Flagging Discrepancies: Access Key Used in Voice Messaged Phishing Campaign

Cyber Security Threat Summary:
In a recent report from Cofense, the significance of using voice messages for communication was brought to the forefront. The report highlighted an ongoing phishing campaign where threat actors strategically included an access key in the email content, alluring users into accessing what appeared to be a genuine voice message intended for them.

The report underlines that the email notification sent to the user bore a striking resemblance to a domain associated with Zoom. The attachment, bearing the date in its name, was an HTML file and marked the initial phase of the attack. What stood out was the use of the access key, strategically employed to create a personalized email, fostering a sense of trust and encouraging users to securely access the awaited message.

Upon opening the attachment, users were directed to a page prompting them to view the message, but clicking the link triggered a prompt requesting the previously mentioned access key. However, it's important to note that the real purpose of this input was to convince users to permit another download.

Security Officer Comments:
After users entered the access key and completed what seemed to be standard captcha checks, they encountered a clever disguise – an AWS URL posing as a legitimate Zoom link. Upon downloading, the page redirected users to the official Zoom site, creating a false sense of authenticity. However, when they opened the downloaded file, they were met with a subpar Microsoft-themed login page. What's particularly intriguing is the sudden shift from mimicking Zoom to imitating Outlook and Teams platforms, a telltale sign of inconsistency that should raise users' suspicions. The pre-filled email address was a ploy to gather the user's password, which was cunningly requested twice for confirmation, ultimately leading to a looping animation featuring the Outlook symbol. Remaining vigilant in the face of such tactics is crucial.

Suggested Correction(s):
The report underscores numerous warning signs within this campaign, emphasizing the importance of early vigilance. While certain aspects may trick unwary users, it's vital to approach message access with caution, especially when presented with suggested access keys. These keys, although not a common occurrence, can be surprisingly convincing and should be met with skepticism.

Link(s):
https://cofense.com/blog/access-key-used-in-voice-messaged-phishing/