Recent Scams Article: Office 365 “New Voicemail” Attack
Due to its popularity, Microsoft’s Office 365 is often spoofed in phishing attacks. Recently, the bad guys are trying a new angle in their Office 365 phishing emails. They're sending what appears to be "New Voicemail" email notifications. The emails look legitimate, with the help of a Microsoft or Office 365 logo and details about the fake voicemail, such as the caller’s phone number and the length of the message. To increase their chances of success, the bad guys are using two different emails:
1. One email includes a fake play button with a link that you’re instructed to click on to listen to your message.
2. The other email includes an HTML attachment that you’re instructed to open to listen to your message.
If you click on the phishing link or open the HTML attachment, you’ll be redirected to a fake login page that appears to be the Microsoft Office 365 login portal. If you mistakenly enter your credentials here, they’ll be immediately stolen.
Remember the following to protect yourself from these types of attacks:
- Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from a person of an organization that you’re familiar with, the sender’s email address could be spoofed.
- If you’re already logged into your email account, you shouldn’t be prompted to log in again, this is a red flag. Before you enter sensitive information on any page, check the domain name. Make sure that the website you are on is correctly spelled and not mimicking a well known brand or company.
- Get familiar with the format of your voicemail notification emails. If you’re ever in doubt, contact the proper department in your organization before you click on any links or download attachments.