As if warning staff about suspicious email document attachments and links isn’t enough, now infosec pros have to tell them to watch out for suspicious voice mail attachments trying to steal passwords.

Security vendor EdgeWave said this week it has seen a “dramatic increase” in phishing email using .EML attachments, which is a file extension for an e-mail message that will have another file within it. In this campaign, the message purports to be a voicemail left on a user’s phone.

According to Bleeping Computer, which spoke to EdgeWave, these emails use subject lines such as “Voice:Message”, “Voice Delivery Report”, or “PBX Message.”

To hear the message the user has to click on a link, which brings up a box from the legitimate service called RingCentre. The link within the box entices the user to click “Listen.” If they do they are prompted to enter the password to their Microsoft Account, not once but twice — presumably to verify the password.


After entering a correct password a second time, the phishing page will play an mp3 recording of a generic voicemail, presumably to prevent people from becoming too suspicious. Also presumably, users who fall for this phishing campaign may figure it was just a wrong number.

For infosec pros, says EdgeWave, one problem is few email gateways scan EML files by default, if at all.

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
Download Now