Fake Voicemails Targeting Users, 1000 Attacks in 14 Days" title="Fake Voicemails Targeting Users, 1000 Attacks in 14 Days" />According to the latest report by Check Point Harmony Email, over 1,000 attacks have been detected in the last two weeks involving fake voicemails and the use of QR codes. These scammers are exploiting the connection between corporate phone systems and email servers to embed malicious links in voicemail playbacks in an attempt to harvest user credentials through phishing.
The attacks are designed to trick users into clicking on malicious links by creating legitimate-looking voicemail recordings. The use of QR codes with conditional routing based on the device is also part of the social engineering tactics employed by these scammers. In one instance, the scammers sent an email that appeared to be from a reputable payment processor service, but it was only an attempt to mislead users.
Once the user interacts with the phishing email, they are redirected to a fake webpage that is designed to harvest their credentials. This kind of attack relies on user participation, as users must either click on links or enter information for the attack to be successful. This allows the scammers to experiment with different tactics, such as impersonating well-known brands and using voicemails to engage users and lure them into falling victim to the attack.
The combination of voice and phishing, known as Vishing, is a growing trend in cyberattacks. This form of attack uses telephones to trick users into disclosing sensitive financial and personal information, such as account numbers and passwords. Hackread previously reported Check Point researchers identifying a vishing campaign targeting users in South Korea with a new Android malware called “FakeCalls”, which tricked users into sharing sensitive financial information through fake calls supposedly made by legitimate financial organizations.
The COVID-19 pandemic has also seen a rise in phishing campaigns targeting companies using PBX telephone systems for communication and information sharing. These scams have targeted employees from various sectors, including engineering, real estate, IT, oil & gas, healthcare, and financial services, using voicemail email phishing.
It is important for users to be aware of these types of attacks and to understand how to protect themselves. This includes knowledge of different phishing tactics and avoiding providing personal information over the phone. Furthermore, security professionals can implement AI-based security, check and emulate all URLs, and use multiple layers of protection to guard against these types of attacks.
The increase in such attacks highlights the need for continuous vigilance and awareness when it comes to online security. As cybercriminals continue to develop new and sophisticated tactics, it is important for individuals and organizations to stay ahead of the curve in protecting themselves against these threats.
Albanian 
English 
Serbian 
Croatian 