Voicemail Email Scam promotes phishing websites and steals user dataHow Voicemail Email Scam Works?Malicious links leading to phishing pagesMalicious attachments hiding malwareThreat SummaryExamples of Voicemail Scam EmailsHow to identify Voicemail email scam?Remove Malware and Protect Your Data

There are many different email design templates, subject lines, message variations and phishing page designs that are being used by cybercriminals to trick unsuspecting users into fake login portals and steal the user-provided login credentials. Additionally, these emails can include malicious attachments named as voicemail recordings.

How Voicemail Email Scam Works?

As mentioned previously, there are two ways these emails seek to inflict damage – either via attached links or files. In this section, we will explain in detail how the attack works in each of these scenarios.

Such voicemail scam emails inform the victim about a new voicemail received, and include some fictive details about the recording (such as the sender’s phone number, recording duration and time stamp when it was sent). The message includes a button that invites the user to preview or play the audio recording. Unfortunately, the button includes a deceptive link leading to a phishing website that mimics the design of well-known email service provider pages (such as Microsoft, Hotmail, or others). The site asks to login to the email or confirm the password to proceed. However, if the victim doesn’t notice the suspicious URL of such website, one might get tricked into typing in the login credentials. Sadly, no matter how many times the victim attempts to login, there will be no success, since the web page is only meant to collect the information the user provides and send it to cybercriminals.

Malicious attachments hiding malware

Another scenario that threat actors use is attaching the alleged voicemail as an email attachment. Judging from samples we collected during our research, the criminals may use music icon in the file name, or add a fake .mp3 extension, and name the file as “Voicemail Audio [date]” or “Voicemail Audio Transcription” or similar. The actual file format is typically a .htm file which usually opens via web browser. When this happens, the user will be redirected to a phishing page that can also ask to enter email login credentials, or, the file may contain malware. Therefore, it is important to recognize such scam emails and never open links or attachments that accompany them. If you have already done so, and suspect that your computer may have been compromised by malware, we recommend that you download INTEGO Antivirus to remove threats from the system. Additionally, software like RESTORO (secure download link) can be used to repair virus damage on Windows OS files. Most importantly, change the login credentials for the email account that you have exposed credentials of to cybercriminals.

Threat Summary

Examples of Voicemail Scam Emails

Example no. 1: Scam targeting Microsoft 365 credentials

One of the Voicemail Email Scam campaigns appeared in June 2022, and appeared to target Microsoft 365 credentials. The email subject is V_audio missed on [date] and claims that the user has a new voice mail from a random number. The email recommends opening the enclosed attachment to listen to the voicemail. Award-winning antivirus solution for your PC. Robust security software that provides robust 24/7 real-time protection, Web Shield that stops online threats/malicious downloads, and Prevention engine that wards off Zero-Day threats. Keep your PC safe and protected against ransomware, Trojans, viruses, spyware and other forms of dangerous programs. The attachment itself is a HTML file that contains a music note icon in its name along with alleged date that the recording was made. It is believed that such name is given to the deceptive file to convince the victim that it is an audio file rather than HTML document. However, once opened, the file releases an obfuscated JavaScript that redirects the victim to a phishing website. The victim will have to complete a CAPTCHA check, which is added as an extra step to bypass anti-phishing tools. After passing the check, the user will be taken to a phishing website that mimics Microsoft Office 365 sign in page. Whatever credentials the victim types in, the criminals will grab them and use them to steal the user’s account. Another example of phishing page that such emails can redirect you is provided below.

Example no. 2: Scams targeting other email login accounts

This email scam involves a simplistic email message that claims the user has received a new voicemail. It also includes the phone numbers of the caller and receiver, as well as caller name and duration of the voice message. Another sample of similar scam email suggesting the user has received a voicemail: After clicking on the provided button that says Preview voicemail / Play VM, the user gets taken to a phishing website asking to enter email login credentials. The website design can differ and mimic various email provider websites.

Example no. 3: Whatsapp New Private Voicemail Scam

Another example involving voicemail theme is Whatsapp New Incoming Voicemessage, or New Private Voicemail scam. The deceptive email states there is a voicemail available for the recipient, and includes the time it was sent and duration of it. There is a green Play button, one that hides a malicious URL. Clicking it takes the user to a Russian domain mailman.cbddmo.ru, according to Armorblox research. The phishing page attempts to install a Trojan known as JS/Kryptik, a JavaScript-based code injected into HTML pages and used to redirect victims to malicious URL and attempt to use a particular exploit. The web page also asks to click on Allow button to allegedly confirm that user is not a robot; however, what this actually does is it enables the malicious website to send push-notifications for the user daily.

How to identify Voicemail email scam?

Our team advises computer users to inspect the design and typography of the email to understand whether it comes from a trustworthy entity. Often times, these emails include weirdly aligned text, images, or buttons. Another noticeable detail is that scammers hardly ever pay attention to prepare the text to be flawless – so it often contains typo mistakes, grammar errors, misplaced punctuation marks, etc. It is also important to hover your mouse over sender’s email and inspect the address of it. If you can see that it is a random email address and not an official-looking one, just delete the email. Voicemail recordings are not usually sent in a form of an email attachment, unless the user specifically enables this feature. Therefore, if you haven’t enabled such feature and haven’t previously receive voicemails via your email inbox, it is best if you do not interact with such email attachments at all. If you clicked on a link provided in an email, it is strongly advisable to inspect the URL of the page that you land on. If you can see that it is an extremely lengthy URL that doesn’t look like it belongs to an official email service provider, close that page immediately. What you can also do is simply copy the link hidden in the email and paste it into online malware scanning engines such as VirusTotal. It will help you determine whether the URL or email attachment has been marked as phishing or malicious by various AV systems.

Remove Malware and Protect Your Data

If you have encountered a similar scam email, we strongly advise that you remove Voicemail Email Scam instance by deleting the message. Worse still, if you have provided sensitive information via phishing link included in the message, or opened its attachments, we recommend that you remove malware using the guide provided below. It is ideal to boot the computer at risk in Safe Mode with Networking and running an up-to-date antivirus software, such as INTEGO Antivirus to cleanse malware components automatically. Afterward, you may want to download RESTORO to repair virus damage on Windows OS files. Once you’re done, we recommend that you visit the official sign-in page of the email account that you have revealed the sign-in information for, and change your login credentials immediately, before cybercriminals did it before you. Additionally, we strongly recommend setting up 2FA authentication for more secure logins. This way, the perpetrators won’t be able to access your account even if your password is breached. OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here.

Method 1. Enter Safe Mode with Networking

Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in Safe Mode with Networking, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to start Windows in Safe Mode: Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users Now, you can search for and remove malware files. It is very hard to identify files and registry keys that belong to the virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. We recommend using SYSTEM MECHANIC ULTIMATE DEFENSE , which can also restore deleted files. Additionally. we recommend repairing virus damage using RESTORO.

Method 2. Use System Restore

In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.