This is a new type of scam that we have not seen before. We urge businesses to update their email security, as this scam is specifically targeting employees’ work email.
How does the scam work?
The emails appear to come from Microsoft Outlook “On behalf of an Anonymous Caller,” (see screenshot below) but the messages reference a variety of URLs and phone numbers. These emails contains different phone numbers like 703-892-5155x , 703-892-1228x , 703-892-5463x and link to various malicious web addresses. This particular sample contains a link to download a .WAV file.
The emails also contain an “Email ID” which gives the impression that the email is from an internal company email address. In the below sample, the message is citing Email Id firstname.lastname@example.org but other companies will have their own name cited, so employees at AZ, for example, would get voice.mail@AZ.com, making the email seem legitimate.
Don’t Click the Attachment:
This scam appear to especially target business users, so keep a close eye on your work email, and be aware that not even work emails are safe until the company email filters have been updated.
Omniquad’s clients using Mailwall Remote are protected from this scam.
Protect yourself from email fraud:
- Never click on Hyperlinks within emails.
- Do not open any file attached to the email.
- Always look for “https://” and padlock on web sites that require personal information.
- Never respond to spam / suspicious email or emails from unknown senders.
- Do not supply your personal to strangers, they are most likely scammers.
– The Omniquad Security Team
P.S if you want to help inform people about this type of scam, feel free to Tweet!