{"id":14109,"date":"2019-09-26T14:59:55","date_gmt":"2019-09-26T10:59:55","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/fake-voicemail-spam\/14109\/"},"modified":"2019-11-15T15:21:53","modified_gmt":"2019-11-15T11:21:53","slug":"fake-voicemail-spam","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/fake-voicemail-spam\/14109\/","title":{"rendered":"Voicemail as bait"},"content":{"rendered":"<p>Recently, we have been tracking a large-scale spam campaign in which scammers send e-mails that appear to be voicemail notifications. The body of the message indicates the time and length of the voice message, as well as a preview in the form of a hanging sentence: \u201cJust checking to remind you in regards to our \u2026.\u201d The phrase is the same for all victims, and is intended only to generate interest.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/09\/26150023\/fake-voice-mail-spam-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14112\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/09\/26150023\/fake-voice-mail-spam-1.png\" alt=\"\" width=\"718\" height=\"652\"><\/a><\/p>\n<p>The recipient is invited to listen to the message by tapping a link. The link brings them to a (phishing) site that looks like the login page of a popular Microsoft service \u2014 Outlook, for example, or just a Microsoft account.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/09\/26150038\/fake-voice-mail-spam-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14114\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/09\/26150038\/fake-voice-mail-spam-2.png\" alt=\"\" width=\"875\" height=\"649\"><\/a><\/p>\n<p>Tapping the <em>Sign in<\/em> button triggers a script that the scammers try to hide from antimalware solutions using Base64 encoding. It saves any data the user enters in the authentication form, then passes it to a fraudulent site. After the data transfer, the user is redirected to a page with a description of a real voice-messaging service for business. That last step is an attempt to distract the victim from any last-second suspicions they may have.<\/p>\n<p>The attack is aimed specifically at corporate mail users; in some companies, employees really do communicate using voice messages. Various software products for business allow people to exchange voice messages and receive notifications of new ones.<\/p>\n<p>The purpose of the attacks seems to be to gain access to important business correspondence and confidential commercial data.<\/p>\n<p>It is worth noting that the number of spam attacks aimed specifically at the corporate sector has increased significantly of late. Cybercriminals are after access to employees\u2019 e-mail. Another common trick is to report that incoming e-mails are stuck in the delivery queue.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/09\/26150105\/fake-voice-mail-spam-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14117\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/09\/26150105\/fake-voice-mail-spam-3.png\" alt=\"\" width=\"1171\" height=\"862\"><\/a><\/p>\n<p>To receive these supposedly undeliverable messages, the victim is prompted to follow a link and enter their corporate account credentials on another fake login page, which again passes them straight to the scammers.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/09\/26150140\/fake-voice-mail-spam-4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14119\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/09\/26150140\/fake-voice-mail-spam-4.png\" alt=\"\" width=\"1790\" height=\"921\"><\/a><\/p>\n<p>Employees tend to view any such message as legitimate, perhaps even a priority. As a result, they follow the link and enter their data, not wanting to miss an important e-mail or voice message in the stream of business correspondence.<\/p>\n<p>Current methods make fakes hard to distinguish from legitimate messages. Therefore, to keep your business safe from phishing spam, install a robust <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">security solution with high-quality antiphishing technologies<\/a>, ideally one that filters incoming mail at the server level.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>Scammers try to access Microsoft services using fake voice messages.<\/p>\n","protected":false},"author":2495,"featured_media":14110,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917],"tags":[1815,38,240],"class_list":{"0":"post-14109","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-e-mail","10":"tag-microsoft","11":"tag-spam"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/fake-voicemail-spam\/14109\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/fake-voicemail-spam\/16722\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/fake-voicemail-spam\/18684\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/fake-voicemail-spam\/16756\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/fake-voicemail-spam\/15497\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/fake-voicemail-spam\/19390\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/fake-voicemail-spam\/18075\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/fake-voicemail-spam\/28727\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/fake-voicemail-spam\/12366\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/fake-voicemail-spam\/12381\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/fake-voicemail-spam\/11322\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/fake-voicemail-spam\/20300\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/fake-voicemail-spam\/24309\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/fake-voicemail-spam\/24275\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/spam\/","name":"spam"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2495"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=14109"}],"version-history":[{"count":6,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14109\/revisions"}],"predecessor-version":[{"id":14343,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14109\/revisions\/14343"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/14110"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=14109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=14109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=14109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}