These fake voicemail phishing emails want to steal your passwords

Image: Getty/Alexander Spatari

Criminals are targeting people in US military and tech organizations with so-called “vishing”, where supposed links to voicemail dupe victims into revealing credentials for Microsoft Office 365 software and Outlook email accounts.   

Vishing isn’t a new threat: the FBI raised an alarm about it in mid-2020 but it was spotlighted by Interpol this week as a growing threat when it announced arrests of 2,000 people accused of online fraud, including the lucrative category of business email compromise (BEC).  

According to US security firm Zscaler, there has been a resurgence in vishing since May that’s targeting employees in software security, US military, security solution providers, healthcare and pharmaceutical, and the manufacturing supply chain. 

“The goal of the threat actor is to steal credentials of Office365 and Outlook accounts,” says Zscaler’s Sudeep Singh.    

Attackers are sending email with voicemail notifications that advise them of a missed voicemail which prompts them to open an attachment from the web. 

Many people don’t check voicemail, but voice messages on WhatsApp and LinkedIn have been a thing for several years, so it can be an effective way to trick users into clicking a link in an email. 

Of course, there is no

Read More: