rebuild the network from a known clean backup
These fake voicemail phishing emails want to steal your passwords | ZDNET