"These Fake Voicemail Phishing Emails Want To Steal Your Passwords"

Criminals are performing voice phishing (vishing) attacks to trick people in the US military and technology organizations into revealing credentials for Microsoft Office 365 software and Outlook email accounts. According to US security firm Zscaler, there has been a resurgence in vishing targeting employees in software security, the US military, security solution providers, healthcare and pharmaceutical, and the manufacturing supply chain to steal credentials for Office 365 and Outlook accounts. The vishing attacks involve sending an email with voicemail notifications informing targets of a missed voicemail, prompting them to open an attachment. There is no actual voicemail after clicking the link, which instead directs the target to a credential phishing web page hosted on Japanese servers. Although many people do not check voicemail, voice messages on WhatsApp and LinkedIn have been around for a while, so this can be an effective way to trick users into clicking a link in an email. This article continues to discuss findings surrounding the voicemail-themed phishing campaigns. 

ZDNet reports "These Fake Voicemail Phishing Emails Want To Steal Your Passwords"