Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Phishing attacks on companies using PBX systems increases dramatically

Written by  Jun 06, 2020

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work, hackers have also started targeting companies using PBX systems with phishing attacks to gain access to email credentials.

A new report from Ironscales has revealed in detail how hackers are using phishing emails to steal corporate credentials of employees who use PBX systems that are integrated with company email clients. Many of these phishing emails pretend to be voicemail alerts as if they are coming from a PBX integration.

These emails feature custom subject lines that contain company names or recipients' names to make employees believe that they are legitimate company emails. Ironscales found that such voicemail phishing scams have threatened almost 100,000 mailboxes worldwide, targeting hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services, and more.

phishing attackAlso see: Best Practices To Protect Against Phishing Attacks

"To make each attack more believable, cybercriminals are adding customisation to personalise the sender name as well. This type of sophistication partially explains why these email attacks are bypassing secure email gateways and the DMARC authentication protocol, as neither are designed to detect or respond to spoofed emails without a malicious payload," the firm said in a blog post.

It added that even though most voicemails are quite benign in the information shared, cyber criminals know that any sensitive information that is left in the voicemail could potentially be used for a social engineering attack and that credentials could be used for multiple other logins, including for websites with valuable PII or business information.


Noting that companies using PBX systems to send voicemails automatically to their employees are vulnerable to such attacks, Ironscales suggests that these companies should make their employees aware of such scams and should also deploy computer vision-based scanners to detect the nature of these emails and mark it automatically as phishing.

Commenting on hackers leveraging PBX systems to target employees, Niamh Muldoon, senior director of trust and security at OneLogin, says that exploiting the weaknesses inherent in organisations – their staff – phishing attacks remain as adaptable and popular as ever, as this pivot to voice messaging attacks displays.

"As phishing attacks become increasingly common, and increasingly sophisticated — often tailored to a targeted team with an organisation — companies and consumers can reduce the risk of these attacks by applying Multi-Factor Authentication (MFA) supports user awareness and conscious behaviour when it comes to phishing threats and associated risk of clicking on suspicious links," she adds.

Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.


Popular Cyber News

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Apr 16, 2020 Cyber Security

Cybersecurity lessons to be learnt from the Pandemic

It may not be obvious, but the spread of information on computer networks is like disease processes. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Jun 06, 2020 Cyber Security

Phishing attacks on companies using PBX systems increases dramatically

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Apr 13, 2020 Cyber Security

Under half of UK businesses provide cybersecurity training: Kapersky

If businesses want to seriously wan to reduce he risk of data breaches and remains secure, they must commit to employee ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Symantec Home 120x60