Have you received an email notification that there is a voicemail waiting to be listened to by you?
Maybe you would be wise to think carefully before clicking on the attachment.
As security researchers at Zscaler explain, a wave of phishing attacks posing as voicemail notifications have targeted US organisations in recent days.
Targeted victims include organisations working in sectors such as the military, healthcare, pharmaceuticals, manufacturing, and others. Even security software vendors found themselves being the victims of attempted attacks – as Zscaler can attest, because it was through being targeted that they found out about the campaign in the first place.
Hopefully your users would think twice before entering their username and password, but I would still recommend enabling two-factor authentication to harden email account security and the use of an enterprise password manager.
Many users don’t realise that a side-benefit of password managers is that they can refuse to submit passwords into login forms if they do not determine they are on the legitimate login page for that password.
On its website, Zscaler has published a list of domains used in the attack which companies may choose to proactively block.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.