New Research: Phishing Attacks Spoofing PBX Integrations Accelerate
June 2020 by IRONSCALES
IRONSCALES researchers have identified a major new phishing attack trending worldwide that is targeting remote workers’ virtual voicemails. The attacks leverage the Private Branch Exchange (PBX), a legacy technology which enables voice message recordings to be sent directly to an employee’s inbox. In total, the voicemail phishing or “vishing” scam has landed in almost 100,000 mailboxes worldwide, targeting hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services and more.
The attack was first identified in mid-May and has since evolved into a massive, global phishing scam in which attackers use custom subject lines to spoof the voicemail email as if it is coming from a PBX integration (see screenshot below). Like many phishing attacks, this attack is likely an attempt to obtain login credentials and sensitive information that can be used in social engineering campaigns.
Note that because IRONSCALES sits inside the mailbox, this PBX attack has proven to bypass secure email gateways and authentication protocols like DMARC - making it particularly dangerous for the many large organizations without advanced anti-phishing technology in place.