McAfee researchers have uncovered a phishing campaign that targets major enterprises with fake voicemail messages. Since the targeted individuals include company executives, the researchers suggest that the the attack could be considered “whaling.”
The phishing emails impersonate Microsoft and inform users about a missed call. The message includes an HTML file that redirects victims to a website where a seemingly truncated fake voicemail message starts playing. Users are told to enter their login details in order to access the message while their voice message is being ‘fetched.’ If victims enter their login credentials, they are redirected to the actual Office.com login page. Of course by then, the attackers have already harvested their password. The researchers point out that “what sets this phishing campaign apart from others is the fact that it incorporates audio to create a sense of urgency which, in turn, prompts victims to access the malicious link.”
Read more: Office 365 users targeted with fake voicemail alerts in suspected whaling campaign