Think of how easy it is to trick a human. Entire industries are centered around it. Just think about the flashy magazines at the checkout counter promising us perfect summer bodies if we just follow Channing Tatum’s simple 30-step breakfast routine. These magazines sell. They wouldn’t exist if they didn’t work. Phishing works for hackers, and it works extremely well, and they are constantly making it harder to not get tricked.
Just a quick recap: what is phishing? Phishing is when a quote-unquote hacker sends you an email disguised as a legitimate email from someone else.
Usually a phishing email might look like your bank trying to get you to log in to check your statement, or PayPal telling you that there was a recent charge they want you to look into. Phishing attacks can also be very personal and specific, like an email from your CEO asking you to quickly move some funds to a certain bank account or authorizing a payment.
The hacker will spoof the email in a way to make it look legitimate - the email would have all of the logos and header and footer information that, at a glance, makes it look real. When the user falls for the trap though, they end up providing sensitive information to the hacker. It’s one of the leading cybersecurity threats in the playing field right now.
Phishing attacks are annoying, and they trick a lot of users, and this latest one even made me double take.
Most modern phone systems, especially VoIP phone systems, have a convenient feature that will email you voicemails. That way, you can check them easily from your email instead of dialing into your phone. I like this feature a lot--it gives me one less place to check for communication--and I already spend a lot of time in my email. It’s really handy to be able to listen to a voicemail message directly from my inbox on any device.
That said, hackers have figured out that a lot of businesses use this feature, and now they are crafting phishing emails to look like voicemails.
The email comes in very much like it would from your phone system. The subject line will say something like “New Voicemail from: (555) 555-5555” (but with a real number) and attached will be a file that looks like it could be an audio clip of the voicemail.
Be very wary of this. That file could contain malware. Some of these emails also contain links or buttons to click on to download the voicemail. These could lead to sites that might try to steal your information or infect your computer with malware. In other words, if you get one of these, don’t click on anything or download anything.
This is where things get tricky, because hackers are going to continue to experiment and try to increase the accuracy of this spoof.
Right now, the best way to ensure that you don’t fall for fake voicemail phishing attacks is to ensure that your REAL voicemail get labeled in your inbox.
Depending on your VoIP system, your voicemail emails will come from a specific email, and have a specific subject line. You’ll want to filter these emails so you know they are legit, and when you get one that doesn’t get labeled as a voicemail, you know you should be suspicious.
Look for your previous voicemail emails. Note the email address they come from and the subject line.
In Outlook:
This will hopefully weed out most fake attempts, but you still need to be very vigilant and make sure you know what you are clicking on and downloading. If you are getting a lot of spam and phishing emails, we are here to help. Just give us a call at 020 8626 4485 to see what your options are.
About the author