Fake Voicemails Target Microsoft 365 Users

Cybercriminals continue to find new ways to trick users and steal their credentials. Sometimes, they even recycle decades-old tools that were never intended to be malicious.

For example, in a new scam, cybercriminals attack Microsoft 365 users with malicious files disguised as voicemails. The scam works by sending an email with a voicemail file attached. The filename ends in “mth.mp3”, appearing to be a legitimate MP3 file. However, the file is actually a malicious HTML file that has been disguised using right-to-left override (RLO) functionality. 

RLO was created 20 years ago for languages that read from left-to-right instead of right-to-left. Unfortunately, cybercriminals now use this functionality to make malicious files look safe. For example, in this scam, cybercriminals use RLO to display “mp3.htm” as “mth.mp3”. If you open the file, you will be taken to a fake Microsoft 365 login page instead of a voicemail. Then, any credentials that you enter on the fake login page will go straight to the cybercriminals.

Follow these tips to stay safe from similar scams:

• Never click links or download attachments in an email that you were not expecting.
• Before you share any sensitive information online, make sure that the website is legitimate. For example, an MP3 file should never take you to a login page. If you’re uncertain, navigate to the website directly.
• Before you share any sensitive information online, make sure that the website is legitimate. If you’re uncertain, navigate to the website directly before sharing any information.
• Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

Stop, Look, and Think. Don’t be fooled.