In a recent report from Cofense, the significance of using voice messages for communication was brought to the forefront. The report highlighted an ongoing phishing campaign where threat actors strategically included an access key in the email content, alluring users into accessing what appeared to be a genuine voice message.
The report underlines that the email notification sent to the user bore a resemblance to a domain associated with Zoom. The attachment was an HTML file and marked the initial phase of the attack. What stood out was the use of the access key, strategically employed to create a personalized email, fostering a sense of trust and encouraging users to securely access the message.
Upon opening the attachment, users were directed to a page prompting them to view the message, but clicking the link triggered a prompt requesting the previously mentioned access key. However, it's important to note that the real purpose of this input was to convince users to permit another download.
After users entered the access key and completed what seemed to be standard captcha checks, they encountered a clever disguise – an AWS URL posing as a legitimate Zoom link. Upon downloading, the page redirected users to the official Zoom site, creating a false sense of authenticity. However, when they opened the downloaded file, they were met with a subpar Microsoft-themed login page. What's particularly intriguing is the sudden shift from mimicking Zoom to imitating Outlook and Teams platforms, a telltale sign of inconsistency that should raise users' suspicions.
The report underscores numerous warning signs within this campaign, emphasizing the importance of early vigilance. While certain aspects may trick unwary users, it's vital to approach message access with caution, especially when presented with suggested access keys. These keys, although not a common occurrence, can be surprisingly convincing and should be met with skepticism. Members are encouraged to share this tactic as part of security awareness and training reminders. Read more at Cofense.