Attend IT Limited Blog

By accepting you will be accessing a service provided by a third-party external to https://www.attendit.net/

Phishing Attacks Masquerading as VoIP Voicemails

Phishing Attacks Masquerading as VoIP Voicemails

Think of how easy it is to trick a human. Entire industries are centered around it. Just think about the flashy magazines at the checkout counter promising us perfect summer bodies if we just follow Channing Tatum’s simple 30-step breakfast routine. These magazines sell. They wouldn’t exist if they didn’t work. Phishing works for hackers, and it works extremely well, and they are constantly making it harder to not get tricked.

Just a quick recap: what is phishing? Phishing is when a quote-unquote hacker sends you an email disguised as a legitimate email from someone else.

Usually a phishing email might look like your bank trying to get you to log in to check your statement, or PayPal telling you that there was a recent charge they want you to look into. Phishing attacks can also be very personal and specific, like an email from your CEO asking you to quickly move some funds to a certain bank account or authorizing a payment.

The hacker will spoof the email in a way to make it look legitimate - the email would have all of the logos and header and footer information that, at a glance, makes it look real. When the user falls for the trap though, they end up providing sensitive information to the hacker. It’s one of the leading cybersecurity threats in the playing field right now. 

Phishing attacks are annoying, and they trick a lot of users, and this latest one even made me double take.

The Fake Voicemail Phishing Attack

Most modern phone systems, especially VoIP phone systems, have a convenient feature that will email you voicemails. That way, you can check them easily from your email instead of dialing into your phone. I like this feature a lot--it gives me one less place to check for communication--and I already spend a lot of time in my email. It’s really handy to be able to listen to a voicemail message directly from my inbox on any device.

That said, hackers have figured out that a lot of businesses use this feature, and now they are crafting phishing emails to look like voicemails.

The email comes in very much like it would from your phone system. The subject line will say something like “New Voicemail from: (555) 555-5555” (but with a real number) and attached will be a file that looks like it could be an audio clip of the voicemail.

Be very wary of this. That file could contain malware. Some of these emails also contain links or buttons to click on to download the voicemail. These could lead to sites that might try to steal your information or infect your computer with malware. In other words, if you get one of these, don’t click on anything or download anything.

How to Tell the Difference Between a Real Voicemail and a Phishing Attack?

This is where things get tricky, because hackers are going to continue to experiment and try to increase the accuracy of this spoof.

Right now, the best way to ensure that you don’t fall for fake voicemail phishing attacks is to ensure that your REAL voicemail get labeled in your inbox.

Depending on your VoIP system, your voicemail emails will come from a specific email, and have a specific subject line. You’ll want to filter these emails so you know they are legit, and when you get one that doesn’t get labeled as a voicemail, you know you should be suspicious.

Look for your previous voicemail emails. Note the email address they come from and the subject line.

  1. In Gmail use these steps:
    Click on the Gear icon and go to Settings
  2. Click Filters and Blocked Addresses and scroll down and click Create a New Filter.
  3. Enter in the From email and a part of the subject line that is consistent across all of your voicemail emails (typically this will be something like “new voicemail from” or something similar).
  4. Click Create Filter
  5. On the next screen, choose what you want to do to make it stand out. Personally, I star it, and apply a label called Voicemail
  6. Click Create Filter once more and it will save. 

In Outlook: 

  1. Create a rule by right-clicking a legitimate voicemail email and go to Rules > Create Rules…
  2. Set the From to the email address your voicemails come from, and enter a part of the subject line that is consistent across all of your voicemail emails (typically this will be something like “new voicemail from” or something similar).
  3. In the Do the Following section, check Move Item to Folder and select a folder (or create a new folder called Voicemail.
  4. Ok.

This will hopefully weed out most fake attempts, but you still need to be very vigilant and make sure you know what you are clicking on and downloading. If you are getting a lot of spam and phishing emails, we are here to help. Just give us a call at 020 8626 4485 to see what your options are.

Taking a Look at the Problems Behind Smartphone Ad...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, July 07 2020

