Microsoft Outlook users should keep their eyes peeled for a phishing attempt targeting business users of the popular mail client. Though this phishing attempt has been making the rounds for a couple of years, it hasn’t shown signs of slowing down.
Like the highly dangerous W-2 scam, this phishing attempt fools users by appearing to be a legitimate, automated email from Outlook. But the message is simpler this time, sending Outlook users official looking emails with the subject line “You have received a voice mail.” The body of the email contains the Microsoft Outlook logo, fake data about the voicemail and caller, and a link to download the voice message. The link will download malware onto the user’s computer.
Scammers Gaining Your Trust through Legitimate-Looking Information
Scammers earn the trust of the recipients through social engineering tactics, such as including information that looks correct and appropriate to be receiving in the visual voicemail email. An “Email ID” that appears to be coming from an internal email address at the recipient’s organization, as well as a “Download Message” link that appears to host the fake audio file on the recipient’s organization’s domain, are throwing off recipients and causing them to trust the email enough to click on the download link.
Omniquad notes that although the download links appears to be a .wav audio file, it’s actually an HTML link to a website that tries to install a Trojan virus.
How to Avoid Falling Victim to this Visual Voicemail Email Scam
Unfortunately, an email can look official without actually being legitimate. When this particular email hit the inbox of an Ascend employee, they were tipped off by the fact that our visual voicemail emails are sent by a different provider than Microsoft Outlook. However, a person could easily be fooled into clicking the link if they were too trusting of the email’s authenticity or if they were simply going through their emails quickly.
If you receive this email, or any other email that asks you to download something that you think could be a virus, simply deleting it will be enough to avoid downloading any malware. If you do click on the download link, please notify your IT team immediately.
If you are ever unsure of the authenticity of a visual voicemail email you receive, either reach out to your IT team or simply call the caller ID number listed in the email. At worst, you’ll dial a wrong or out-of-order number – a much better worst-case-scenario than downloading malware onto your computer.
For advice on how to avoid phishing and other attacks, contact Ascend today, and protect yourself from the scams that threaten organizations like yours.
Written by Brittney Lane