• by Ray Schultz , June 5, 2020

Attackers are using custom subject lines to spoof a voicemail email as if it is coming from a PBX integration.

Security firm IRONSCALES has uncovered what it says is a massive new global phishing scam.

Attackers are using custom subject lines to spoof a voicemail email as if it is coming from a PBX integration, IRONSCALES reports. 

The company found the new form of attack in mid-May. The emails feature very targeted subject lines, often including a company name or the recipient’s name. 

IRONSCALES reports that the new voicemail phishing or “vishing” scam has threatened almost 100,000 mailboxes worldwide, hitting firms in real estate, healthcare, IT and several other industries.

The firm reports that the new voicemail phishing or “vishing” scam has threatened almost 100,000 mailboxes worldwide, hitting firms in real estate, healthcare, IT and several other industries.

This follows a week of disheartening phishing reports.

For example, a study by mobile security firm Lookout Inc. shows a 37% increase in the enterprise mobile phishing rate in the first quarter of 2020, versus the same period last year.

But that rate rose by 66.3% in North America YoY, and there was a 25.5% hike in EMEA and a 27.7% increase in the APAC region.

The potential financial impact could hit $150 million.

"Smartphones and tablets are trusted devices that sit at the intersection of their owner's personal and professional identity," said David Richardson, vice president of product management at Lookout.

Richardson adds: "Cybercriminals are exploiting the ability to socially engineer victims on their mobile device in order to steal their credentials or sensitive private data."  

Mimecast, meanwhile, reports that 59% of security and IT managers in the APAC region feel they are compliant. But 53% of the employees disagree, and 51% say their managers fail to stress the need for good security practices. 

“While security leaders in APAC believe they’ve made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cyber security training,” states Nick Lennon, Country Manager for Mimecast, Australia and New Zealand.