Alerts

We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

3:00pm, 19 April 2021

TLP Rating: White

Microsoft 365 phishing using fake voicemail messages

An email requesting people listen to a voice recording is being used to bypass Microsoft protection and compromise those using Microsoft 365 (Office 365).

This email avoids regular detection by attaching an audio file to the email. If opened, it redirects to a fake Microsoft 365 login page. If login details are entered, cyber attackers could steal personal information and carry out a range of attacks.

What's happening

What this means

First, you will receive an email that looks like the screenshot below:

If the audio attachment is opened it will look like this:

From here, if you press play you will be redirected to a page imitating the Microsoft Office login page asking for your username and password:

What to look for

How to tell if you're at risk

Anyone with a Microsoft 365 account may be targeted by this phishing campaign.

How to tell if you're affected

You may have received an email asking you to listen to a voice message. If you have opened this attachment and entered login details to the following page your account may have been compromised.

What to do

Prevention

If you receive a suspicious email suggesting that you have received a voice message check with your IT department or service provider to see if the email is legitimate, or report the email to CERT NZ.

We are aware that these emails have been sent from email addresses with the following domains:

  • 0365outlookmessages.live
  • 0365outlookmessage.live
  • msa0365officeaudio.live
  • msa0365outlookcortana.live
  • msa0365outlookaudio.live
  • msa365outlookmessage.live
  • o365premiumoutlook.live
  • 365businessoutlook.live
  • mse0365outlook.live
  • 0365networks.live
  • 0365premiumoffice.live
  • 365outlooks.live
  • mca0365premium.live
  • mce0365office.live
  • mce0365business.live
  • mce0365premier.live
  • o365premieroutlook.live
  • o365networks.live
  • msr0365office.live
  • mse365office.live
  • 0365premieroffice.live
  • o365office.live
  • o365businessoffice.live

Mitigation

CERT NZ recommends that affected Microsoft 365 users take the following steps to secure their online accounts:  

  • Use a different password for each of your online accounts.
  • Make sure your passwords are long, strong and unique.
  • Keep your passwords safe. Try a password manager to store your passwords for you. 

Keep your data safe with a password manager

  • Turn on two-factor authentication (2FA) on your online accounts where possible, this provides an extra layer security if your password is ever compromised.

Enable 2FA

  • Make sure any account recovery questions and answers don't use publicly available information. For example, don’t use your pet’s name or your hometown. Get creative with your responses in a way that is easy and memorable.

More information

For more information about unauthorised access:

https://www.cert.govt.nz/individuals/common-threats/unauthorised-access/

Business email Compromise:

https://www.cert.govt.nz/business/common-threats/business-email-compromise/

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.