• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Attacker’s phish Office 365 users with fake voicemail messages

Avatar

By Robert Roohparvar | At November 3, 2019

November 3, 2019

Attacker’s phish Office 365 users with fake voicemail messages

The cybercriminal is targeting office 365 constantly as they can get access to high-value company data and systems. The attackers have used a new game to attack office 365 by using an audio file hidden as a voicemail to trick the user and their password.

Office 365 observed the campaign over the past few weeks, and the targeted organization were finance, IT, retail, insurance, manufacturing, infrastructure, energy, government, legal, education, healthcare, and transportation. The targeted staffs were from middle management and executive level. The security experts believe that this is a phishing and whaling campaign.

How the Office 365 phishing campaign works

The recent target was made through an email, which contains Microsoft’s logo and informs the users that they have missed a call from a particular phone number. The email also includes the caller ID, date, call duration, organization name, and reference number.

The message, if opened, redirects the users to a phishing site and asks them to login the account to access the voicemail. During the process, a video is played on the site, which tricks the victim in believing that they are listening to a legitimate voicemail.

After playing the audio, the victims are directed to a rouge website, which mimics to office 365 login pages. Once the victim visits the website, the email address is pre-populated to add to the attack’s credibility. After entering the password, the victim receives a successful login message and redirect to office.com.

Commercial phishing kits used

According to research, it was concluded that the cybercriminals are using three different phishing tools or equipment. These kits are easily available in the underground market and are specially designed for phishing attacks. The popular among them is voicemail Scmpage 2019.

Impact and mitigation for fake voicemail phishing

The indicators for these phishing attempts are that the email has attachments which follow the formats like DD-Month-YYYY wav.html, Voice-DD-MonthYYYYwav.htm or Audio_Telephone_MessageDD-Month-YYYY.wav.html. The website that hosts the fake voicemail pages appear to have randomly generated names.

The cybercriminal used compromised Office 365 credentials because they can get access to a wide range of data and information through a single Microsoft account. The attackers also use the compromised account to trick the employees by pretending to be a senior staff from the same firm. They use it to perform specific actions that result in a financial loss for the company.

