Designed to get readers to click on a link and provide personal information, phishing emails draw people in by making them believe their online security has already been compromised or that their name is/ was mentioned somewhere on the internet. Research shows that phishing scams made to look like LinkedIn communication are clicked more than any other type of scam email. Voice message emails only account for 9% of phishing scam clicks right now, but they are becoming more common, so that percentage is likely to rise.
What Is a Voicemail Phishing Email?
A voicemail phishing scam focuses on people who have business voicemail accounts. These days, many people have their company voicemails set up to forward to their email accounts, preventing them from missing important calls. Unfortunately, scammers caught on to the potential for pulling important information by disguising themselves as these voicemails.
A voicemail phishing email has a subject such as “Voice: Message” or “PBX Message.” When you open the email, an attachment of another email is included. This helps the phisher get through your security scanners. The email appears to be from a legitimate voicemail vendor in collaboration with another big company, such as Microsoft. When you click the link to listen to the voicemail, it takes you to a fake Microsoft login page. Once you log in, you hear a generic voicemail. This makes it all seem legitimate and won’t alert many people to it being a scam.
Other Voicemail Phishing Scams to Watch Out For
The Microsoft phishing scam isn’t the only one making the rounds. Back in April, a scam that claimed to be a voice message from WhatsApp was spotted in Ireland and expected to make its way to the United States. Clicking its link downloads a trojan that was first discovered in 2016 but has been modified to work with today’s scams.
Another voicemail phishing scam came onto the radar in June. This one contains a link to download a voicemail. When the user clicks the link, it goes to SharePoint phishing site that has a PDF file embedded in it. More false links then go to another page, which could look like a spoofed Microsoft OneDrive account, a Chase Bank account, or any number of other legitimate businesses. In addition to stealing logins, this method takes the user through an actual voice-to-email service’s website, which may allow the phisher to collect a commission for providing traffic as well.
Finally, a more recent version looks like a voicemail from a client or coworker. The email is really a phish from a ransomware strain known for experimenting with text-to-speech. Cerber ransomware contains a .zip file that is meant to include a .wav file in its folder. The reality is the program sets up HTML-formatted ransom notes as folders or on your desktop wallpaper that tell you what to do to save your information.
How to Protect Yourself
The biggest way to protect yourself is to avoid clicking any link. Whether it’s a PayPal link or one for a social media account, go to the website and log in from there. If the email was real, most websites will provide the same information as a notification when you log in.
It is also important to educate your employees or anyone else who has access to your business emails or information. Security awareness training, more innovative security technology, and allowing users to report suspicious emails are all necessary for the proactive prevention of falling victim to a phishing scam. Taking these steps will further ensure your company’s security as you do business via the internet.