Ingenious identity thieves are always finding new ways to phish for your passwords and other personal information in order to use that information to make you a victim of identity theft. I have written many times in the past about phishing emails and text messages that lure you into clicking on links and downloading dangerous malware that can steal your personal information or tricking you into providing the information directly to the identity thief through legitimate appearing email, websites and text messages. Recently there has been a surge in phishing through fake voicemails. The scam starts with an email you receive that appears to come from your Microsoft Office 365 account or some other similar software you or your company may use. The legitimate appearing email informs you that you have received a voicemail message from a “trusted source.” Generally a portion of the alleged voicemail is transcribed and appears in the email. You are then instructed to click on a link in the email to hear the message. However, in one version of this scam, if you click on the link, you end up downloading keystroke logging malware, ransomware or a variety of other malware that can be harmful. In another version of the scam, you will be directed, as shown below to enter your password. Interestingly, when you first enter your password, it is rejected and you are required to enter it a second time. The truth is that the cybercriminal is just making sure that you accurately provide them with your password by making you confirm it. In some of these scams, you actually will be able to hear a generic voice mail message that some people have thought to merely be a wrong number.
TIPS
If your particular system does not provide email alerts as to voice mail messages, you can be confident that the email you received is a scam. In any event, remember my motto, “trust me, you can’t trust anyone.” Never click on links from anyone unless you have confirmed that the communication in which the link is contained is legitimate. Even if the email appears to come from a friend of yours or other trusted source, you should be wary of that person’s email being hacked and used to send out malware. As for accessing your voicemail, do it directly through your account and not through clicking on a link in an email.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”