With cyber criminals finding varied means to discover our online passwords, we should not be surprised when they come up with another novel tactic for breaching our defences.
Researchers have discovered a new group of phishing emails that are being sent to personal and work email addresses with an attached voicemail file.
It looks like a normal email from a well-known telecoms company, but includes an attachment that looks like a sound file. However, it just opens a web page for you to preview, list or save the audio file to your computer.
When you visit the site, which is a clone of the Office 365 login page, it asks for your password. Once you enter your password, it states the password is incorrect to thwart suspicious users who put in a dummy password. Anyone who then puts in their official password gives hackers access to their account.
Once they have submitted their passwords, they are directed to a web page which has a link to a sound file from a random list of individuals, mostly elderly men and women, for the user to ignore. In the user’s mind, the elderly person has made a mistake or doesn’t have the ability to use a voicemail system properly.
For businesses using Office 365, there is the option to use two-factor authentication, so users must use their email and secondary application to log into their account, but some companies may not have enabled this feature which leaves them open to risk.
This type of phishing scam is making the rounds and IT administrators are working hard to educate their staff and update firewall settings to identify the attachments.
If your IT team hasn’t enabled two-factor authentications within Office 365, then show them this blog. It may change their mind and keep your business passwords safe.
Contact me directly to find out more about Office 365, or visit our Office 365 blogs to read more articles.