Scammers are now faking voicemail notifications to steal Office 365 login credentials

Security researchers have found a new phishing campaign that leverages fake voicemail messages to trick victims into stealing their Office 365 email credentials. The scam — uncovered by cybersecurity firm McAfee — made use of fraudulent email attachments, which when opened, redirected users to a phishing website that siphoned the login information with an aim to impersonate staff members and gain wider access to internal systems. A number of employees, from middle management to executive level staff employed across different verticals such as services, finance, IT services, retail, and insurance, were targeted in what the researchers call a whaling campaign.…

This story continues at The Next Web

from The Next Web https://ift.tt/2Wrw3M0