A new report from Ironscales has revealed in detail how hackers are using phishing emails to steal corporate credentials of employees who use PBX systems that are integrated with company email clients. Many of these phishing emails pretend to be voicemail alerts as if they are coming from a PBX integration.
These emails feature custom subject lines that contain company names or recipients' names to make employees believe that they are legitimate company emails. Ironscales found that such voicemail phishing scams have threatened almost 100,000 mailboxes worldwide, targeting hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services, and more.
"To make each attack more believable, cybercriminals are adding customisation to personalise the sender name as well. This type of sophistication partially explains why these email attacks are bypassing secure email gateways and the DMARC authentication protocol, as neither are designed to detect or respond to spoofed emails without a malicious payload," the firm said in a blog post.
It added that even though most voicemails are quite benign in the information shared, cyber criminals know that any sensitive information that is left in the voicemail could potentially be used for a social engineering attack and that credentials could be used for multiple other logins, including for websites with valuable PII or business information.
Noting that companies using PBX systems to send voicemails automatically to their employees are vulnerable to such attacks, Ironscales suggests that these companies should make their employees aware of such scams and should also deploy computer vision-based scanners to detect the nature of these emails and mark it automatically as phishing.
Commenting on hackers leveraging PBX systems to target employees, Niamh Muldoon, senior director of trust and security at OneLogin, says that exploiting the weaknesses inherent in organisations – their staff – phishing attacks remain as adaptable and popular as ever, as this pivot to voice messaging attacks displays.
"As phishing attacks become increasingly common, and increasingly sophisticated — often tailored to a targeted team with an organisation — companies and consumers can reduce the risk of these attacks by applying Multi-Factor Authentication (MFA) supports user awareness and conscious behaviour when it comes to phishing threats and associated risk of clicking on suspicious links," she adds.