Voicemail Email Scams

As cyber threats increase in popularity and we learn more about them, cybercriminals are finding new ways to be innovative and think outside of the box. A common phishing scam that is growing in popularity is the “voicemail email scam.” Its sole purpose is to promote a phishing website to record information that is entered into it. Here’s how it works:

  • User receives an email that notifies them of a new “voicemail”.
  • There is a link or button to click within the email that says, “Preview voicemail”, or something similar.
  • When the user clicks on it, it redirects them to a phishing website where it asks for login credentials.
  • Once entered, the scammers steal the login information and may also be able to access emails and other accounts that are connected to the email address.

Email Scam Campaigns

Email scam campaigns are one of the most common types of phishing. Recent common examples of these emails include: “Wage increase email scam”, “UN Covid-19 stimulus package”, “Lidl email scam” & “DBS Bank email scam”.

These emails are distributed through large-scale operations and often include catchphrases such as “Official”, “Urgent” or other similar titles used to instill panic when recipients receive the emails. They do this in hopes that the recipient will take immediate action and click the links. Not only do cybercriminals use verbiage to try and entice recipients to click the links, but they also use attachments such as word documents, pdf files, zip files, JavaScript, etc. to appear legitimate.

When these files are clicked into, malware installation and/or downloads are immediately initiated. Newer versions of some of these file types include modes such as “Protected view” in Microsoft office for instance, which prevents automatic execution of macros. Users have control and can manually enable macro commands (i.e. content/editing) and be alerted of potential risks.

Prevention & Protection

You may be asking, “How do I prevent scam emails from coming through?” While you can’t prevent all cyber threats from occurring, there are steps you can take to mitigate them and help give you peace of mind.

It is highly recommended that users use extreme caution when they receive suspicious emails. When in doubt, best practice is to report these messages to your IT department/partner. It is also recommended that you only use versions of Microsoft Office released after 2010. Only official and verified download channels must be used when downloading information. Unofficial sites, free file-hosting sites, etc. are things to avoid—as you’re almost guaranteed to have your information compromised or computer infected when using these.

Another way to stay protected is to have a legitimate and reputable anti-virus/anti-spyware suite installed and continually updated. These types of programs regularly run scans to remove detected threats and ensure your information is being protected. Here’s a quick cheat sheet to help you more easily spot scam emails:

  • Check the sender’s email address – Hover over the “from” address in an email to see if it’s legitimate. If an email is from Amazon, check to make sure the email is @amazon.com and not @amaz0n.com or something along those lines.
  • Check for generic greetings – Companies emailing you will include a greeting with your first name, so if you receive one with a greeting such as “Dear User”, “Dear Customer”, etc., this should be a red flag.
  • Check the email links – Hover over the link included in the email and if it seems suspicious, don’t click it. It’s best to just visit the website directly instead of clicking any links provided in emails.
  • Don’t trust email attachments – Legitimate companies will often prompt you to visit their website or login to view documents rather than just attach them in an email. If you receive one, it’s best to have it scanned by your anti-virus software before opening. A good resource to use is the Combo Cleaner Antivirus for Windows.

Rectification

So, what if you clicked on a suspicious link and feel your information has been compromised? Here are a few things you can do to help rectify the situation:

  • If you clicked a link and entered your password, change it immediately!
  • If you entered credit card information, contact your bank ASAP to cancel your card and send a replacement.
  • If you see any signs of identity theft, contact the FTC (Federal Trade Commission).
  • If you opened a scam email, your computer is most likely infected so it’s best to scan it with your antivirus application.
  • Help prevent future attacks by reporting phishing activity to your IT department/partner.

If you have any questions regarding this scam or other types of cyber threats, you can contact Entre Technology Services—we’d love to hear from you!

Leave a Reply

You must be logged in to post a comment.