Voicemail Phishing Scam Targets WFH Employees

Attackers have devised a new phishing campaign that distributes emails that seem to be generated by  Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings, according to Ironscales. In mid-May, Ironscales uncovered what has since evolved into a massive, global phishing trend where attackers use custom subject lines to spoof the voicemail email as if it is coming from a PBX integration. This has threatened nearly 100,000 mailboxes around the world, reaching enterprises across multiple sectors. Unlike many emails, these do not bear an actual malicious payload, which would trigger a detection, the emails can bypass secure email gateways and eludes the DMARC authentication protocol.

Subscribe
Notify of
guest

1 Expert Comment
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
June 8, 2020 10:08 am

Phishing emails with no malicious payload are rare and many would think they are instantly harmless, but some criminal campaigns are in for the long game. Many attackers use emails more deviously than simple phishing scams: tricking their victims further down the line or for social engineering purposes. Attackers are well aware that many credentials are used for multiple other logins, including for websites with valuable personal information and even private business data.

To reduce the ever-increasing risk from cybercriminals, it’s vital to make your employees aware of the threat landscape and constantly train staff. Software can help detect even the most impressive scams, but unfortunately many can still slip through the net and cause some serious damage when not flagged by technology.

Last edited 2 years ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x