Voicemail as bait

[harlan4096]

Recently, we have been tracking a large-scale spam campaign in which scammers send e-mails that appear to be voicemail notifications. The body of the message indicates the time and length of the voice message, as well as a preview in the form of a hanging sentence: “Just checking to remind you in regards to our ….” The phrase is the same for all victims, and is intended only to generate interest.

The recipient is invited to listen to the message by tapping a link. The link brings them to a (phishing) site that looks like the login page of a popular Microsoft service — Outlook, for example, or just a Microsoft account

Tapping the Sign in button triggers a script that the scammers try to hide from antimalware solutions using Base64 encoding. It saves any data the user enters in the authentication form, then passes it to a fraudulent site. After the data transfer, the user is redirected to a page with a description of a real voice-messaging service for business. That last step is an attempt to distract the victim from any last-second suspicions they may have.

The attack is aimed specifically at corporate mail users; in some companies, employees really do communicate using voice messages. Various software products for business allow people to exchange voice messages and receive notifications of new ones.

The purpose of the attacks seems to be to gain access to important business correspondence and confidential commercial data.

It is worth noting that the number of spam attacks aimed specifically at the corporate sector has increased significantly of late. Cybercriminals are after access to employees’ e-mail. Another common trick is to report that incoming e-mails are stuck in the delivery queue.

To receive these supposedly undeliverable messages, the victim is prompted to follow a link and enter their corporate account credentials on another fake login page, which again passes them straight to the scammers.
...

Continue Reading