Attackers are posing as companies and Microsoft in order to steal Office365 and Outlook log-in information to target several important vertical markets in the United States.
Researchers have discovered that attackers are utilizing emails telling potential victims that they have a voicemail message as a common and yet successful lure to steal credentials to important Microsoft apps. Since May, a team from Zscaler ThreatLabZ has been keeping an eye on a campaign that sends emails with malicious voicemail-notification themes to important US vertical businesses in an effort to steal their Office365 and Outlook login information.
They claimed that in order to trick victims into falling for the scam, the emails and the page that steals credentials both appear to be coming from reliable sources.
Read More: https://threatpost.com/voicemail-phishing-scam-steals-microsoft-credentials/180005/