CERT NZ is warning local businesses of a phishing campaign doing the rounds that prompts targets to listen to a voice recording in order to bypass Microsoft protection and compromise those using Office 365.
According to CERT NZ, the email avoids regular detection by attaching an audio file to the message. If opened, it redirects targets to a fake Microsoft 365 login page.
If login details are entered into the fake login page, cyber attackers could steal personal information and carry out a range of attacks.
Anyone with a Microsoft 365 account may be targeted by this phishing campaign, according to CERT NZ.
The national cyber security response organisation said that it was aware that the suspect emails have been sent from email addresses with several domains, including:
To avoid falling victim to the scam emails, CERT NZ recommended that affected Microsoft 365 users take a number of actions to secure their online accounts, including using a different password for each online account and turning on two-factor authentication (2FA) for online accounts where possible.