3:00pm, 19 April 2021
TLP Rating:
Microsoft 365 phishing using fake voicemail messages
An email requesting people listen to a voice recording is being used to bypass Microsoft protection and compromise those using Microsoft 365 (Office 365).
This email avoids regular detection by attaching an audio file to the email. If opened, it redirects to a fake Microsoft 365 login page. If login details are entered, cyber attackers could steal personal information and carry out a range of attacks.
What's happening
What this means
First, you will receive an email that looks like the screenshot below:
If the audio attachment is opened it will look like this:
From here, if you press play you will be redirected to a page imitating the Microsoft Office login page asking for your username and password:
What to look for
How to tell if you're at risk
Anyone with a Microsoft 365 account may be targeted by this phishing campaign.
How to tell if you're affected
You may have received an email asking you to listen to a voice message. If you have opened this attachment and entered login details to the following page your account may have been compromised.
What to do
Prevention
If you receive a suspicious email suggesting that you have received a voice message check with your IT department or service provider to see if the email is legitimate, or report the email to CERT NZ.
We are aware that these emails have been sent from email addresses with the following domains:
- 0365outlookmessages.live
- 0365outlookmessage.live
- msa0365officeaudio.live
- msa0365outlookcortana.live
- msa0365outlookaudio.live
- msa365outlookmessage.live
- o365premiumoutlook.live
- 365businessoutlook.live
- mse0365outlook.live
- 0365networks.live
- 0365premiumoffice.live
- 365outlooks.live
- mca0365premium.live
- mce0365office.live
- mce0365business.live
- mce0365premier.live
- o365premieroutlook.live
- o365networks.live
- msr0365office.live
- mse365office.live
- 0365premieroffice.live
- o365office.live
- o365businessoffice.live
Mitigation
CERT NZ recommends that affected Microsoft 365 users take the following steps to secure their online accounts:
- Use a different password for each of your online accounts.
- Make sure your passwords are long, strong and unique.
- Keep your passwords safe. Try a password manager to store your passwords for you.
Keep your data safe with a password manager
- Turn on two-factor authentication (2FA) on your online accounts where possible, this provides an extra layer security if your password is ever compromised.
- Make sure any account recovery questions and answers don't use publicly available information. For example, don’t use your pet’s name or your hometown. Get creative with your responses in a way that is easy and memorable.
More information
For more information about unauthorised access:
https://www.cert.govt.nz/individuals/common-threats/unauthorised-access/
Business email Compromise:
https://www.cert.govt.nz/business/common-threats/business-email-compromise/
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.