top of page
  • Writer's pictureStan Patey

Microsoft 365 Users Targeted with Voicemail Phishing Emails

We see frequent fake voicemail phishing attempts on our clients. The emails include subject line phrases such as “Voicemail Transcript” and “Missed Call” and HTML attachments with names such as Voicemail.wav.html. The attachments appear to be typical audio files with the familiar "wav" suffix included in the file name.

Phishing Email Example with indications of why it's a fake.

If clicked, the attachments lead users to a fake Microsoft login page. It’s already populated with your email address and will prompt for your Microsoft 365 password.

Fake Microsoft Login Prompt

If you give up your private email credentials, the bad guys will: 1. Take over your email account 2. Email your contacts as you 3. Gain access to all of your messages, contacts, calendar, and your OneDrive and SharePoint data. 4. Comb through your data in search of valuable passwords

Don't get duped!


Protect Yourself

  • Never open unverified email attachments. If someone you know sends you an attachment you're not expecting, check if it is really them via another contact method - call them.

  • Never enter credentials before checking the actual URL of the site. Is it Microsoft?

  • Enable multi-factor authentication (MFA). If you accidentally give up your password to a phishing attack, MFA will likely stop the bad guys from logging into your account.

  • Slow down; if an email is unexpected, unusual, or feels a little off, stop before you blindly click yourself into a whole lot of pain.

  • Our clients can always ask us to check it out before opening.

32 views0 comments


bottom of page