Hackers use fake voice messages, which can be listened to via email, to collect the credentials of trapped users. Cybercriminals engage in social engineering to trick people into clicking on malicious links.
To trick users into clicking on malicious links, hackers are increasing their efforts. They rely on a social engineering technique that involves using voicemail as a lure, taking advantage of the link between corporate phone systems and emails. These attacks are unfortunately on the increase. CheckPoint researchers tell us that 1,000 incidents of this type have been recorded over the past two weeks.
An MP3 player integrated into emails that hits the mark
With this strategy, cybercriminals hide credential harvesting links in fake voicemails, which exploit connectivity between phone systems and emails. The sophistication of these attacks lies in the authentic appearance of the emails. Hackers manage to imitate well-known brands, such as Square, the payment processing service.
A recent example shows us an email purportedly sent by Square, with a small MP3 player embedded, which when launched, redirects users to a malicious credential harvesting page. Initially, scammers send QR codes with conditional device-based routing. The email begins with a subject line containing a fictitious phone number, which adds some legitimacy to the process, even if a quick Google search reveals that the number doesn’t exist.
The email appears, at first glance, to be from Square, but a little closer inspection helps reveal its falsity. The MP3 player we were talking about then does the rest, to redirect the trapped person where the hacker wants them to go.
A technique that reminds us of the importance of adopting a proactive cyber defense
Unlike so-called “zero-click” attacks, hackers here depend on the user’s interaction with the trap to succeed in the phishing attack. They use a certain creativity to encourage targets to listen to a file again, which can be read in an email, or to click on links. All to recover user identifiers, while adapting to reactions and the success of their methods.
For security professionals, the question is how to block these attempts. Using AI to analyze phishing indicators, systematic verification and emulation of URLs, not forgetting the implementation of multi-layered security, are among the recommended measures, as CheckPoint explains to us. As always, awareness of hacker techniques and vigilance are essential.
By impersonating reputable brands and embedding intriguing voice messages, hackers have come up with a rather clever method of collecting credentials. It is not perfect, obviously, but it works on targets that are not very careful. This reinforces the interest in adopting a proactive defense against these cyberattacks.
1