ALERT – Voicemail Phishing attack via Email
November 4, 2019
We encourage all staff to become much more diligent when it comes to the social engineering techniques deployed by hackers and attackers. It is safe to assume that each new attack will have a slightly different approach in order to take advantage of people. Hackers know that the people in organizations are a much easier target than the technology.
Here are a few things to remember:
- You should NEVER enter your user name and password if requested. Even if it looks legitimate. If you ever are in doubt or have questions please contact the ITM Service Desk prior to entering this information.
- Never click on a link or file unless you absolutely know the reason why you are receiving that file or link. If in doubt contact the sender. If it is valid they will confirm and if not they will thank you for letting them know they have been hacked..
- If you receive and email from someone who rarely sends you an email be suspect of the email.
- Expect the unexpected – this attack took over control of a users account and that is why the email had the users name and picture. Realize that the phishing attacks will change with each new campaign. It is better to be cautious and ask ITM for help vs dealing with the embarrassment of impacting other users and organizations.
The advice from individuals who have been phished is always the same, take the time to pause – and think – before clicking. When they go back and look at the phishing email and pause they can see the red flags and inconsistencies. Slow down and be more careful is the key.
Keeping the hackers out and our information and systems safe is everyone’s responsibility. As our staff fall victim to these attacks our organization becomes known to hackers for these vulnerabilities. It is everyone’s job to be diligent and cautious.
For a more detailed technical review of this Phishing Attack check out this article.
Office 365 Users Targeted by Voicemail Scam Pages
Chris J. Moore
Chief Information Officer