Kaspersky researchers have reported on a large-scale malicious email campaign, aimed at stealing Microsoft services user accounts credentials, which could allow attackers access to private corporate information, such as business correspondence. Based on an elaborate spam message, the campaign targets employees of large companies that use business messengers with a function to exchange voice messages and receive notifications of new ones via corporate email.
The body of the email typically contains the time the voice message was sent, its duration, and a preview of the message in the form of a short phrase, such as, “Just checking to remind you in regards to our…”. To listen to the message, the recipient is asked to follow what is actually a phishing link that leads to a fake authorization page of one of several popular Microsoft services. This could be the login page for an Outlook email client or a basic Microsoft account. Once the user’s credentials are entered, fraudsters capture them and redirect their unsuspecting victim to the real voice message service for the business, distracting them and leading them to believe the email was merely an innocent promotion of the service.
“We’ve recently observed a significant increase in the number of spam attacks on the corporate sector. In most cases, they attempt to hack into employees’ emails through missed or undelivered messages to access private corporate information that the accounts could reveal. Obviously, missing an important message is a constant fear for employees of large companies, as it can affect vital business processes. Therefore, such attacks are likely to have a successful outcome for fraudsters,” said Maria Vergelis, security researcher at Kaspersky.
“The targeted employees, afraid to lose the notification in a huge stream of business correspondence, are understandably tempted to follow malicious links and enter their data. We urge all employers to educate their teams on basic cybersecurity hygiene, to avoid becoming a victim of such scams,” added Vergelis.
To protect users and businesses from malicious email campaigns, Kaspersky recommends:
- Always check the link address and the sender’s email before clicking on anything
- Check if the link address can be seen in the email and is the same as the actual hyperlink (the real address which the link will take you to). This can be checked by hovering your mouse over the link
- Use a reliable security solution with behavior-based anti-phishing technologies, such as Kaspersky Total Security, to detect and block both spam and phishing attacks, and initiation of malicious files