You get a voicemail on your phone. When you listen to it, you hear an artificial voice saying something like...
"This is Microsoft. Your account will be suspended unless we hear from you. You will not be able to use your computer. Please call 866-222-9988 now."
What do you do?
Most would contact their IT department. Or just ignore it. A few people, however, would call the number...and get sucked into a phishing scam.
This kind of "scareware" is nothing new—voicemail phishing attacks have occurred for the past 2-3 years. Sadly, they're increasing. Why? Because they still work.
How an Automated Voicemail Phishing Scheme Works
Voicemail phishing relies on social engineering—making a person believe one thing, so they take a certain action. The process varies depending on who's doing it, but it generally goes like this:
- A cybercriminal (or group of cybercriminals) send a voicemail to your phone.
- The voicemail is an electronic voice telling you it's from Microsoft. There has been a disruption in your payment method, and you will not be able to use your computer if this isn't fixed.
- The voice gives a number for you to call. If you call it, the person on the other end will either ask you:
- For your credit card number, or
- To download a program on your computer.
- The program, if you download it, will install malware & let this other person access your data. If you give them your credit card number, well, they'll just use that however they please.
Cyber Fu Tip! Be suspicious of any unexpected request for your personal information, your credit card information, or requests to download programs or allow access to your phone or computer. In this particular case, report the voicemail to your IT department so that they can warn others in case your company is a target of this attack.
What are your cybersecurity questions? Please email us at firstname.lastname@example.org!