High-value Microsoft Office 365 users are being targeted in a new phishing scam intended to compromise their login credentials. Victims of the ongoing attack have willingly given up their login info to hackers, providing direct access to business data, as well as other accounts that use the same password.
Targets receive an email informing them that they missed a phone call, with an audio excerpt of the voicemail attached. They are prompted to login and hear the full voicemail, and are directed to a fake website that collects the username and password entered.
This is a form of phishing, a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers. In this case, it’s known as “vishing”, one of the latest variants of phishing being tracked by cybersecurity professionals.
Instead of attaching malware to an email and disguising it as a PDF, cybercriminals specifically disguise it as an audio file and make it so the email appears to be from an automated voicemail service.
It all comes down to whether the target can tell it’s a phishing email or not. Learn to recognize phishing emails by these common red flags:
In the end, the key to phishing scams like this is that they don’t rely on digital security vulnerabilities or cutting-edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place.
Like this article? Check out the following blogs to learn more: