This is a new type of scam that we have not seen before. We urge businesses to update their email security, as this scam is specifically targeting employees' work email.
How does the scam work?
The emails appear to come from Microsoft Outlook “On behalf of an Anonymous Caller,” (see screenshot below) but the messages reference a variety of URLs and phone numbers. These emails contains different phone numbers like 703-892-5155, 703-892-1228, 703-892-5463 and link to various malicious web addresses. This particular sample contains a link to download a .WAV file.
The emails also contain an “Email ID” which gives the impression that the email is from an internal company email address. In the below sample, the message is citing Email Id email@example.com but other companies will have their own name cited, so employees at AZ, for example, would get voice.mail@AZ.com, making the email seem legitimate.
Don't Click the Attachment
The email attachment appears to be a .wav audio file from http://victorcalderone.com/rp31S5/index.html but it’s really an HTML link to a site that attempts to download Malware to your computer. Our technician found that the link tried to install a Trojan to his workstation.
Voicemail Email contains malicious link
This scam appear to especially target business users, so keep a close eye on your work email, and be aware that not even work emails are safe until the company email filters have been updated.
Omniquad's clients using Mailwall Remote are protected from this scam.
Protect yourself from email fraud
- Never click on Hyperlinks within emails,
- Do not open any file attached to the email,
- Always look for “https://” and padlock on web sites that require personal information,
- Never respond to spam / suspicious email or emails from unknown senders,
- Do not supply your personal to strangers, they are most likely scammers.
P.S. if you want to help inform people about this type of scam, feel free to Tweet!