Voicemail-themed Phishing Attacks Resurface in the US, Focus on Key Industry Verticals

To obtain Microsoft Office 365 and Outlook credentials, a new phishing operation has been targeting U.S. firms in the military, security software, manufacturing supply chain, healthcare, and pharmaceutical sectors. The operation is still active, and the attacker responsible is luring victims into opening a malicious HTML file with fake voicemail notifications.

The newly-uncovered operation, according to experts at cloud security firm ZScaler, shares tactics, methods, and processes (TTPs) with yet another campaign evaluated back in 2020.

Voicemail-themed email sent to a user at Zscaler 

Source

Threat actors employ email services in Japan to route their communications and spoof the sender’s address, trying to make the emails appear to come from an address associated with the targeted company.

The email contains an HTML file with a music note character to create the impression that the file is an audio clip. The file, in fact, includes obfuscated JavaScript code that redirects the user to a phishing website.

Email header

Source

The URL format is based on an assembly mechanism that takes into account the domain of the targeted organization to make the site appear to be a valid subdomain. The victim is first redirected to a CAPTCHA check, which is

Read More: https://heimdalsecurity.com/blog/voicemail-themed-phishing-attack-resurface-in-the-us/