Numerous industries, the U.S. Military and healthcare included, have been targets of a recent voicemail scam to harvest Microsoft 365 credentials.
This phish starts as an email attempting to look like it comes from the organization stating the recipient has a missed voicemail. The recipient is urged to click on the HTML attachment to listen to the recording. The recipient is then redirected to a fake Microsoft website to “log in”. They even direct the recipient to a CAPTCHA check to make it look more authentic. CAPTCHA is a challenge-response test used to determine whether the user is a human; you know, type the letters you see on the screen or click the boxes that have a bridge, etc.
At UTHSC, voicemail to email is a feature of RingCentral. You do not have to log into your Microsoft account to hear them. Use your SPAR training to review the sender’s email address and the URL of any webpage to which you are directed to make sure you are “landing” where you expect.
What has been reported to Abuse this past week?
- School News
- Email Verification
- School Update
- All three of these came from compromised accounts from another UT campus attempting “too good to be true” scams.
- Direct Credit Remittance from Sydney Tyre Service Pty Ltd – an email was delivered to a UTHSC person here in Memphis, “from” a service manager in Australia, for a tyre company in the UK, but from an email address originating in Ukraine.