Don’t Fall for Phishing Scams: Hackers Use Voicemail Notifications to Infiltrate Systems

FrogViews are Leapfrog’s top takeaways from the most informative articles on IT trends.

Hackers continuously search for creative ways to infiltrate company computers, and phishing is one of the most successful methods.

Recently, cybercriminals have begun using phishing emails disguised as voicemail notifications to bypass organizations’ security measures and steal user Microsoft 365 and Outlook credentials. Efforts target companies across numerous sectors, including government, software security, healthcare, pharmaceuticals, and manufacturing and shipping supply chains.

It works like this: Someone receives an email with a message telling them they have an unchecked voicemail, which is conveniently included in the email as an attachment. The email, which appears to be coming from inside the user’s company, seems legitimate. When the person opens the attachment, it leads to what looks like a Microsoft sign-in page that the user needs to complete with their username and password to receive the message.

Hackers are targeting Microsoft 365 and Outlook accounts because they offer valuable information that can lead to devastating attacks. Cybercriminals leverage these tactics to deploy malware and ransomware, install crypto miners, and commit other crimes.

Phishing is still on the rise after having reached new heights during the COVID-19 pandemic in 2020 and 2021 as many companies pivoted to remote models where employees worked from home. According to the FBI, phishing and similar cybercrimes in the U.S., including “vishing” (video phishing) and “smishing” (using texts), doubled to more than 241,000 in 2020 and increased to nearly 324,000 last year.

While there’s not an easy technology solution that can completely eliminate phishing, continual training and good detection systems are the best weapons to fight it. Leapfrog’s security management methodology and advanced tools like EDR protect our clients’ IT environments at every level — including user devices, cloud platforms, networks, and more — and our partners provide comprehensive security awareness training.