UPDATED 21:27 EST / OCTOBER 31 2019

40032641954_1a9308b04c_c SECURITY

Office 365 phishing campaign uses fake voicemails to trick users

In an interesting twist on traditional phishing campaigns, hackers are using fake voicemails in an effort to trick users into handing over their Office 365 credentials.

First spotted and publicized Wednesday by security researchers at McAfee LLC, the phishing campaign starts with targets, usually mid- or high-level managers, receiving a legitimate-looking email saying that they have received a voice message. The email includes information such as caller ID, date, call duration, organization name and a reference number making the email look even more legitimate.

Users are then encouraged to click on an attachment to take the victim to a phishing site that tells them that Microsoft is fetching the email and to log in to access it. The surprise twist is that at this point, the phishing site plays a short audio recording of the alleged voicemail that sounds like a legitimate voicemail as a way to trick users to attempt to log in.

“What sets this phishing campaign apart from others is the fact that it incorporates audio to create a sense of urgency which, in turn, prompts victims to access the malicious link,” the researchers wrote. “This gives the attacker the upper hand in the social engineering side of this campaign.”

The researchers further found that those behind the phishing campaign were using three different kits that can be purchased on the dark web, a shady part of the internet reachable with special software. Those targeted in the campaign ranged across 15 industries, with targets in service, financial, IT services and retail leading the list.

“In light of the discovered Office 365 phishing attacks that are targeting enterprise executives, it is critical for organizations to address human error so that employees are prepared to thwart these attacks,”  Michael Madon, senior vice president and general manager of security awareness at email cloud security firm Mimecast Services Ltd., told SiliconANGLE today. “It is not a matter of if, but when, businesses will be hit.”

These business email compromise attacks are on the rise, especially those accompanied by deepfake audio, which uses AI to trick companies into negative action such as sending money to a fraudulent account, Madon explained.

“To prevent becoming the next victim, organizations should implement employee training programs so that when their email systems are targeted by fake voicemail inbounds, they are prepared,” he advised. “Employees should be hyper-aware of the potential risks of audio attachments from illegitimate domains, alerting security departments and avoiding clicking on links when received.”

Photo: thebetterday4u/Flickr

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.