Office 365 phishing using fake voicemail messages

Office 365

An email requesting people listen to a voicemail recording is being used to bypass Microsoft’s protection and compromise their Office 365 account. The email avoids normal detection by attaching an audio file (disguised as a htm file) to the email. If opened, it will then redirect to a fake Office 365 login page. If the user enters their login details, cyber attacks will be able to steal personal information and take control of the users account.

How does the phishing attack work?

Firstly, the user receives an email that appears to show that you have received a new voicemail. The email will contain an audio attachment:
Office365 phishing email

If the attachment is opened, it will present an audio play dialogue box like this:

Office365 phishing audio play box

After clicking the play button, you will be redirected to a page that imitates the Microsoft Office 365 login page asking for your username and password:

Microsoft Sign In Box

If the user types in their username and password, this information will be captured and used by the attacker to control the user account and launch a range of cyber attacks against the user or organization.

What to do if my account has been compromised?

If you have opened the attachment and entered login information, you must assume that your account has been compromised and begin changing your password. We also recommend the following mitigation strategies:

  • Use a different password for each of your online accounts.
  • Make sure your passwords are long, strong and unique.
  • Keep your passwords safe, Try using a password manager such as BitWarden.
  • Enable two factor authentication on your account.
Scroll to Top