Security News > 2022 > June > Targeted voicemail phishing attacks hits specific US industries’ verticals

Email phishing campaigns are regularly hitting organizations in the U.S., but voicemail phishing is less common.
Once the user has entered the correct captcha information, they are shown the final content, which is an Office 365 phishing page.
The researchers have collected URLs related to that phishing campaign in their telemetry and could determine who the targeted organizations are based on the URL. They indicate that targets for this phishing campaign are organizations in the U.S. military, security software developers, security service providers, healthcare and pharmaceutical providers, and supply-chain organizations in manufacturing and shipping.
"While not a new approach, using voicemail notifications does continue to be very effective, as they tend to blend into the types of notifications that are part of our daily work. Unlike many other phishing campaigns, this one does involve more research and effort as the attacks are customized for each target. The result of a successful attack, the theft of a username and password, can be well worth the additional effort, because of the access to the email account, plus the fact that people have a tendency to reuse passwords on other systems."
"To protect against this, employees should be trained on how to spot and report phishing attacks, and how to check the browser's URL bar to ensure the website where they are entering credentials is legitimate. The use of multi-factor authentication can be very helpful in these cases as well."
How to protect yourself from targeted voicemail phishing.
News URL
https://www.techrepublic.com/article/targeted-voicemail-phishing-attacks/
Related news
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- US cities warn of wave of unpaid parking phishing texts (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)