As if warning staff about suspicious email document attachments and links isn’t enough, now infosec pros have to tell them to watch out for suspicious voice mail attachments trying to steal passwords.

Security vendor EdgeWave said this week it has seen a “dramatic increase” in phishing email using .EML attachments, which is a file extension for an e-mail message that will have another file within it. In this campaign, the message purports to be a voicemail left on a user’s phone.

According to Bleeping Computer, which spoke to EdgeWave, these emails use subject lines such as “Voice:Message”, “Voice Delivery Report”, or “PBX Message.”

To hear the message the user has to click on a link, which brings up a box from the legitimate service called RingCentre. The link within the box entices the user to click “Listen.” If they do they are prompted to enter the password to their Microsoft Account, not once but twice — presumably to verify the password.


After entering a correct password a second time, the phishing page will play an mp3 recording of a generic voicemail, presumably to prevent people from becoming too suspicious. Also presumably, users who fall for this phishing campaign may figure it was just a wrong number.

For infosec pros, says EdgeWafe, one problem is few email gateways scan EML files by default, if at all.

Related Download
How GDPR can be a strategic driver for your business Sponsor: Micro Focus

How GDPR can be a strategic driver for your business

Register Now

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: