{"id":7005,"date":"2019-08-19T18:52:04","date_gmt":"2019-08-19T13:22:04","guid":{"rendered":"https:\/\/www.kratikal.com\/blog\/?p=1176"},"modified":"2024-08-13T13:05:33","modified_gmt":"2024-08-13T07:35:33","slug":"attackers-fake-microsoft-voicemail-notifications-to-phish-victims","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/","title":{"rendered":"Phishing with Microsoft Voicemail Notifications"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><a style=\"color: #000000;\" href=\"https:\/\/www.kratikal.com\/blog\/increasing-popularity-microsoft-office-365-among-hackers\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #183994;\"><strong>Microsoft Office 365<\/strong><\/span><\/a> has once again made it into the news, and it is certainly not for the best of the reasons. In a newly discovered phishing campaign, attackers are spamming probable victims through emails that are disguised as Microsoft Office 365 <a style=\"color: #000000;\" href=\"https:\/\/www.swcomms.co.uk\/blog\/article\/office-365-passwords-are-at-risk-from-voicemail-phishing\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #183994;\"><strong>voicemail alerts<\/strong><\/span>.<\/a> Attackers are using Microsoft voicemail notifications to trick users into opening HTML attachments which redirect the victim to attackers&#8217; landing pages by using meta elements. These emails instruct victims to open attachments. This will, in turn, allow them to listen to voice messages, displaying the caller number and voicemail length within the message.<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#Attackers_Are_Using_Meta_Refresh_Redirections\" >Attackers Are Using Meta Refresh Redirections<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#How_Do_Attackers_Phish_Victims\" >How Do Attackers Phish Victims?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#Voicemails_Are_Being_Leveraged_by_Scammers\" >Voicemails Are Being Leveraged by Scammers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#How_to_Safeguard_Yourself_Against_Phishing\" >How to Safeguard Yourself Against Phishing?<\/a><\/li><\/ul><\/nav><\/div>\n\n\n<style type=\"text\/css\">\n      @media print, screen and (max-width: 63.99875em){\n      .tnp-submit\n      width: 48%;\n      }\n      .wp-block-tnp-minimal{\n      padding: 20px;\n      }\n      .blog_para\n      margin-top: 4px !important;\n      line-height: 25px !important;\n      font-size: 15px !important;\n      }\n\n      }\n      .blog_para{\n      font-family: jost,sans-serif;\n      margin-top: 14px;\n      margin-bottom: 30px;\n      color: #fff;\n      font-size: 15px !important;\n      color: black !important;\n\n      }\n\n      .wp-block-tnp-minimal{\n      padding:20px;\n      border: 1px solid grey;\n      }\n\n      .tnp-submit a{\n        background: #1d58c7!important;\n    border-radius: 5px!important;\n    text-transform: inherit!important;\n    padding: 8px 25px!important;\n    font-weight: 600!important;\n    color: #fff!important;\n    width: 30%!important;\n    border: none;\n      }\n\n      .blog_get{\n      font-size: 24px !important;\n      font-weight: 700;\n      padding-bottom: 0px;\n    font-family: 'Poppins' !important;\n      margin-bottom: 0px;\n      margin-top: 0px;\n      margin-bottom: 0px !important;\n      color: white;\n          line-height: 30px;\n          color: white;\n      }\n      .row{\n             display: flex;\n    flex-wrap: wrap;\n    flex-direction: row;\n    padding: 25px 0px 25px 36px;\n    align-items: center;\n\n      }\n\n.colLeft{\n         flex-basis:50%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n    color: white;\n}\n    \n .colRight{\n       flex-basis: 45%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n }\n\n.tnp-subscription-minimal{\n    float: right;\n}\n<\/style>\n<div style=\"max-width: 741px; margin: 0 auto; background-image: url('https:\/\/awareness.threatcop.ai\/marketing\/linkedinlowerbanner.webp'); background-repeat: no-repeat; background-size: cover; background-position: center; \">\n<div class=\"row\">\n<div class=\"colLeft\">\n<p class=\"blog_get\" style=\"font-family: 'Poppins' !important; color: white !important\">Subscribe to Our Newsletter On Linkedin<\/p>\n<p class=\"blog_para\" style=\"font-size: 16px;font-family: 'Poppins' !important; color: white !important; margin-top: 10px; margin-bottom: 28px;line-height: 25px;\">Sign up to Stay Tuned with the Latest Cyber Security News and Updates<\/p>\n\n<div>\n<div class=\"tnp\" style=\"margin-bottom: 10px;\">\n            <form action=\"https:\/\/threatcop.com\/newsletter-thank-you\" method=\"get\" target=\"_blank\">\n<div class=\"tnp-submit\">\n                  <a class=\"libutton\" href=\"https:\/\/www.linkedin.com\/build-relation\/newsletter-follow?entityUrn=7062043746430783488\" target=\"_blank\" rel=\"noopener\">Subscribe<\/a><\/div>\n<\/form><\/div>\n<\/div>\n<\/div>\n<div class=\"colRight\">\n<div>\n<div class=\"tnp tnp-subscription-minimal \">\n            <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/newsletter-icon.webp\" class=\"img-fluid\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Attackers_Are_Using_Meta_Refresh_Redirections\"><\/span><span style=\"color: #000000;\"><strong>Attackers Are Using Meta Refresh Redirections<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Attackers send <span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/phishing-and-pharming\/\">phishing<\/a><\/strong><\/span> landing pages employing a known redirection technique to victims. <\/span><span style=\"color: #000000;\">The attachment is opened in the target\u2019s default web browser. The page transfers them to a landing page which is hosted on mototamburi.com compromised WordPress website through a tinyw.in shortened URL and by using meta element embedded at the end of HTML attachment in order to start the redirection process.