Skip to main content

Fake voicemails used to hack Microsoft 365 accounts

(Image credit: Shutterstock)

Microsoft customers have been warned to take extra care with their online security following the rise of a new scam targeting Office 365 users.

Researchers at McAfee have uncovered a new phishing campaign that uses fake voicemails to lure victims into giving up their Office 365 email logins, which were then used to hack into user accounts.

Millions of users may have been targeted by the attacks, with McAfee saying several high-profile companies were hit, including some in the the tourism and entertainment industries, as well as financial, IT services and more.

Urgency

Victims were hooked into the scam through an email informing them they have missed a phone call, asking them to login to their account to access their voicemail.

After clicking on the file and being taken to the malicious website, users would hear a voice say “hello” before the audio was cut by a prompt to enter their email credentials to listen to the full clip.

The user would then be redirected to a phishing page asking them to log into their Microsoft 365 account, with passwords then being stolen by the criminals. After this, victims were redirected to the real office.com login page in an effort to make them belive their login had been genuine.

McAfee found that three different malicious kits were used as part of this campaign – demonstrating an active focus on cloud platforms like Microsoft 365.

"What sets this phishing campaign apart from others is the fact that it incorporates audio to create a sense of urgency which, in turn, prompts victims to access the malicious link," McAfee researchers Oliver Devane and Rafael Pena wrote in a blog post. 

"This gives the attacker the upper hand in the social engineering side of this campaign. We urge all our readers to be vigilant when opening emails and to never open attachments from unknown senders. We also strongly advise against using the same password for different services and, if a user believes that his/her password is compromised, it is recommended to change it as soon as possible."