Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does the new voicemail phishing scam work?

A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it.

There's a new malware attack that uses voicemail to infect victims. Can you explain how this attack works? How...

can enterprises detect and defend against this voicemail-leveraging malware?

Very few exploits outside of social engineering have been delivered via plain-old-telephone service, but modern criminals have found a way to trick people through a new voicemail phishing scam. The modern twist is that the voicemail is delivered as an attachment on an email. For this to work, the attacker sends a phishing email designed to look like a legitimate email notifying the recipient he has a voicemail; the fake voicemail notification email carries a malicious attachment and when the recipient opens the voicemail file, the malware executes on the endpoint.

Enterprises can detect and defend against voicemail-leveraging malware by using an antispam or antiphishing scam tool that monitors for malicious emails. Alternatively, they could use a network based antimalware tool that blocks either a potential download of the malware, or the command and control communications.

Enterprises should also train their users to be more judicious about opening any attachments that look legitimate. Multifunction printers, fax machines, voicemail and other systems that send notifications via email should be configured with relevant details and branding for the enterprise to help employees identify phishing scams. A targeted attack could spoof the proper configuration and branding, but it increases the resources needed for the attack. In their security awareness training, enterprises should include that users should be skeptical of attachments that seem out of context from the sender.

These same defenses can be used against phishing scams disguised as a scanned document, fax or many other types of email notifications, including gift card notifications.

Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Find out which antimalware products are best for your organization

Learn how to identify a phishing attack

Check out the three reasons why phishing is so popular

This was last published in February 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you train your employees to recognize and avoid phishing attacks?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close