Getty Images

Voicemails of Remote Workers Targeted in New Phishing Campaign

Remote healthcare workers are facing a new cyber threat: hackers are targeting legacy technology used to send voicemails to employees with phishing attacks, according to IRONSCALES.

A new report from IRONSCALES shows remote healthcare workers are being targeted with a new phishing campaign. Hackers are actively working to exploit the legacy technology used to send voicemail messages to employees through “vishing” scams.

IRONSCALES detected these voicemail phishing attacks in more than 100,000 mailboxes across the globe.

The vishing campaign joins a host of other COVID-19-related cybersecurity threats, including attacks on cloud services, spear-phishing campaigns mimicking the World Health Organization and Google, NetWalker ransomware, and fraud attempts on CARES Act payments, among others.

“With workforces largely remaining partially or fully remote, employees continue to rely on tools for greater efficiency and productivity,” researchers wrote. “One of those tools is the Private Branch Exchange (PBX), a legacy technology which enables voice message recordings to be sent directly to an employee’s inbox.”

“As workers have little to no access to office land lines, PBX enables employees to retrieve important messages through integration with a company’s email client,” they added. “Simply put - if an employee misses a call, then they instantly receive a recording or message in their inbox.”

In light of the COVID-19 pandemic, hackers are also attempting to exploit the legacy tech. First discovered in mid-May, IRONSCALES researchers explained the hackers use custom subject lines to spoof the voicemail email to appear sent from a PBX integration.

The emails include the name of the company or the recipient, designed to dupe the user into thinking the email is legitimate. The threat actors are also using highly personalized subject lines that may “prey on people’s curiosity,” as well as customizing sender names.

These hackers are targeting healthcare, IT, engineering, real estate, financial services, and other sectors.

While typically PBX integrations may not contain valuable information, researcherd noted that it’s likely the threat actors are working to gain user credentials that could also be used for other logins on the enterprise. Thus, stolen credentials could be leveraged on enterprise websites and platforms to gain access to more valuable information, such as personally identifiable information.

Further, the threat actors could also pull information garnered from the voicemails for further social engineering attacks.

“This type of sophistication partially explains why these email attacks are bypassing secure email gateways and the DMARC authentication protocol, as neither are designed to detect or respond to spoofed emails without a malicious payload,” researchers wrote.

“If your organization automatically sends voicemails to workers inboxes, then your company is at risk of falling victim to this scam,” they concluded. “As we know, if an email looks real, then someone will fall for it.”

Healthcare organizations should work to inform employees of the attack trend to help spot abnormalities. Further, implementing security tools able to detect sophisticated phishing scams will also be crucial. IRONSCALES noted the scam was readily detected using a vision-based scanner.

The American Medical Association and American Hospital Association also released telework guidance for hospitals and other healthcare providers.

Next Steps

Dig Deeper on Cybersecurity strategies