Tuesday, May 17, 2022

Voicemail phishing scam goes after passwords

As if warning staff about suspicious email document attachments and links isn’t enough, now infosec pros have to tell them to watch out for suspicious voice mail attachments trying to steal passwords.

Security vendor EdgeWave said this week it has seen a “dramatic increase” in phishing email using .EML attachments, which is a file extension for an e-mail message that will have another file within it. In this campaign, the message purports to be a voicemail left on a user’s phone.

According to Bleeping Computer, which spoke to EdgeWave, these emails use subject lines such as “Voice:Message”, “Voice Delivery Report”, or “PBX Message.”

welcome-to-phishing-2019-img-1
To hear the message the user has to click on a link, which brings up a box from the legitimate service called RingCentre. The link within the box entices the user to click “Listen.” If they do they are prompted to enter the password to their Microsoft Account, not once but twice — presumably to verify the password.

welcome-to-phishing-2019-img-2

After entering a correct password a second time, the phishing page will play an mp3 recording of a generic voicemail, presumably to prevent people from becoming too suspicious. Also presumably, users who fall for this phishing campaign may figure it was just a wrong number.

For infosec pros, says EdgeWave, one problem is few email gateways scan EML files by default, if at all.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.