Kaspersky researchers have reported on a large-scale malicious email campaign, aimed at stealing Microsoft services user accounts credentials, which could allow attackers access to private corporate information, such as business correspondence. Based on an elaborate spam message, the campaign targets employees of large companies that use business messengers with a function to exchange voice messages and receive notifications of new ones via corporate email.
The body of the email typically contains the time the voice message was sent, its duration, and a preview of the message in the form of a short phrase, such as, “Just checking to remind you in regards to our…”. To listen to the message, the recipient is asked to follow what is actually a phishing link that leads to a fake authorization page of one of several popular Microsoft services. This could be the login page for an Outlook email client or a basic Microsoft account. Once the user’s credentials are entered, fraudsters capture them and redirect their unsuspecting victim to the real voice message service for the business, distracting them and leading them to believe the email was merely an innocent promotion of the service.
Malicious email sample
“We’ve recently observed a significant increase in the number of spam attacks on the corporate sector. In most cases, they attempt to hack into employees’ emails through missed or undelivered messages to access private corporate information that the accounts could reveal. Obviously, missing an important message is a constant fear for employees of large companies, as it can affect vital business processes. Therefore, such attacks are likely to have a successful outcome for fraudsters,” said Maria Vergelis, security researcher at Kaspersky.
“The targeted employees, afraid to lose the notification in a huge stream of business correspondence, are understandably tempted to follow malicious links and enter their data. We urge all employers to educate their teams on basic cybersecurity hygiene, to avoid becoming a victim of such scams,” added Vergelis.
To protect users and businesses from malicious email campaigns, Kaspersky recommends:
* Always check the link address and the sender’s email before clicking on anything
* Check if the link address can be seen in the email and is the same as the actual hyperlink (the real address which the link will take you to). This can be checked by hovering your mouse over the link
* Use a reliable security solution with behavior-based anti-phishing technologies, such as Kaspersky Total Security, to detect and block both spam and phishing attacks, and initiation of malicious files
Read the full text of the report on Kaspersky Daily: https://www.kaspersky.com/blog/fake-voicemail-spam/28727/
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.