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">These malicious attachments use \u200bmeta refresh\u200b in order to redirect the end-user from an HTML attachment that is hosted locally, to a phishing page on the public internet. Since attackers use refresh tags for obfuscating the URL, the built-in link parsers of Office 365 do not detect the threat.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Do_Attackers_Phish_Victims\"><\/span><span style=\"color: #000000;\"><strong>How Do Attackers Phish Victims?<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"433\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2024\/01\/Phishing-email-sample-1-microsoft-office-365.webp\" alt=\"\" class=\"wp-image-10743\"\/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Attackers have designed a spoofed Voicemail management system page that pops up a &#8220;Voicemail user authentication&#8221; login form. This form asks targets to enter their Microsoft account&#8217;s email address and password which are collected and sent to an attacker-controlled server.<\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">The IP address for the server is used to store stolen Microsoft Office 365 user credentials that are hardcoded within the phishing landing page. This adds as another layer of sophistication to malicious HTML attachments with the tag, which obfuscates the URL to evade link analysis and redirects to a compromised domain on the public internet.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Voicemails_Are_Being_Leveraged_by_Scammers\"><\/span><span style=\"color: #000000;\"><strong>Voicemails Are Being Leveraged by Scammers<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"333\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2024\/01\/phishing-email-attachment-3-1.webp\" alt=\"\" class=\"wp-image-10744\"\/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">In late January, another phishing campaign was observed where attackers leveraged RingCentral voicemail message alerts to trick potential victims into handing out their credentials to attackers.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">The phishing emails use EML attachments that will open up within the targets&#8217; Outlook client which makes it even easier for attackers to pressure victims into clicking on the embedded links. Scammers are asking victims to enter their credentials twice in order to make sure that the username, as well as the passwords combos, are correct.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Safeguard_Yourself_Against_Phishing\"><\/span><span style=\"color: #000000;\"><strong>How to Safeguard Yourself Against Phishing?<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"3840\" height=\"2560\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2024\/01\/Step-2.webp\" alt=\"\" class=\"wp-image-10742\"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\">\n<li><span style=\"color: #000000;\">Get in touch with the sender prior to opening or clicking on the mail in case you receive emails that contain links or attachments.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">Thoroughly double-check the URL in the web browser&#8217;s address bar in case of finding anything that is suspicious in nature.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">Enforce per-user outbound rate limits for detecting compromised webmail email account abuse. This will ensure the slow down in the outbound spam rate and identify or stop the email abuse completely.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">In case you open a link, close the web browser and do not continue.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">If a user falls for a phishing scam and got their credentials hacked. He should immediately change the passwords of any accounts that might have been stolen.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">With cyber security attack simulators and awareness training <span style=\"color: #183994;\"><strong>TSAT<\/strong><\/span>, employees can learn about different types of cyber attacks and prevent themselves from such cyber threats.<\/span><\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Cyber security companies like Kratikal ensure that your organization is secure against real-life cyber threats that might pose risk to the organization\u2019s cyber infrastructure. It is important to adopt <span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/cybersecurity-practices\/\">security practices<\/a><\/strong><\/span> such as periodic <span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/www.kratikal.com\/application-security-testing.php\" target=\"_blank\" rel=\"noopener\">VAPT<\/a><\/strong><\/span>, cyber security policies, <a href=\"https:\/\/threatcop.com\/blog\/security-awareness-training-for-employees\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #183994;\"><strong>employee awareness<\/strong><\/span><\/a> programs, etc. These measures will further ensure the safety of the triad of people-process technology.