June 29, 2022  — 
Eric Swotinsky

Phishing campaign uses voicemail messages as lure

An ongoing wave of phishing emails is using missed voicemail messages as a lure. Multiple US companies in various sectors were targeted last week again. The goal of the attackers is to steal Microsoft 365 credentials in order to access their environments.

The phishing website is using an individual subdomain corresponding to the target organization to make it harder to block. The website then asks the user to solve a CAPTCHA before they are shown a password field. Entered credentials are, of course, captured by the criminals.

According to the Anti-Phishing Working Group (APWG), of which Acronis is a member, phishing attacks doubled last year. The Advanced Email Security pack for Acronis Cyber Protect Cloud keeps phishing emails out of your users' inboxes, while the included URL filtering capabilities help block access to malicious websites.