Not Even Voicemails are Safe from Phishing

Phishing attacks have consistently been prominent in cybercrime throughout the past few years, not only due to their efficacy but also because there are so many avenues wherein phishing can be attempted. The first that comes to mind is email, of course, but you and your team need to keep these others in mind.

Take, for instance, a phishing voicemail…dubbed, naturally, a “phoicemail.”

Underhanded tactics like these are critical to understand and be able to identify if you are to protect your business.

How Do Phoicemail Scams Work?

In order to appreciate how these scams function, we need to consider the recent trend of deepfakes—artificially generated footage of someone based on numerous data points—and remember that these scams often also feature audio. So, if a scammer can fool people with a doctored video, it stands to reason that it’s worth trying to fool people with just the audio.

Enter phoicemail scams, where generated audio meant to mimic the supposed caller is left as a voicemail message instructing the recipient to do something they shouldn’t. For instance, sharing confidential or otherwise privileged information.

Picture it: you come back to the office after lunch, only to see that you’ve received a phone call while you were away and there’s been a message left there. You listen to your voicemail, only to hear a voice that sounds a lot like your manager requesting you to send over the credentials needed to access an account to a different email address than usual.

Would you fall for it? While it may be tempting to assume that you’d be able to pick up on how suspicious this seems, it is important to acknowledge that the fact that it isn’t coming in through an email might be enough to throw you. Plus, it isn’t unheard of for IT professionals—the ones who are arguably most conditioned to keep security in mind—to fall for these scams.

Phoicemail Threats Can Be Hard to Spot

Like many modern examples of phishing, it can be a real challenge to accurately judge whether a message has been tampered with or not.

Don’t believe us? Check out the study that MIT is currently running, where you are challenged to identify deepfakes by examining transcripts, audio recordings, and videos of Joseph Biden and Donald Trump—half of which are real, half fabricated. While some of the fraudulent audio clips included are somewhat apparent, it may be more difficult than you’d expect to separate the more convincing samples from the truth.

Phishing Awareness of All Types Needs to Be Part of Your Cybersecurity Posture

It is important that your team is aware that phishing can happen in many ways, not just through their email inboxes. Phone calls and voicemail messages, text messages, even search engine results can be phishing vectors. Your team needs to know this, and keep this lesson in mind whatever they happen to be doing.

We Define IT can help New York City businesses practice these security-conscious habits, while also implementing more secure technologies and protections to help minimize cyberthreats as much as possible. Find out how we can help you and your business’ team by giving us a call at 888-234-WDIT (9348) today.