"Attackers Phish Office 365 Users With Fake Voicemail Messages"

Hackers are switching it up in the execution of traditional phishing campaigns. Security researchers at McAfee Labs discovered the use of fake voicemails to trick unsuspecting users into revealing their credentials for Office 365 accounts to cybercriminals. Attackers have been sending phishing emails to mid-level managers and high-level managers in industries, including retail, healthcare, education, and transportation. These phishing emails contain Microsoft's logo and a malicious attachment that redirects victims to a phishing site at which they are told to login to access a voicemail message. The voicemail played to victims is said to sound legitimate. The McAfee researchers also found that these attacks are being executed through the use of three different phishing kits, available to cybercriminals via the dark web. This article continues to discuss how the new campaign works, the use of phishing kits to launch the attacks, why Office 365 users are attractive targets for phishers, and mitigation fake voicemail phishing.

CSO Online reports "Attackers Phish Office 365 Users With Fake Voicemail Messages"