publishing date icon
January 31, 2023
read time icon
5 min. read

Fake voicemail notification phishing scam

Author image
Threat Analyst Team
Post hero image

Table of contents

share this post

Phishing attacks are becoming more sophisticated and harder to detect. One devious way to trick unsuspecting targets is to send fake voicemail notifications. Attackers mimic real voicemail notifications, which usually include a .mp3 file attachment, but replace them with a .html attachment that is actually a credential harvester.

The harvester page is designed to look like the Microsoft login page, complete with the company logo and a convincing message that appears to be a normal voicemail notification. The message includes a transcription of the audio and mentions a full transcription being attached. However, the attached .html file is actually a trap to steal your personal information.

Additionally, the message included a phone number, which could be a fake number or a secondary payload for vishing purposes. It is important to be vigilant and verify the sender of the voicemail notification to ensure it is from your actual voicemail provider. If the attachment is not a .mp3 file, be wary as it could contain a malicious payload.

Off the hook

To stay safe from these types of phishing attacks, it is crucial to verify the sender of the email and the type of attachment before clicking on any links or downloading any files. Be mindful of unexpected voicemail notifications and always take extra caution when handling sensitive information.

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.