A different type of Office 365 phishing scam – by voicemail

Office for Mere Mortals helps people around the world get more from Word, Excel, PowerPoint and Outlook. Delivered once a week. free.


It was inevitable that phone scammers should try fooling Office 365 users into giving up their login details.

Update: after this scam was publicized, the phishing email turned up in our Office 365 mailbox!  Microsoft’s mail filtering let their customers down.
Microsoft’s lapse let us show you a real example of the scam mail.

The scam starts with an email which says you’ve missed a phone call and prompts to login and hear a voicemail.  The email contains a HTML attachment which is really a link to a phishing site.

a different type of office 365 phishing scam by voicemail office 365 32154 - A different type of Office 365 phishing scam – by voicemail

Sometimes the attachment includes the start of a voicemail audio message.  A clever little twist which adds some credibility to the scam.

Of course the email, link and voicemail message are complete BS.

Criminals hope you’ll go to their web page, follow the instructions in the voicemail and give away your vital login details.  They’ll use that to access your account and email.

Here’s the HTML attachment. It’s a simple web page with an image (which reveals your IP address and other computer details) and a link to the fake voicemail message.

a different type of office 365 phishing scam by voicemail office 365 32156 - A different type of Office 365 phishing scam – by voicemail

The voicemail / audio file link includes the target email address. Even if you don’t fall for the scam, the hackers know that address is a more likely target and could focus efforts on it.

Voicemail trick is new

Up to now, Office 365 phishing scams usually have an email and a link to a false login page.  The fake voicemail is new.

Ignore any email like that.  If unsure, login to your Office 365 account/mailbox using your ordinary login – probably a bookmark in your browser. NOT any link in an email.

While Two Factor Authentication isn’t perfect, it goes a long, long way to protecting yourself from many phishing attempts.

Check your email links are real not phishing but why Microsoft makes it easier for criminals?

Office 365 is #1 – for phishing and scamming

Amazon scams

Amazon is being used to trick people over the phone.  Criminals call claiming to be from Amazon, saying there’s an account problem, parcel gone astray or whatever.

Again, ignore the call.  Amazon has stated they NEVER cold call customers.  If they want to contact a customer, they’ll email.


Want More?

Office Watch has the latest news and tips about Microsoft Office. Independent since 1996. Delivered once a week.