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers are using Microsoft voicemail notifications to trick users into opening HTML attachments which redirect the victim to attackers&#8217; landing pages by using meta element.<\/p>\n","protected":false},"author":1,"featured_media":7551,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41,43],"tags":[],"class_list":["post-7005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attacks","category-social-engineering"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attackers Fake Microsoft Voicemail Notifications to Phish<\/title>\n<meta name=\"description\" content=\"In a newly discovered phishing campaign, attackers are spamming probable victims through emails that are disguised as Microsoft Office 365 voicemail alerts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attackers Fake Microsoft Voicemail Notifications to Phish\" \/>\n<meta property=\"og:description\" content=\"In a newly discovered phishing campaign, attackers are spamming probable victims through emails that are disguised as Microsoft Office 365 voicemail alerts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-19T13:22:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-13T07:35:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2019\/08\/Attacking-faking-microsoft-voice-mail.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"Phishing with Microsoft Voicemail Notifications\",\"datePublished\":\"2019-08-19T13:22:04+00:00\",\"dateModified\":\"2024-08-13T07:35:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/\"},\"wordCount\":625,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/Attacking-faking-microsoft-voice-mail.webp\",\"articleSection\":[\"Cyber Attacks\",\"Social Engineering\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/\",\"name\":\"Attackers Fake Microsoft Voicemail Notifications to Phish\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/Attacking-faking-microsoft-voice-mail.webp\",\"datePublished\":\"2019-08-19T13:22:04+00:00\",\"dateModified\":\"2024-08-13T07:35:33+00:00\",\"description\":\"In a newly discovered phishing campaign, attackers are spamming probable victims through emails that are disguised as Microsoft Office 365 voicemail alerts.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/Attacking-faking-microsoft-voice-mail.webp\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/Attacking-faking-microsoft-voice-mail.webp\",\"width\":1250,\"height\":1200,\"caption\":\"Attackers fake microsoft voice mail\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing with Microsoft Voicemail Notifications\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attackers Fake Microsoft Voicemail Notifications to Phish","description":"In a newly discovered phishing campaign, attackers are spamming probable victims through emails that are disguised as Microsoft Office 365 voicemail alerts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/","og_locale":"en_US","og_type":"article","og_title":"Attackers Fake Microsoft Voicemail Notifications to Phish","og_description":"In a newly discovered phishing campaign, attackers are spamming probable victims through emails that are disguised as Microsoft Office 365 voicemail alerts.","og_url":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2019-08-19T13:22:04+00:00","article_modified_time":"2024-08-13T07:35:33+00:00","og_image":[{"width":1250,"height":1200,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2019\/08\/Attacking-faking-microsoft-voice-mail.webp","type":"image\/webp"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"Phishing with Microsoft Voicemail Notifications","datePublished":"2019-08-19T13:22:04+00:00","dateModified":"2024-08-13T07:35:33+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/"},"wordCount":625,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2019\/08\/Attacking-faking-microsoft-voice-mail.webp","articleSection":["Cyber Attacks","Social Engineering"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/","url":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/","name":"Attackers Fake Microsoft Voicemail Notifications to Phish","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2019\/08\/Attacking-faking-microsoft-voice-mail.webp","datePublished":"2019-08-19T13:22:04+00:00","dateModified":"2024-08-13T07:35:33+00:00","description":"In a newly discovered phishing campaign, attackers are spamming probable victims through emails that are disguised as Microsoft Office 365 voicemail alerts.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2019\/08\/Attacking-faking-microsoft-voice-mail.webp","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2019\/08\/Attacking-faking-microsoft-voice-mail.webp","width":1250,"height":1200,"caption":"Attackers fake microsoft voice mail"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/attackers-fake-microsoft-voicemail-notifications-to-phish-victims\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Phishing with Microsoft Voicemail Notifications"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/7005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=7005"}],"version-history":[{"count":7,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/7005\/revisions"}],"predecessor-version":[{"id":11742,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/7005\/revisions\/11742"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/7551"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=7005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=7005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=7005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}