Voicemail Phishing Scam Targets WFH Employees

Attackers have devised a new phishing campaign that distributes emails that seem to be generated by  Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings, according to Ironscales. In mid-May, Ironscales uncovered what has since evolved into a massive, global phishing trend where attackers use custom subject lines to spoof the voicemail email as if it is coming from a PBX integration. This has threatened nearly 100,000 mailboxes around the world, reaching enterprises across multiple sectors. Unlike many emails, these do not bear an actual malicious payload, which would trigger a detection, the emails can bypass secure email gateways and eludes the DMARC authentication protocol.


EXPERTS COMMENTS
Jake Moore, Cybersecurity Specialist,  ESET
June 08, 2020
Attackers are well aware that many credentials are used for multiple other logins.
Phishing emails with no malicious payload are rare and many would think they are instantly harmless, but some criminal campaigns are in for the long game. Many attackers use emails more deviously than simple phishing scams: tricking their victims further down the line or for social engineering purposes. Attackers are well aware that many credentials are used for multiple other logins, including fo ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article