Security News > 2022 > June > Voicemail phishing emails steal Microsoft credentials
Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.
These emails were detected in May and are ongoing, according to researchers at Zscaler's ThreatLabz, and are similar to a phishing campaign launched a couple of years ago.
"Voicemail-themed phishing campaigns continue to be a successful social engineering technique for attackers since they are able to lure the victims to open the email attachments," the biz's Sudeep Singh and Rohit Hegde wrote.
The attack starts with an email that tells the targeted user they have a voicemail waiting for them that is contained in an attachment.
If the user opens the attachment, they are redirected to a credential-phishing site: a page masquerading as a legit Microsoft sign-in page.
The ThreatLabz duo cautioned users not to open email attachments sent from untrusted or unknown sources and to verify the URL in the address bar before entering credentials.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/21/phishing-voicemail-microsoft-zscaler/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Microsoft shares temp fix for Outlook crashing when writing emails (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Phishing Emails Targeting Australian Firms Rise by 30% in 2024 (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)