Microsoft Office 365 Audio Voicemail Recording Phishing Campaign
Researchers discovered an uptick in phishing emails using audio voicemail messages to create a sense of urgency and targeting Microsoft Office 365 users of high-profile businesses across industries. These emails claim to come from Microsoft Office 365 as a missed call and contain an HTML file that, if clicked, will automatically play a partial voicemail recording in an embedded WAV file saying “hello.” Once the file is done playing, users will be redirected to a fraudulent generic Microsoft landing page that prompts the target to enter their Microsoft login credentials in order to hear the full recording. If entered, the victim is redirected to office.com and their credentials are sent to the malicious actor. The NJCCIC recommends users avoid clicking on links and opening attachments within unsolicited or unexpected emails, even those appearing to be from known senders. Users are advised to, instead, navigate to websites by manually typing the URL into the address bar of their browser. Microsoft login forms will be on microsoft.com, live.com, microsoftonline.com, and outlook.com domains only. If the user is uncertain of the email’s legitimacy, contact the sender via an alternate method. We advise enterprises to block HTML and HTM files at the email gateway level and mandate the use of multi-factor authentication to prevent account compromise via credential theft. Additional details may be found in the Bleeping Computer post.