Microsoft 365 Credentials Targeted In Phony Voicemail Campaign

Share post:

A new phishing campaign targeting the U.S. military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors has been stealing Microsoft Office 365 and Outlook credentials.

The threat actor behind this operation uses fake voicemail notifications to lure victims into opening a malicious HTML attachment.

As per researchers at cloud security firm ZScaler, this newly discovered campaign shares tactics, techniques, and procedures (TTPs) with a similar operation that came out in mid-2020.

The cybercriminals use Japanese email services to route their messages and spoof the sender’s address, making them appear legitimate.

The email has an HTML attachment that is named with a music note character to make it seem as if the file is a sound clip. In reality, the file contains obfuscated JavaScript code that leads the victim to a phishing site.

The redirection process initially leads the victim to a CAPTCHA check, which increases the illusion of legitimacy for the victims. Once the user finishes this step, they are redirected to a legitimate-looking phishing page that steals Microsoft Office 365 credentials.

Vigilant users would notice that the domain of the login page is not from Microsoft nor their organization’s and is one of the following:

  • briccorp[.]com
  • bajafulfillrnent[.]com
  • bpirninerals[.]com
  • lovitafood-tw[.]com
  • dorrngroup[.]com
  • lacotechs[.]com
  • brenthavenhg[.]com
  • spasfetech[.]com
  • mordematx[.]com
  • antarnex[.]com

Hence, users should always check and confirm that they are on a real login portal and not a phony one before they begin to enter their credentials

Voicemail-themed phishing via HTML attachments has been used since 2019, but it still manages to victimize careless users.

For more information, read the original story in Bleepingcomputer.

SUBSCRIBE NOW

Related articles

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Cyber Security Today – Week In Review for September 7, 2024

Cyber Security Today - Weekend Edition: Toronto School Board Hack, MoveIT Breach & Data Privacy Concerns This weekend edition...

Intel’s contract manufacturing hits setback with quality issues

Intel’s contract manufacturing business has encountered a major setback after silicon wafers produced for Broadcom failed to meet...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways