A new phishing campaign pretending to be a voicemail notification from RingCentral prompts users to log in to retrieve it. This campaign tricks users into entering their passwords twice in order to confirm that they are providing the correct login credentials.
These phishing emails have subject lines such as ‘Voice: Message’, ‘Voice Delivery Report’, or ‘PBX Message’. “New Voicemail message from (EXT 61). Double click on the attached file to listen,” the body of the email read, BleepingComputer reported.
EML Attachments
This voicemail phishing campaign uses EML attachments and contains Preview, Listen, and Save Audio links that all go to the same webpage.
Passwords entered twice
Prompting users to enter their passwords twice is to double-verify the passwords entered by them. Phishing researcher NullCookies told BleepingComputer that only a “subset of kits do that”.
“Continuously showing an incorrect password alert can also be used to avoid redirecting to the impersonated company’s website. This gives the phishing scam additional concealment,” NullCookies said.
Recommendations
Publisher