Researchers at Zscaler warn of an ongoing phishing campaign targeting executives with fake voicemail notifications. More than half of the phishing emails have targeted organizations’ vice presidents or managing directors.
“ThreatLabZ, the Zscaler threat research team, recently observed a new series of Microsoft-themed phishing attacks aimed at senior-level employees at multiple organizations,” the researchers write. “The Zscaler cloud has blocked over 2,500 of these phishing attempts over the last three months. The attack is notable for its targeted aim at senior business leaders with titles such as Vice President and Managing Director who are likely to have a higher degree of access to sensitive company data. The aim of these campaigns is to steal these victims’ login credentials to allow threat actors access to valuable company assets. Attacks have been spread across a range of industries, with the heaviest activity in the banking and IT sectors.”
Interestingly, the phishing links send the victims to a phony reCAPTCHA page to add legitimacy to the campaign, only then forwarding them to a credential harvesting login portal. After entering the credentials, the victim will be presented with a short, fake voicemail.
“In these attacks, victims receive what appear to be automated emails from their unified communications tools indicating that they have a voicemail attachment,” Zscaler says. “When they click the attachment, victims encounter a fake Google reCAPTCHA screen, and then are directed to what appears to be a Microsoft login screen, allowing threat actors to steal their login credentials. The phishing pages are hosted by using .xyz, .club and .online generic top level domains (TLDs).”
Observant users would be able to avoid falling for this attack by recognizing the phony URLs or by being wary of suspicious, unsolicited emails that tried to get them to click on a link. New-school security awareness training can help your employees recognize and thwart phishing attacks.
Zscaler has the story.