Microsoft 365 Users Targeted with Fake Voicemails
In a new scam, cybercriminals attack Microsoft 365 users with malicious files disguised as voicemails. The scam works by sending an email with a voicemail file attached. The filename ends in “mth.mp3”, appearing to be a legitimate MP3 file. However, the file is actually a malicious HTML file that has been disguised using right-to-left override (RLO) functionality.
RLO was created 20 years ago for languages that read from left-to-right instead of right-to-left. Unfortunately, cybercriminals now use this functionality to make malicious files look safe. For example, in this scam, cybercriminals use RLO to display “mp3.htm” as “mth.mp3”. If you open the file, you will be taken to a fake Microsoft 365 login page instead of a voicemail. Then, any credentials that you enter on the fake login page will go straight to the cybercriminals.
Follow these tips to stay safe from similar scams:
• Never click links or download attachments in an email that you were not expecting.
• Before you share any sensitive information online, make sure that the website is legitimate. For example, an MP3 file should never take you to a login page. If you’re uncertain, navigate to the website directly.
• Before you share any sensitive information online, make sure that the website is legitimate. If you’re uncertain, navigate to the website directly before sharing any information.
• Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
The KnowBe4 Security Team
Fraud and Scams
- Watch Out for Covid-19 Scams
- Online Dating Scams
- Microsoft 365 Users Targeted with Fake Voicemails
- How to Avoid a Scam
- Scam of the Week: Beware of Copyright Scammers
- KnowBe4 Security Tips - Holiday and Seasonal Scams
- How to Be Prepared for Future Security Threats
- What Does a Fraudster Look Like?
- What Is Identity Theft
- How to File a Report with the FTC
- Top 10 Financial Scams Targeting Seniors
- Tech Support Scams
- Get Rich Scams
- 6 Steps to Avoid Pet Scams and Getting Your Heart Broken
- Your Complete Guide to Identity Theft Protection
« Return to "Money Talk Blog"