Recent Posts

Recent Blog Posts

The PhishLabs Blog

COVID-19 Phishing Update: Voicemail Attacks Surface Targeting Office 365 Users

Posted by Jessica Ellis on Apr 17, '20

Cyber criminals are using coronavirus-themed voicemail notifications in the latest efforts to act on pandemic fears and steal credentials. The example below shows how they are doing it.

 

We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic.

 Docuphish Missed Call

 

The attachment uses a naming convention similar to that of a global carrier to impersonate an audio file: ATT30406.

 

The .htm file serves two purposes for the threat actor. First, it hides a link that otherwise might be quickly flagged by security teams as suspicious. Secondly, it supports the expectation that voicemails are usually received as attachments.

 

URL: hXXps://firebasestorage.googleapis[dot[com/v0/b/kkjdodosos.appspot.com/o/ind2.html?alt=media&token=75ebe031-afff-48b4-b69e-22a2e15b93a7#{redacted}@{redacted}(dot).com.

 

0365 vishing attachment

 

When the end user clicks the file, they are directed to a Microsoft Office 365 (O365) phishing page requiring login credentials. 

 

Scammers are capitalizing on the coronavirus crisis through a variety of methods, and it is proving to be costly for Americans. A bogus audio file referencing the virus is just another channel threat actors are repurposing to effectively execute their campaigns. 


 For more intelligence on COVID-19 threats, see our ongoing coverage.

 

Additional Resources:

Topics: COVID-19

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all