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Network Security Technology Business Computing Tip of the Week Best Practices Cloud Productivity Managed IT Services Privacy Disaster Recovery Hosted Solutions communications Data Recovery Malware Hackers Data Backup Data Backup Business Outsourced IT Innovation VoIP IT Services Cloud Computing Productivity Email Small Business Software Mobile Devices IT Support Computer Cybersecurity Efficiency IT Support Internet Business Continuity Automation Saving Money Business Management Hardware Internet of Things Upgrade Server Information Technology Smartphone Microsoft Phishing Managed IT Managed IT services Mobility BDR Mobile Device Management User Tips Collaboration BYOD Artificial Intelligence Network Avoiding Downtime Risk Management Budget Save Money Windows 7 Managed Service Provider Spam Quick Tips Computers Hosted Solution Communication Firewall Password Remote Computing Smartphones Cost Management Meetings Data Management Passwords Virtual Private Network Ransomware Compliance Gadgets History Saving Time Data Breach Remote Work Printing Data Security Windows 10 Android Hard Drives Human Resources Redundancy Tech Term Microsoft Office Google Document Management Workplace Tips Networking Solid State Drive Content Filtering Training IT Service Paperless Office Manufacturing Managed Service Personal Information Devices Hybrid Cloud Audit Conferencing Telephone Systems Router Value Recovery Marketing Business Technology Automobile Remote Workers MSP Online Storage Covid-19 Apple Help Desk End of Support Flexibility WPA3 E-Commerce Dark Web iPhone Wasting Money Windows 10 Cybercrime Streaming Media Holiday Evernote Copiers Users VPN App Remote Monitoring Education Cleaning intranet File Storage Work/Life Balance Employer-Employee Relationship Customer Relationship Management Transportation Operating System Wireless Internet User Error Facebook Payment Cards Phone System Word Computing Amazon Hacking Advertising Content Filter Vulnerability Entertainment Regulation Samsung Mobile Voiceover Internet Protocol Social Media SaaS Application Managed IT Service Payroll Machine Learning Proactive IT Private Cloud Bandwidth Office 365 Voice over Internet Protocol Going Green Mobile Device Gamification Disaster OneNote Data Loss Mobile Computing Applications Update Video Conferencing Nanotechnology Legal Analysis Virtual Assistant Save Time Data Protection Smart Technology Instant Messaging AI Monitoring HIPAA Professional Services Workers Business Telephone Two-factor Authentication Chromebook Wi-Fi e-waste Fiber Optics Encryption Electronic Medical Records Azure Administration Backup and Disaster Recovery Proactive Outsource IT Virtualization Mobile Office Wireless Technology Alexa for Business Time Management Management The Internet of Things Printers Travel Computer Repair Browser Wireless Lifestyle Cybersecurty Colocation Smart Tech Vendor Telephony Windows Server 2008 Government Students Utility Computing SMB Active Directory Project Management Break/Fix Window 10 Social Engineering Shadow IT Big Data Software as a Service Development Spyware Money Commerce Office IoT Black Market Workstations Financial Technology Upgrades Downtime Hacker Connectivity Employee-Employer Relationship Antivirus Employees Unified Communications Business Intelligence Windows Server Scam 5G Gifts Data Theft PowerPoint USB Accessory Books Tech Support Keyboard Miscellaneous Identity Worker Commute Comparison Threats Language Text Messaging Display Experience NFL Investment Maintenance Communitications Video Games Consultant Testing Excel Licensing OneDrive Reputation PCI DSS Security Cameras Storage Processor Emails IT Solutions Medical IT Workstation Television Virtual Reality CrashOverride Peripheral Micrsosoft Fraud Scalability Data Privacy Specifications Scams Office Tips Net Neutrality Computer Care Google Assistant Co-Managed Services ROI eWaste Hosted Desktop Health HBO Camera Sabotage Regulations Compliance Financial Worker Sports Benchmarks IT budget Hard Drive Webinar WIndows Server 2008 Credit Cards eCommerce HaaS Telework Access Control Digital Signage Edge Internet Exlporer Employee Sales Managed Services Provider Virus Unsupported Software Twitter Telephone Music Windows Ink Windows Server 2008 R2 Device Security Smart Devices Google Drive Windows Touchscreen iOS Projects Sync PC Chrome Social Managed Services WiFi Bring Your Own Device Battery Data Storage Cortana Blockchain Humor IT solutions Patch Management Computer Accessories FAQ Audits Memory Admin Google Docs Ciminal Alert Retail Facebook Privacy Computer Forensics Root Cause Analysis Hyperlink Analytics Google Maps Troubleshooting Search App store IT Management PDF Best Practice Company Culture Smartwatch Updates Policy Unified Threat Management Point of Sale Screen Mirroring Identities How To Windows 10s Outlook Adobe YouTube Wireless Charging Robot Solutions Settings Safety Microsoft Excel Websites Internet Service Provider Gmail Augmented Reality Wasting Time CRM Mobile Security Information Identity Theft Legislation Myths Apps Computer Fan Politics Charger Tablets Server Maintenance Microsoft Word Inventory Relocation Procedure Cast Current Events Hard Disk Drive Shortcut Vendor Management WannaCry Holidays Law Enforcement Printer Business Strategy Managing Stress Keyboard Shortcuts Emergency File Sharing