Office 365 has been the target of an increasing number of ongoing phishing scams using fake voicemail to lure people.
The latest scam involves using fake voicemail messages to convince targets that they need to log in to hear the full recording.
Researchers at McAfee Labs had this to say about the matter:
"McAfee Labs has observed a new phishing campaign using a fake voicemail message to lure victims into entering their Office 365 email credentials. At first, [McAfee thought] that only one phishing kit was being used to harvest the user's credentials. However, during our investigation, we found three different malicious kits and evidence of several high-profile companies targeted."
Recipients will receive an email message informing them that they missed a call. A partial recording is available and embedded in the email, but the recipient gets little more than hello, so there's no real indication of what the message might be.
If the recipient clicks the link provided to "log in and hear the message," they are sent to a page that looks like an Office 365 login screen. All they're doing at that point is handing their credentials over to whoever posted the message.
As we said at the start, Office 365 has become an increasingly popular target. Another scam is making the rounds that try to get a user's login credentials by pretending to be the recipient's HR department and talking about an upcoming raise.
Both are powerful approaches that have been yielding better results than usual for the scammers. Be sure your IT staff and your employees are aware of and on their guard against these scams.