A common form of phishing is sending an email that says you have a “New Voicemail Message” or a “Missed Call.” The email looks legitimate and many people will open it up. Inside, they find a link that is supposed to link them to their missed voicemail message. But the link downloads malware instead.
That’s why it’s important to understand how this type of phishing works and how to best prevent it, as managed IT services experts in San Diego advise.
The “Missed Call” Phishing Scam
An employee receives an email about a missed voicemail message. It appears to be from a legitimate source such as Microsoft or Google. The message contains the company’s logo and uses language that appears legitimate. A typical example will say something like:
“Hello, [recipient’s name].
You have received a forwarded voice message from [supposed sender’s name] on June 1, 2020 at 2:00PM. Due to the size of the file, it cannot be uploaded to email. Click here to listen to the message and download the file.”
If the recipient clicks the link embedded in the email, it downloads malware or other suspicious software. When the recipient doesn’t get what’s expected (an audio file with a voicemail message), it’s common to close the email and toss it in the trash and forget about it.
But, the damage’s already been done, according to the experts on managed IT services in San Diego. The malware is behind the firewall and ready to go to work.
Is This Vishing?
Vishing is the use of voicemail to try to gain sensitive data from an individual. In these scams, someone leaves a voicemail on an employee’s phone, asking them to call back to provide sensitive information such as a credit card or social security number.
The “New Voicemail” phishing scam is different. It uses email instead of voicemail. Its intent is to get an individual to download malicious software.
Both scams, however, play on common human curiosity. People want to know who called them and why. Whether the message comes over voicemail or through email, it’s an easy lure for scammers to gain access to private or secret data.
In 2018, over 30% of calls coming into mobile phones were vishing scams. In three out of four attacks, the scammers use already known data (name, job title, company name, location) about the recipient to make the lure more appealing.
Prevent Both Vishing and “New Voicemail” Scams
Educating your staff is the first step to preventing these scams. We can help with education and security enhancements. Contact us at Excedeo! We are the experts on managed IT services San Diego companies trust with their data.