Security News > 2022 > June > Targeted voicemail phishing attacks hits specific US industries’ verticals

Email phishing campaigns are regularly hitting organizations in the U.S., but voicemail phishing is less common.

Once the user has entered the correct captcha information, they are shown the final content, which is an Office 365 phishing page.

The researchers have collected URLs related to that phishing campaign in their telemetry and could determine who the targeted organizations are based on the URL. They indicate that targets for this phishing campaign are organizations in the U.S. military, security software developers, security service providers, healthcare and pharmaceutical providers, and supply-chain organizations in manufacturing and shipping.

"While not a new approach, using voicemail notifications does continue to be very effective, as they tend to blend into the types of notifications that are part of our daily work. Unlike many other phishing campaigns, this one does involve more research and effort as the attacks are customized for each target. The result of a successful attack, the theft of a username and password, can be well worth the additional effort, because of the access to the email account, plus the fact that people have a tendency to reuse passwords on other systems."

"To protect against this, employees should be trained on how to spot and report phishing attacks, and how to check the browser's URL bar to ensure the website where they are entering credentials is legitimate. The use of multi-factor authentication can be very helpful in these cases as well."

How to protect yourself from targeted voicemail phishing.

News URL

https://www.techrepublic.com/article/targeted-voicemail-phishing-attacks/