Very few exploits outside of social engineering have been delivered via telephone service, but modern criminals have found a way to incorporate it through a new voicemail phishing (vishing) scam. The modern twist is that the voicemail is delivered as an attachment in an email.
To accomplish this, a bad actor sends a phishing email designed to look like a legitimate email notifying the recipient they have a voicemail; the fake voicemail notification email carries a malicious attachment and when the recipient opens the attachment, the malware executes on the endpoint. Another method used by bad actors is to harvest credentials using the voicemail phishing scam. These emails contain a button that, if clicked, leads to a website that looks exactly like the Office 365 sign-in page. If a user types in their login name and password, the information gets recorded and ends up in the hands of cybercriminals.
Vishing is just another arm of phishing, and you can protect yourself from becoming a victim using the same tips designed to safeguard against phishing attempts:
Check back for more security best practices and tips.