A New Twist on Ransomware Delivery: Watch Out for Fake Voicemail Messages!

Image courtesy of MGN Online

Image courtesy of MGN Online

When it comes to voicemail message notifications delivered to our inbox, we haven’t usually thought of these as dangerous – until now. Hackers have figured out a way to include malicious code in this email notification. In this case, the attachment is a .ZIP file that is supposed to be the voicemail message. Downloading the attachment will unleash code that will encrypt all of the files on your computer or smartphone along with a demand for payment to unlock your device. Messaging platform, MS Outlook appears to be particularly vulnerable because “missed call notification emails are enabled by default”.

How Do You Protect Yourself?

  • If you receive an email with a Missed Call Notification that is not from your normal voicemail service provider, don’t open it.
  • Best practice: Don’t download or try to open any files that you did not directly request from a trusted source.
  • Typically, the voicemail file in a legitimate Missed Call Notification is not in a .ZIP format. Most are in a simple .WAV file.
  • Make sure your firewall is turned on along with anti-virus and anti-malware protection – and that they are up to date. Anti-exploit software may also provide additional protection.
  • If your computer of smartphone is ever compromised by ransomware, take it directly to a computer professional. Don’t try to fix the device yourself.
  • Source: KnowBe4.com.

For more information on this new type of ransomware, check out Heads-up! Voice Message Notification Email Warning Could Be Ransomware and Ransomware & Voicemail Notifications, Redux.

To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to bbb.org.