Security researchers at Cofense recently observed credential phishing campaigns that use a novel deception technique, directing victims to a voice recording that lures them into a false sense of security after they’ve provided their Microsoft credentials.

According to Cofense, this particular phishing campaign is notable due to the unusual redirection that occurs after the victim enters their credentials into a phishing landing page, which appears to be a Microsoft login page. The phishing email has a subject line related to EFT payments and the main body requests users to review an attached file. After typing in their credentials, victims are sent to a seemingly unrelated Google Drive voice recording about catering prices, providing further confusion for the victims. Cofense researchers write, “the clever use of misdirection showcases the lengths that adversaries are willing to go to in order to maintain the illusion that nothing malicious has taken place.” To defend against this activity, members are reminded to always be wary of messages that require urgent actions and ones that ask a user to click on a link or open an attachment. Users should reach out to the purported sender via another means of communication to confirm its authenticity. Read more at Cofense.