Microsoft 365 Credentials Targeted In Phony Voicemail Campaign

A new phishing campaign targeting the U.S. military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors has been stealing Microsoft Office 365 and Outlook credentials.

The threat actor behind this operation uses fake voicemail notifications to lure victims into opening a malicious HTML attachment.

As per researchers at cloud security firm ZScaler, this newly discovered campaign shares tactics, techniques, and procedures (TTPs) with a similar operation that came out in mid-2020.

The cybercriminals use Japanese email services to route their messages and spoof the sender’s address, making them appear legitimate.

The email has an HTML attachment that is named with a music note character to make it seem as if the file is a sound clip. In reality, the file contains obfuscated JavaScript code that leads the victim to a phishing site.

The redirection process initially leads the victim to a CAPTCHA check, which increases the illusion of legitimacy for the victims. Once the user finishes this step, they are redirected to a legitimate-looking phishing page that steals Microsoft Office 365 credentials.

Vigilant users would notice that the domain of the login page is not from Microsoft nor their organization’s and is one of the following:

  • briccorp[.]com
  • bajafulfillrnent[.]com
  • bpirninerals[.]com
  • lovitafood-tw[.]com
  • dorrngroup[.]com
  • lacotechs[.]com
  • brenthavenhg[.]com
  • spasfetech[.]com
  • mordematx[.]com
  • antarnex[.]com

Hence, users should always check and confirm that they are on a real login portal and not a phony one before they begin to enter their credentials

Voicemail-themed phishing via HTML attachments has been used since 2019, but it still manages to victimize careless users.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web