The Dangers of Voicemail Phishing

Picking up the phone is a hazardous business these days. Whether it is a call regarding PPI for an account that never existed, or an imaginary problem with your PC that desperately requires attention, there are a lot of reasons to ignore what comes down the line. One place you can consider yourself safe though is surely voicemail. The cold callers generally avoid leaving a message, and anything that does squeak through can be ignored and deleted. So where does Voicemail Phishing enter the equation, and why are we warned that it is on the rise?

The introduction of voicemail-to-email services has given breed to a new style of cyber-attack. Inevitably perhaps, the moment that a service was created that sends an email to notify the user that they have a voicemail, cyber criminals began looking for their loophole. The reason that people utilise the service is undoubtedly for speed and convenience. Through a legitimate source, the voicemail is sent as an attachment to the recipient, usually as a .wav file. Many people will barely look at the sender, let alone the file type, before clicking. Should the file come as a .zip, then there is a good chance that you will have released a virus onto your system.

As the name suggests, this works in much the same way as ‘traditional’ phishing. The attacker designs a template similar to a legitimate source and attaches the malicious attachment. When the recipient opens the voicemail file, the malware executes on the endpoint. Simple and devastating.

You are able to detect and defend against voicemail phishing through the use of anti-spam or anti-phishing scam tools. These features will monitor your email account for malicious intent and deal with it accordingly. It is important to keep them regularly updated though, as cybercrime rarely rests on its laurels. Another option is to use a network based antimalware tool. This will block the potential download of the malware in the file attached.

Although these tools are helpful, and the developers are always striving to get in front of the criminals, the most effective prevention method will always be education. By training your staff and colleagues to be more vigilant, and to know exactly what to look for in a malicious email, you prevent anything that isn’t legitimate from seeing the light of day. Any device that sends a notification via email, including printers and fax machines as well as phones, should be configured to show company branding. This will quickly and simply distinguish between real and fake. Importantly, be suspicious of everything that arrives in your inbox. Does the message seem out of context, the design slightly off? Get rid and speak directly to the sender.