Voicemail phishing emails steal Microsoft credentials

2022-06-21 00:36

Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.

These emails were detected in May and are ongoing, according to researchers at Zscaler's ThreatLabz, and are similar to a phishing campaign launched a couple of years ago.

"Voicemail-themed phishing campaigns continue to be a successful social engineering technique for attackers since they are able to lure the victims to open the email attachments," the biz's Sudeep Singh and Rohit Hegde wrote.

The attack starts with an email that tells the targeted user they have a voicemail waiting for them that is contained in an attachment.

If the user opens the attachment, they are redirected to a credential-phishing site: a page masquerading as a legit Microsoft sign-in page.

The ThreatLabz duo cautioned users not to open email attachments sent from untrusted or unknown sources and to verify the URL in the address bar before entering credentials.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/21/phishing-voicemail-microsoft-zscaler/

#credential #email #microsoft #phishing

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		480	75	2308	5128	264	7775

News URL

Related news

Related vendor