Fake voicemails used to hack Microsoft 365 accounts

(Image credit: Shutterstock)

Microsoft customers have been warned to take extra care with their online security following the rise of a new scam targeting Office 365 users.

Researchers at McAfee have uncovered a new phishing campaign that uses fake voicemails to lure victims into giving up their Office 365 email logins, which were then used to hack into user accounts.

Millions of users may have been targeted by the attacks, with McAfee saying several high-profile companies were hit, including some in the the tourism and entertainment industries, as well as financial, IT services and more.

Urgency

Victims were hooked into the scam through an email informing them they have missed a phone call, asking them to login to their account to access their voicemail.

After clicking on the file and being taken to the malicious website, users would hear a voice say “hello” before the audio was cut by a prompt to enter their email credentials to listen to the full clip.

The user would then be redirected to a phishing page asking them to log into their Microsoft 365 account, with passwords then being stolen by the criminals. After this, victims were redirected to the real office.com login page in an effort to make them belive their login had been genuine.

McAfee found that three different malicious kits were used as part of this campaign – demonstrating an active focus on cloud platforms like Microsoft 365.

"What sets this phishing campaign apart from others is the fact that it incorporates audio to create a sense of urgency which, in turn, prompts victims to access the malicious link," McAfee researchers Oliver Devane and Rafael Pena wrote in a blog post. 

"This gives the attacker the upper hand in the social engineering side of this campaign. We urge all our readers to be vigilant when opening emails and to never open attachments from unknown senders. We also strongly advise against using the same password for different services and, if a user believes that his/her password is compromised, it is recommended to change it as soon as possible."

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound