Security News > 2022 > June > Microsoft 365 credentials targeted in new fake voicemail campaign

A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials.
The operation is ongoing and the threat actor behind it uses fake voicemail notifications to lure victims into opening a malicious HTML attachment.
In reality, the file contains obfuscated JavaScript code that takes the victim to a phishing site.
The CAPTCHA check was also used in a 2020 campaign that ZScaler's ThreatLabZ researchers analyzed and it continues to be an effective middle step that helps increase the phishing success rate.
Once the users pass this step, they are redirected to a genuine-looking phishing page that steals Microsoft Office 365 accounts.
Voicemail-themed phishing using HTML attachments has been used since at least 2019, but it is still effective, especially with careless employees.
News URL
Related news
- Microsoft 365 apps will prompt users to back up files in OneDrive (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft: Licensing issue blocks Microsoft 365 Family for some users (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Attackers phish OAuth codes, take over Microsoft 365 accounts (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)