Voicemail Scam Steals Microsoft Credentials

Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details.

Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found.

A team from Zscaler ThreatLabZ has been monitoring a campaign since May that targets key vertical industries in the United States with “malicious voicemail-notification-themed emails in an attempt to steal their Office365 and Outlook credentials,” researchers said in a blog post published recently. Both the emails and the credential-stealing page appear to be coming from legitimate entities, tactics that aim to dupe victims into falling for the ploy, they said.

In fact, Zscaler itself was one of the organizations targeted in the campaign, which researchers said is similar to one that ThreatLabZ discovered in July 2020. This gave ThreatLabZ particular insight into how the campaign works.

Other victims of the latest campaign include organizations in specific U.S. verticals, including software security, the military, security solution providers, healthcare and pharmaceutical, and the manufacturing supply chain,

Read More: https://threatpost.com/voicemail-phishing-scam-steals-microsoft-credentials/180005/