Security News > 2022 > June > Voicemail phishing emails steal Microsoft credentials
Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.
These emails were detected in May and are ongoing, according to researchers at Zscaler's ThreatLabz, and are similar to a phishing campaign launched a couple of years ago.
"Voicemail-themed phishing campaigns continue to be a successful social engineering technique for attackers since they are able to lure the victims to open the email attachments," the biz's Sudeep Singh and Rohit Hegde wrote.
The attack starts with an email that tells the targeted user they have a voicemail waiting for them that is contained in an attachment.
If the user opens the attachment, they are redirected to a credential-phishing site: a page masquerading as a legit Microsoft sign-in page.
The ThreatLabz duo cautioned users not to open email attachments sent from untrusted or unknown sources and to verify the URL in the address bar before entering credentials.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/21/phishing-voicemail-microsoft-zscaler/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)
- Why it's time for phishing prevention to move beyond email (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)