Reseller News

CERT NZ warns of Microsoft 365 fake voicemail phishing campaign

The email avoids regular detection by attaching an audio file to the message.
  • Leon Spencer (New Zealand Reseller News)
  • 20 April, 2021 11:11

CERT NZ is warning local businesses of a phishing campaign doing the rounds that prompts targets to listen to a voice recording in order to bypass Microsoft protection and compromise those using Office 365. 

According to CERT NZ, the email avoids regular detection by attaching an audio file to the message. If opened, it redirects targets to a fake Microsoft 365 login page.  

If login details are entered into the fake login page, cyber attackers could steal personal information and carry out a range of attacks. 

Anyone with a Microsoft 365 account may be targeted by this phishing campaign, according to CERT NZ. 

The national cyber security response organisation said that it was aware that the suspect emails have been sent from email addresses with several domains, including:  

  • 0365outlookmessages.live 
  • 0365outlookmessage.live 
  • msa0365officeaudio.live 
  • msa0365outlookcortana.live 
  • msa0365outlookaudio.live 
  • msa365outlookmessage.live 
  • o365premiumoutlook.live 
  • 365businessoutlook.live 
  • mse0365outlook.live 
  • 0365networks.live 
  • 0365premiumoffice.live 
  • 365outlooks.live 
  • mca0365premium.live 
  • mce0365office.live 
  • mce0365business.live 
  • mce0365premier.live 
  • o365premieroutlook.live 
  • o365networks.live 
  • msr0365office.live 
  • mse365office.live 
  • 0365premieroffice.live 
  • o365office.live 
  • o365businessoffice.live 

To avoid falling victim to the scam emails, CERT NZ recommended that affected Microsoft 365 users take a number of actions to secure their online accounts, including using a different password for each online account and turning on two-factor authentication (2FA) for online accounts where possible.