Voicemail-themed phishing attacks target organisations

Cybercriminals attempt to break into Office 365 and Outlook accounts.

Voicemail-themed phishing attacks targets organisations

Have you received an email notification that there is a voicemail waiting to be listened to by you?

Maybe you would be wise to think carefully before clicking on the attachment.

As security researchers at Zscaler explain, a wave of phishing attacks posing as voicemail notifications have targeted US organisations in recent days.

Phishing email

Targeted victims include organisations working in sectors such as the military, healthcare, pharmaceuticals, manufacturing, and others. Even security software vendors found themselves being the victims of attempted attacks – as Zscaler can attest, because it was through being targeted that they found out about the campaign in the first place.

Sign up to our free newsletter.
Security news, advice, and tips.

According to the researchers, clicking on the HTML file attached to the emails initiates some obfuscated Javascript that ultimately takes the unsuspecting user to a webpage that tries to trick them into entering their Outlook or Office 365 login credentials.

Hopefully your users would think twice before entering their username and password, but I would still recommend enabling two-factor authentication to harden email account security and the use of an enterprise password manager.

Many users don’t realise that a side-benefit of password managers is that they can refuse to submit passwords into login forms if they do not determine they are on the legitimate login page for that password.

On its website, Zscaler has published a list of domains used in the attack which companies may choose to proactively block.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.