By now, we have all seen countless Office 365 phishing emails and are becoming much more perceptive in identifying them. Now, with the increasing usage of voicemail-to-email, the bad guys are turning to voicemail-to-email messages to garner new victims.  

Email similar to the following will be sent in an effort to either direct a user to a malicious website, entice the user to open a malicious attachment, deliver a ransomware payload, or steal the user’s email credentials. For instance, if one were to click on the VoiceMessage.wav button in this email, they would be directed to a malicious site.
Please see the following tips for avoiding these scams:
  •  Like with any phishing attempt, pay attention to the sending address. In this case, it is a strange-looking email from a Japanese domain. 
  • If you utilize a specific phone system, you should be familiar with what your voicemail email looks like. With this being said, you should automatically ignore all other voicemail emails.
  • If your phone system does not have voicemail-to-email, then you should immediately dismiss all voicemail emails. If someone wants to contact you, they really should not need to leave you messages through unfamiliar services. 
  • Always be skeptical. When in doubt, just don’t click it. What is the worst that can happen?