Have you received an email notification that there is a voicemail waiting to be listened to by you?

Maybe you would be wise to think carefully before clicking on the attachment.

As security researchers at Zscaler explain, a wave of phishing attacks posing as voicemail notifications have targeted US organizations in recent days.

 

Targeted victims include organizations working in sectors such as the military, healthcare, pharmaceuticals, manufacturing, and others. Even security software vendors found themselves being the victims of attempted attacks – as Zscaler can attest, because it was through being targeted that they found out about the campaign in the first place.

According to the researchers, clicking on the HTML file attached to the emails initiates some obfuscated Javascript that ultimately takes the unsuspecting user to a webpage that tries to trick them into entering their Outlook or Office 365 login credentials.

Hopefully your users would think twice before entering their username and password, but I would still recommend enabling two-factor authentication to harden email account security and the use of an enterprise password manager.

Many users don’t realize that a side-benefit of password managers is that they can refuse to submit passwords into login forms if they do not determine they are on the legitimate login page for that password.

On its website, Zscaler has published a list of domains used in the attack which companies may choose to proactively block.

Cluely, Graham. “Voicemail-themed phishing attacks target organizations” June 21, 2022

 

_______________________________________________________________________________________________

No one wants to become a victim of a social engineering attack, so it’s important to recognize an attack in progress and not be tricked into responding to it inappropriately.

Trained and aware employees are critical to securing an organization, and an effective, ongoing internal security awareness program can help reduce your company’s vulnerability, turning the “weakest link” in your cyber defenses into its greatest strength. 

One of our most important roles as technology service providers is to protect the assets of our clients. No matter how big or small your business is, a single compromised credential could put your entire business at risk. Give us a call to further discuss how we can help in protecting your business against cybersecurity threats and how we can make technology work for your business.

Call us now at 732.780.8615 or email us at [email protected]