Voicemail-themed phishing attacks target organisations

Voicemail-themed phishing attacks target organisations

Voicemail-themed phishing attacks targets organisations

Have you received an email notification that there is a voicemail waiting to be listened to by you?

Maybe you would be wise to think carefully before clicking on the attachment.

As security researchers at Zscaler explain, a wave of phishing attacks posing as voicemail notifications have targeted US organisations in recent days.

Phishing email

Targeted victims include organisations working in sectors such as the military, healthcare, pharmaceuticals, manufacturing, and others. Even security software vendors found themselves being the victims of attempted attacks – as Zscaler can attest, because it was through being targeted that they found out about the campaign in the first place.

EmailSign up to our newsletter
Security news, advice, and tips.

According to the researchers, clicking on the HTML file attached to the emails initiates some obfuscated Javascript that ultimately takes the unsuspecting user to a webpage that tries to trick them into entering their Outlook or Office 365 login credentials.

Hopefully your users would think twice before entering their username and password, but I would still recommend enabling two-factor authentication to harden email account security and the use of an enterprise password manager.

Many users don’t realise that a side-benefit of password managers is that they can refuse to submit passwords into login forms if they do not determine they are on the legitimate login page for that password.

On its website, Zscaler has published a list of domains used in the attack which companies may choose to proactively block.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published.