Security News > 2022 > June > Voicemail phishing emails steal Microsoft credentials
Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.
These emails were detected in May and are ongoing, according to researchers at Zscaler's ThreatLabz, and are similar to a phishing campaign launched a couple of years ago.
"Voicemail-themed phishing campaigns continue to be a successful social engineering technique for attackers since they are able to lure the victims to open the email attachments," the biz's Sudeep Singh and Rohit Hegde wrote.
The attack starts with an email that tells the targeted user they have a voicemail waiting for them that is contained in an attachment.
If the user opens the attachment, they are redirected to a credential-phishing site: a page masquerading as a legit Microsoft sign-in page.
The ThreatLabz duo cautioned users not to open email attachments sent from untrusted or unknown sources and to verify the URL in the address bar before entering credentials.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/21/phishing-voicemail-microsoft-zscaler/
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- European companies hit with effective DocuSign-themed phishing emails (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)