{"id":16430,"date":"2019-09-26T03:30:03","date_gmt":"2019-09-26T11:30:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/09\/26\/news-10170\/"},"modified":"2019-09-26T03:30:03","modified_gmt":"2019-09-26T11:30:03","slug":"news-10170","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/09\/26\/news-10170\/","title":{"rendered":"Voicemail as bait"},"content":{"rendered":"<p><strong>Credit to Author: Maria Vergelis| Date: Thu, 26 Sep 2019 10:37:07 +0000<\/strong><\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110628\/fake-voice-mail-spam-featured.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-28791\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110628\/fake-voice-mail-spam-featured.jpg\" alt=\"\" width=\"1460\" height=\"958\" \/><\/a> <\/p>\n<p>Recently, we have been tracking a large-scale spam campaign in which scammers send e-mails that appear to be voicemail notifications. The body of the message indicates the time and length of the voice message, as well as a preview in the form of a hanging sentence: &#8220;Just checking to remind you in regards to our &#8230;.&#8221; The phrase is the same for all victims, and is intended only to generate interest.<\/p>\n<p> <a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110625\/fake-voice-mail-spam-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-28788\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110625\/fake-voice-mail-spam-1.png\" alt=\"\" width=\"718\" height=\"652\" \/><\/a> <\/p>\n<p>The recipient is invited to listen to the message by tapping a link. The link brings them to a (phishing) site that looks like the login page of a popular Microsoft service \u2014 Outlook, for example, or just a Microsoft account.<\/p>\n<p> <a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110629\/fake-voice-mail-spam-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-28790\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110629\/fake-voice-mail-spam-2.png\" alt=\"\" width=\"875\" height=\"649\" \/><\/a> <\/p>\n<p>Tapping the <em>Sign in<\/em> button triggers a script that the scammers try to hide from antimalware solutions using Base64 encoding. It saves any data the user enters in the authentication form, then passes it to a fraudulent site. After the data transfer, the user is redirected to a page with a description of a real voice-messaging service for business. That last step is an attempt to distract the victim from any last-second suspicions they may have.<\/p>\n<p>The attack is aimed specifically at corporate mail users; in some companies, employees really do communicate using voice messages. Various software products for business allow people to exchange voice messages and receive notifications of new ones.<\/p>\n<p>The purpose of the attacks seems to be to gain access to important business correspondence and confidential commercial data.<\/p>\n<p>It is worth noting that the number of spam attacks aimed specifically at the corporate sector has increased significantly of late. Cybercriminals are after access to employees&#8217; e-mail. Another common trick is to report that incoming e-mails are stuck in the delivery queue.<\/p>\n<p> <a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110640\/fake-voice-mail-spam-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-28789\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110640\/fake-voice-mail-spam-3.png\" alt=\"\" width=\"1171\" height=\"862\" \/><\/a> <\/p>\n<p>To receive these supposedly undeliverable messages, the victim is prompted to follow a link and enter their corporate account credentials on another fake login page, which again passes them straight to the scammers.<\/p>\n<p> <a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110639\/fake-voice-mail-spam-4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-28787\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110639\/fake-voice-mail-spam-4.png\" alt=\"\" width=\"1790\" height=\"921\" \/><\/a> <\/p>\n<p>Employees tend to view any such message as legitimate, perhaps even a priority. As a result, they follow the link and enter their data, not wanting to miss an important e-mail or voice message in the stream of business correspondence.<\/p>\n<p>Current methods make fakes hard to distinguish from legitimate messages. Therefore, to keep your business safe from phishing spam, install a robust <a href=\"https:\/\/go.kaspersky.com\/Global_Trial_Advanced_SOC.html?utm_source=kdaily&#038;utm_medium=blog&#038;utm_campaign=gl_kesbkb_ey0081_organic&#038;utm_content=link&#038;utm_term=gl_kdaily_organic_ey0081_link_blog_kesbkb\" target=\"_blank\">security solution with high-quality antiphishing technologies<\/a>, ideally one that filters incoming mail at the server level.<\/p>\n<p> <input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\" \/> <br \/><a href=\"https:\/\/www.kaspersky.com\/blog\/fake-voicemail-spam\/28727\/\" target=\"bwo\" >https:\/\/blog.kaspersky.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/25110628\/fake-voice-mail-spam-featured.jpg\"\/><\/p>\n<p><strong>Credit to Author: Maria Vergelis| Date: Thu, 26 Sep 2019 10:37:07 +0000<\/strong><\/p>\n<p>Scammers try to access Microsoft services using fake voice messages.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10425,10378],"tags":[1001,11789,10516,12321,10518],"class_list":["post-16430","post","type-post","status-publish","format-standard","hentry","category-kaspersky","category-security","tag-business","tag-e-mail","tag-microsoft","tag-smb","tag-spam"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16430"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16430\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16430"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}