Attackers are now phishing Office 365 login credentials with fake voicemail messages

Attackers are now phishing Office 365 login credentials with fake voicemail messages

Security researchers have found a new phishing campaign that leverages fake voicemail messages to trick victims into stealing their Office 365 email credentials.


The scam — uncovered by cybersecurity firm McAfee — made use of fraudulent email attachments, which when opened, redirected users to a phishing website that siphoned the login information with an aim to impersonate staff members and gain wider access to internal systems.

A number of employees, from middle management to executive level staff employed across different verticals such as services, finance, IT services, retail, and insurance, were targeted in what the researchers call a whaling campaign.


This can have serious consequences if the victim in question is reusing the same password, thereby leaving them open to more targeted attacks.


“The goal of malicious actors is to harvest as many credentials as possible, to gain access to potentially sensitive information and open the possibility of impersonation of staff, which could be very damaging to the company,” McAfee researchers said.


Office 365 is a line of subscription services offered by Microsoft that includes Microsoft Office as as well as cloud-based software as a service products for business environments, such as hosted Exchange Server, Skype for Business Server, and SharePoint, among others.


The attack begins with the victim receiving an email — containing an HTML file as an attachment — informing them that they have missed a phone call, along with a request to login to their acco ..

Support the originator by clicking the read the rest link below.