As of April 2019, Microsoft boasted over 180 million monthly active Office 365 (O365) users and is adding 4 million per month, making it a target rich environment for bad actors. Over the past few weeks McAfee Labs has been observing a new phishing campaign using a fake voicemail message to lure victims into entering their Office 365 email credentials. McAfee Customers using VSE, ENS, Livesafe, WebAdvisor and Web Gateway are protected against this phishing campaign.

The attack begins when the victim receives an email informing them that they have missed a phone call, along with a request to login to their account to access their voicemail.

An example of the malicious email is shown below:

The phishing email contains a HTML file as an attachment which, when loaded, will redirect the user to the phishing website. There are slight variations in the attachment, but the most recent ones contain an audio recording of someone talking which will lead the victim to believe they are listening to the beginning of a legitimate voicemail.

Definitive Guide to Office 365

Learn the best practices on how enterprises are deploying and using O365.

Get Now

It’s important to ensure your organization protects users accessing their email and cloud services (even fake ones) like Office 365 from wherever they work, so you don’t fall victim to this kind of attack. In the event credentials to Office 365 are stolen, you can still ensure data loss doesn’t occur by detecting a compromised account login. Here’s a snapshot of the  enterprise security technologies that can keep you safe:

  • McAfee Web Gateway (Cloud Service): Whether in the office or roaming anywhere off-network, you can ensure that every path to the internet from one of your employee’s devices is scanned for advanced malware and malicious pages, like the one used in this attack. In most cases, you’ll stop the attack here.
  • McAfee MVISION Cloud: If an attacker does trick a user into giving up their credentials, an attacker attempting to login to Office 365 may appear as an anomalous activity, and if they try to steal data, can be recognized as a threat and stopped. MVISION Cloud uses machine learning-based User and Entity Behavior Analytics (UEBA) to detect these anomalies, correlate them across millions of events in your cloud environment and identify threats to your data.

Head over to our McAfee Labs Blog for more technical details on this attack, and additional info on end-user preparedness for phishing attacks.