New Office 365 Phishing Scam Leaves A Voicemail

  /     /     /  
Publicated : 23/11/2024   Category : security


New Office 365 Phishing Scam Leaves A Voicemail


A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.



A new Office 365 phishing campaign delivers a fake voicemail message to redirect victims to a Web page that prompts them to enter login credentials, McAfee researchers discovered.
Researchers initially thought one phishing kit was being used to steal users data; however, an investigation revealed three separate kits and proof of several high-profile companies targeted.
The attack starts with an email informing victims they missed a phone call and instructing them to log into their accounts to access a voicemail. When they load the attached HTML file, it redirects them to a phishing website. Researchers note this attachment varies; in most recent attacks, it contains an audio recording disguised to sound like the beginning of a real voicemail.
When redirected, victims sees a phishing page prompting them to log into their Microsoft accounts. The page is prepopulated with their email addresses, researchers say, a tactic intended to make the scam seem legitimate. Victims who enter their passwords are sent to another page saying the account was successfully confirmed before theyre redirected to the Office login page.
Researchers were surprised to see three phishing kits used in this attack and say they are almost identical. They differentiated the kits by analyzing the generated HTML code and parameters accepted by the PHP script. Attackers are primarily after the service industry (18%), followed by finance (12%), IT services (12%), retail (10%), and insurance (9%). A wide range of employees were targeted, they report, from middle management to executive staff.
Read more details
here
.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for 
more information
 and, to register, 
here
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Office 365 Phishing Scam Leaves A Voicemail