Virtualization Technology News and Information
Article
RSS
Fraudsters Target Corporate Microsoft Accounts with Elaborate Voice Message Scam
New research from Kaspersky has uncovered a widespread malicious email campaign aimed at stealing Microsoft user account credentials allowing attackers to access private, corporate information. Executed via an elaborate spam message, these attacks target employees working for large organizations that use business messengers with a function to exchange voice messages and receive voice message notifications through corporate emails. 

As is the goal with all spam campaigns, the malicious emails are carefully designed to look and sound legitimate to corporate users. The body of the email typically contains the time the voice message was sent, its duration and a preview of the message in the form of a short phrase such as, "Just checking to remind you in regards to our..."

To listen to the message, the recipient is asked to follow what is actually a phishing link that leads to a fake authorization page of one or several popular Microsoft services such as the login page for an Outlook email client or a basic Microsoft account. Once the user's credentials are entered, malicious actors capture them and redirect their unsuspecting victim to the real voice message service for the business. This distracts users and leads them to believe the email was merely an innocent promotion of the service. 

"We've recently observed a significant increase in the number of spam attacks on the corporate sector, " said Maria Vergelis, security researcher at Kaspersky. "In most cases, they attempt to hack into employees' emails through missed or undelivered messages to access private corporate information that the accounts could reveal. Obviously, missing an important message is a constant fear for employees of large companies as it can affect vital business processes. Therefore, such attacks are likely to have a successful outcome for fraudsters. The targeted employees, afraid to lose the notification in a huge stream of business correspondence, are understandably tempted to follow malicious links and enter their data. We urge all employers to educate their teams on basic cybersecurity hygiene, to avoid becoming a victim of such scams."

To protect users and businesses from malicious email campaigns, Kaspersky recommends:

  • Always checking the link address and sender's email before clicking on anything.
  • Checking if the link address can be seen in the email and is the same as the actual hyperlink (the real address the link will take you to). This can be checked by hovering your mouse over the link.
  • Use a reliable security solution with behavior-based anti-phishing technologies, such as Kaspersky Total Security, to detect and block both spam and phishing attacks, and initiation of malicious files.

Read the full text of the report on Kaspersky Daily.

Published Thursday, September 26, 2019 8:58 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<September 2019>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345