Filed Under: Cyber security news, Cyber security threats

Primary Sidebar

Archives

  • [+]Cloud security (9)
  • [+]Compliance (16)
  • [—]Cyber security news (57)
    • 03 security concerns for low-code and no-code development
    • 04 ways to improve your security posture in 2020
    • 05 ways malware can bypass endpoint protection
    • 2020: The year that cybersecurity went from reactive to proactive
    • 3 Huge Cyberattacks Show the True Extent of Cyber Crime
    • 4 Cybersecurity trends in 2019
    • 4 Reasons why website security is important
    • 5 Methods to Make Customer Experience Safer
    • All About Data Repository
    • Attacker’s phish Office 365 users with fake voicemail messages
    • Changing Trends in Cybersecurity Training
    • Common types of cybersecurity threats
    • Coronavirus Used to Spread Malware
    • Cybercrime economy is worth $1.5 trillion in illegal profits: study
    • Cybersecurity challenges for small businesses
    • Cybersecurity in the Aviation Industry
    • Cybersecurity: Guiding Principles for Board of Directors
    • Everything You Need to Know About Brute Force Attacks
    • Five experimental cybersecurity trends your business needs to know about
    • Four major data breaches 2018
    • Four significant changes coming to cybersecurity in 2020 and beyond
    • Hackers are using famous file sharing services to hack email accounts
    • History of Cybersecurity and Hacking
    • Hostinger suffers from data breach and resets password for 14 million users
    • How AI can help you stay ahead of cybersecurity threats
    • How Cybersecurity Makes Journalism Safer
    • How does spyware work?
    • Measures taken by WhatsApp to avoid spam
    • One in three organizations suffered data breaches due to mobile devices
    • Predictions of Future Cybersecurity Trends in 2020 and Onwards
    • Protect backup from ransomware attacks and recover safely
    • Qbot Banking Malware is back with a new version
    • School Re-Openings Disturbed by Ransomware Attacks
    • The 4 biggest ransomware attacks of the last five years
    • The Post-COVID Situation for Small Business Cybersecurity
    • The rise of cryptojacking
    • The shortcomings of centralized server architecture
    • The Top 5 Cyber Security Breaches of 2017
    • Three trends shaking up multi-factor authentication
    • Top five cybersecurity predictions for 2019
    • Two in three businesses faced insider attacks in 2020
    • Two-factor authentication explained
    • Unsecure Server Compromises 350 Million Emails
    • US insurance company has customer data leaked on a forum
    • US-based auto parts distributor has sensitive data leaked by cybercriminals
    • Use of OSINT tools for security and their functions
    • What is Encryption and its common types
    • What is information security? Definition, principles, and policies
    • What is Magecart? How it works and how to prevent it?
    • What is Typosquatting and How to Stay Safe
    • Which Industries at Higher Risk of Cyber Attacks in 2021
    • Why 2021 Could Witness an Outbreak of Ransomware Attacks
    • Why Cybersecurity Has to Be a CEO Level Matter
    • Why Cybersecurity is the Answer for the Sharing Economy?
    • Why You Should be Concerned About How Phishing Attacks are Evolving
    • Will 5G improve mobile security?
    • World’s largest data breaches
  • [—]Cyber security threats (139)
    • 03 cyber threats expected to grow in 2020
    • 03 dangerous security assumptions to avoid
    • 04 top cloud security threats
    • 05 common social engineering tactics
    • 05 most common ways criminals scam you through social engineering
    • 05 signs that show you have been hacked
    • 05 ways malware can bypass endpoint protection
    • 06 ways to protect yourself against cybercrime
    • 07 benefits of cybersecurity awareness training
    • 09 Cybersecurity Threats to Watch Out For in 2019
    • 3 Huge Cyberattacks Show the True Extent of Cyber Crime
    • 3 Reasons Why Cybersecurity is More Important Than Ever
    • 3 ways to kick-start your organization's cybersecurity training
    • 3 ways to protect your business from ransomware attacks
    • 4 Cybersecurity trends in 2019
    • 4 Reasons why website security is important
    • 4 ways to build a strong security culture
    • 4 Ways to Effectively Protect Your Organization Against Data Breaches
    • 5 Cyber Security Tips Every Small Business Owner Needs to Know
    • 5 Cybersecurity Measures Every Small Business Should Take This Year
    • 5 hard truths every CISO should know
    • 5 Industries That Top the Hit List of Cyber Criminals in 2017
    • 5 Methods to Make Customer Experience Safer
    • 5 Misconceptions About Cyber-Security
    • 5 myths CEOs believe about cybersecurity
    • 5 Tips for Kickstarting Your Cyber Security Program
    • 5 ways to control cybersecurity burnout
    • All About Data Repository
    • All about ransomware
    • All about social engineering
    • Are all Bluetooth security device secure?
    • Attacker’s phish Office 365 users with fake voicemail messages
    • Can Smart Cities be Hacked?
    • Changing Trends in Cybersecurity Training
    • Common types of cyber scams and how to avoid them
    • Common types of cybersecurity threats
    • Common Types of Phishing Attacks
    • Credential Stuffing: The Newest Cybersecurity Threat
    • Cybercrime during COVID-19: 5 things every CISO needs to know
    • Cybercrime economy is worth $1.5 trillion in illegal profits: study
    • Cybercrooks increasingly targeting smart home devices
    • Cybersecurity and how to protect a company
    • Cybersecurity challenges for small businesses
    • Cybersecurity in the Aviation Industry
    • Cybersecurity: Guiding Principles for Board of Directors
    • Developing Cybersecurity in Medical Devices
    • Developing Cybersecurity in Medical Devices
    • Did COVID-19 Pandemic Increase Cybersecurity Threats?
    • Elements of cybersecurity
    • Emerging cybersecurity threats to businesses
