Menu
Cart

A different type of Office 365 phishing scam – by voicemail

Last updated:
,

It was inevitable that phone scammers should try fooling Office 365 users into giving up their login details.

Update: after this scam was publicized, the phishing email turned up in our Office 365 mailbox!  Microsoft’s mail filtering let their customers down.
Microsoft’s lapse let us show you a real example of the scam mail.

The scam starts with an email which says you’ve missed a phone call and prompts to login and hear a voicemail.  The email contains a HTML attachment which is really a link to a phishing site.

Sometimes the attachment includes the start of a voicemail audio message.  A clever little twist which adds some credibility to the scam.

Of course the email, link and voicemail message are complete BS.

Criminals hope you’ll go to their web page, follow the instructions in the voicemail and give away your vital login details.  They’ll use that to access your account and email.

Here’s the HTML attachment. It’s a simple web page with an image (which reveals your IP address and other computer details) and a link to the fake voicemail message.

The voicemail / audio file link includes the target email address. Even if you don’t fall for the scam, the hackers know that address is a more likely target and could focus efforts on it.

Voicemail trick is new

Up to now, Office 365 phishing scams usually have an email and a link to a false login page.  The fake voicemail is new.

Ignore any email like that.  If unsure, login to your Office 365 account/mailbox using your ordinary login – probably a bookmark in your browser. NOT any link in an email.

While Two Factor Authentication isn’t perfect, it goes a long, long way to protecting yourself from many phishing attempts.

Check your email links are real not phishing but why Microsoft makes it easier for criminals?

Office 365 is #1 – for phishing and scamming

Amazon scams

Amazon is being used to trick people over the phone.  Criminals call claiming to be from Amazon, saying there’s an account problem, parcel gone astray or whatever.

Again, ignore the call.  Amazon has stated they NEVER cold call customers.  If they want to contact a customer, they’ll email.

About this author

Office-Watch.com

Office Watch is the independent source of Microsoft Office news, tips and help since 1996. Don't miss our famous free newsletter.
View our latest eBooks!

Office 2021 - all you need to know. Facts & prices for the new Microsoft Office. Do you need it?
Office LTSC is the enterprise licence version of Office 2021.

Office 2024 what's known so far plus educated guesses.

Microsoft Office upcoming support end date checklist.