Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings.
In a company blog post on Thursday, Ironscales reported that the operation, discovered by its researchers last month, has threatened nearly 100,000 mailboxes around the world, reaching enterprises across multiple sectors.
PBX is a useful tool for employees who lack convenient access to their office landlines. Aware of this, malicious actors are now crafting email subject lines designed to trick recipients into thinking they have received a new voice message.
“The attackers are looking to get the recipient to open the malicious attachment to drive to a fake landing page for credential harvesting. The recipient has to enter their O365 login credentials to access the voicemail recording,” an Ironscales spokesperson told SC Media in an email interview.
In some cases, the phishing actors use highly targeted subject lines that include a specific company’s or person’s name, according to the blog post, authored by Vice President of Pre-Sales Engineering/Director Of Engineering – Americas Ian Baxter. The sender’s name is also customized for the target.
“It may seem odd for attackers to create phishing websites spoofing PBX integrations as most voicemails are quite benign in the information shared,” Baxter explains in the post. “However, attackers know that the credentials could be used for multiple other logins, including for websites with valuable PII or business information. In addition, any sensitive information that is left in the voicemail could potentially be used for a social engineering attack.”
Because the emails do not bear an actual malicious payload that might trigger a detection, the emails can bypass secure email gateways and eludes the DMARC authentication protocol, Ironscales notes. SOURCE: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/phishing-campaign-targets-remote-workers-with-fake-voicemail-notifications/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_%7B%7B%27now%27%7Cdate:%27%Y%m%d%27%7D%7D&hmSubId=%7B%7Bcontact.cms_id_encrypted%7D%7D&email_hash=%7B%7Bcontact.email%7Cmd5%7D%7D&oly_enc_id=3914E2535389A8X