Voicemail-themed phishing campaigns are going strong
Zscaler, a cloud security company, warns about fake voicemail notifications attempting to steal employees’ Office365 and Outlook login credentials.
Innovation in bypassing email protection has always been part of successful phishing campaigns. In this case, the target receives a fake notification via email, saying that they have a new voicemail and that they can listen to it by opening the enclosed HTML attachment. That leads to a Microsoft-themed phishing page parked on a page/domain that has no relation to Microsoft.
Read more on Help Net Security