New phishing scam uses audio voicemail recordings

By PrivSec Report2019-10-31T11:43:00+00:00

No comments

Researchers have observed a new phishing campaign using a fake voicemail message to lure victims into entering their Microsoft Office 365 credentials.

Researchers from McAfee Labs detected an increase in the usage of phishing kits targeting Microsoft Office 365 credentials.

In the campaign, an email is sent, pretending to be from Microsoft Office 365 claiming that a call was missed and that the caller left a voicemail.

Attached to the email is an HTML attachment, which when opened will automatically play an audio recording which only plays a partial voicemail saying hello.

After the audio file finishes playing, the user is redirected to a generic Microsoft landing page – whereby the user is prompted to login to hear the full recording. However, when the user enters their credentials they are redirected to office.com instead of hearing a full voicemail.

At this point, the threat actors have stolen the user’s login credentials.

In their report, McAfee stated: “we were surprised to observe three different phishing kits being used to generate the malicious websites. All three look almost identical but we were able to differentiate them by looking at the generated HTML code and the parameters which were accepted by the PHP script.”

Two of the phishing kits are actively being sold on the dark web and are named “Voicemail Scmpage 2019” and “Office 365 Information Hollar”, while the third phishing kit is unnamed. McAfee observed the third unnamed kit to be the most prevalent.

The phishing emails are targeting a wide range of industries including Service (18%), Financial (12%) and IT Services (12%). The least targeted industry is Charity (1%).

The attacks are also targeting various employees, from middle management to executive level staff.

Researchers have dubbed this campaign as the “Phishing” and “Whaling” campaign.

“The goal of malicious actors is to harvest as many credentials as possible, to gain access to potentially sensitive information and open the possibility of impersonation of staff, which could be very damaging to the company. The entered credentials could also be used to access other services if the victim uses the same password, and this could leave them open to a wider of range targeted attacks.

“What sets this phishing campaign apart from others is the fact that it incorporates audio to create a sense of urgency which, in turn, prompts victims to access the malicious link. This gives the attacker the upper hand in the social engineering side of this campaign.

“We urge all our readers to be vigilant when opening emails and to never open attachments from unknown senders. We also strongly advise against using the same password for different services and, if a user believes that his/her password is compromised, it is recommended to change it as soon as possible.”

Topics

No comments

Feature
Automate and Educate at scale: Two key focuses when it comes to Vendor Risk Management

2023-09-20T16:03:00Z

According to KPMG, 73% of organisations have experienced at least one significant disruption from a third-party cyber incident within the last three years. And with breaches involving third parties costing businesses more than $4.29 million on average - investment in vendor risk frameworks is increasing at a rapid rate.
Feature
Cyber Security, is it a core part of your ESG?

2023-09-20T16:02:00Z

Let’s take a look at why cyber security is a core part of ESG.
Feature
Elevate your cybersecurity with C2 Risk

2023-09-20T15:55:00Z

Technology plays an integral role in both personal and professional aspects of our lives but the importance of robust cybersecurity cannot be overstated. With threats looming everyday, the C-Suite and organisations alike need to be proactive in securing their digital defences to protect themselves against potential risks posed by third-party suppliers.