    • Everything You Need to Know About Brute Force Attacks
    • Five social engineering tricks and tactics employees still fall for
    • Four biggest healthcare security threats for 2020
    • Four questions to answer before paying a ransomware demand
    • Four significant changes coming to cybersecurity in 2020 and beyond
    • Hackers are using famous file sharing services to hack email accounts
    • History of Cybersecurity and Hacking
    • How Can a Cyber Security Service Help Secure Your Organization
    • How Cybersecurity Makes Journalism Safer
    • How do I protect myself from ransomware?
    • How does spyware work?
    • How much does it cost to launch a cyberattack?
    • How New Technologies Affect Cyber Security
    • How Security Updates Can Save You From Targeted Cyber Attacks
    • How to Alleviate Third Party Cyber Security Risks
    • How to detect and prevent crypto mining malware
    • How to Find the Best Cyber Security Consulting Company
    • How To Identify Hoax Emails
    • How to Make an Incident Response Plan
    • How to prevent, detect and defend against Credential stuffing
    • How to secure server-less apps
    • How To Secure Your Systems With Anti-Malware and Host Intrusion Prevention
    • Importance of Cybersecurity In Wake of the Rising Challenges
    • Important building blocks of a robust cybersecurity and common cyber threats
    • Important Steps Board of Directors Should Take to Reduce Cybersecurity Risks
    • Information Security Governance Best Practices
    • IoT – The New Soft Spot for Attackers
    • Is Quantum Internet Impervious to Cyber Breaches?
    • Is Your Small Business Safe From Cyber Attacks?
    • LinkedIn Scams: Still the Most Popular Form of Phishing
    • Malware - The Lingering Cybersecurity Threat
    • Malware and ways of detecting them
    • Newsletter: Law Firms and Cyber Ransom
    • One in three organizations suffered data breaches due to mobile devices
    • Penetration Testing and Its Advantages
    • Petya ransomware and NotPetya malware
    • Predictions for the Cybersecurity Landscape of 2018
    • Predictions of Future Cybersecurity Trends in 2020 and Onwards
    • Protect backup from ransomware attacks and recover safely
    • Reasons Why Cloud Security is Critical to Your Organization
    • Reasons Why Law Firms Need Foolproof Cyber Security
    • Retail Industry Faces a Challenging Cyber Threat Landscape
    • School Re-Openings Disturbed by Ransomware Attacks
    • Security Best Practices for Collaboration Platforms
    • Smishing and vishing: How these cyber attacks work and how to prevent them
    • Steps for building an effective incident response plan
    • Steps to securely shutting down business units
    • System Hardening and Cyber Security
    • The 4 biggest ransomware attacks of the last five years
    • The 5 Most Dangerous Types of Malware to Be Cautious of in 2020
    • The 5 types of cyber-attack you're likely to face in 2020
    • The 8 Best Cybersecurity Strategies for Small Businesses in 2021
    • The common types of cyber attacks
    • The Importance of Cyber Resilience in Cyber Security
    • The Increasing Risk of Ransomware Attacks
    • The Post-COVID Situation for Small Business Cybersecurity
    • The Risk of Insider Threat to Financial Services Organizations
    • The shortcomings of centralized server architecture
    • The three pillars of cybersecurity
    • The Top Cyber Security Threats Law Firms Will Face in 2019
    • Three signs you're socially engineered
    • Three ways to protect your supply chain from Cyber-Attack
    • Tips to optimize your VPN security
    • To Outsource or Not to Outsource Cyber Security
    • Top 3 Criminal Methods of Using Artificial Intelligence for Cyber Attacks
    • Top 3 Methods Cyber Criminals Are Using Artificial Intelligence
    • Top Cybersecurity Myths Busted
    • Two in three businesses faced insider attacks in 2020
    • Vishing, its Techniques and How to Prevent it
    • What Is a Backdoor Attack?
    • What is Botnet and how to prevent Botnet attack
    • What is Malware and Types of Malware?
    • What is Ransomware and How to Prevent It
    • What is scam and types of scam?
    • What is SIEM software? How it works and how to choose the right tool?
    • What is Smishing and How to Avoid it
    • What is spyware and its types?
    • What is the incident response? 05 steps for building a robust IR plan
    • What is Typosquatting and How to Stay Safe
    • What is WireGuard? Secure, simple VPN still in development
    • Which Industries at Higher Risk of Cyber Attacks in 2021
    • Who is a target for ransomware attacks?
    • Why 2021 Could Witness an Outbreak of Ransomware Attacks
    • Why Cybersecurity Has to Be a CEO Level Matter
    • Why Cybersecurity is the Answer for the Sharing Economy?
    • Why Is Cyber-Security So Important to the Healthcare Industry
    • Why You Should be Concerned About How Phishing Attacks are Evolving
    • World’s largest data breaches
    • Worms – The New Cyber Security Threat
  • [+]Cyber security tips (148)
  • [+]E-Commerce cyber security (3)
  • [+]Enterprise cyber security (3)
  • [+]Financial organizations cyber security (2)
  • [+]General (29)
  • [+]Government cyber security (2)
  • [+]Healthcare cyber security (2)
  • [+]Law Firms Cyber Security (1)
  • [+]Network security (3)
  • [+]Newsletter (1)
  • [+]Ransomware (4)
  • [+]Risk assessment and management (3)
  • [+]Security management and governance (7)
  • [+]System security (3)
  • [+]Uncategorized (15)
  • [+]Vendor security (4)

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (833) 899-8686

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • Why 2021 Could Witness an Outbreak of Ransomware Attacks
  • Why You Should be Concerned About How Phishing Attacks are Evolving
  • 2020: The year that cybersecurity went from reactive to proactive

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Copyright © 2021