Skip to Content
Voicemail phishing scheme targeting your Microsoft credentials
© Ilya Ginzburg | Dreamstime.com
Security & privacy

Watch for this fake voicemail notification trying to steal your Outlook password

Scammers use a variety of tricks to steal your information, but sometimes they take an unconventional approach. Text messages or emails with malicious links that spread malware are common, but a voicemail notification is rare. Tap or click for details on a recent email phishing scam.

And it is this surprising method that scammers hope you’ll overlook and drop your guard. Unfortunately, a recent scam campaign has already successfully stolen the credentials for popular productivity tools like Microsoft Office365 and Outlook.

Read on to see how the scam works and what you can do about it.

Here’s the backstory

You’ll see a notification on your phone’s screen when you have a voice message. However, the latest attempt to steal personal information is spreading through email. According to Zscaler, scammers send out fake voicemail notifications with a link to listen to them.

To create the illusion of authenticity, scammers include the company name the potential victim works for in the sender’s email address. As a result, unsuspecting recipients will, at first glance, assume that it’s an email from within their company.

To listen to the voicemail, the victim must click on the attachment, redirecting them to a spoofed sign-in page. It looks identical to Microsoft’s real account login page, but the hackers control this one.

Once the credentials have been entered, the scammers capture your details and take complete control of the associated account. Zscaler notes that security solution providers and software security developers are often targets, as well as healthcare and pharmaceutical companies and the military.

What you can do about it

While it should immediately seem suspicious if you get an email regarding a voice message, thousands have fallen for the ruse. Thankfully, there are a few things that you can do to keep your details safe.

  • Don’t click on links or attachments you receive in unsolicited emails or text messages.
  • Use two-factor authentication (2FA) when available for better security. Tap or click here for details on 2FA.
  • Keep your operating systems, apps and devices updated with the latest official software and patches.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

5 surefire phrases that you’re talking to a scammer on the phone

Is that viral Facebook post about scammers cloning accounts true or false?

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started