SECURITY ALERT: New phishing scam masquerages as link to a new voicemail message


CSIT has received a report of a new phishing scam.  We do not have any indication that this particular scam is widespread.  This warning is because the timing of this scam – coming during our transition to a new phone system with new features – may make it especially tempting.

The new phishing scam arrives as an email message with an elaborate sender address.  In this case the purported sender is “New Voicemail from (+ 1 424 696 0700) – (No-reply [at]” using the email address petties [at] .  (It is entirely likely that this may change in other instances of the scam.) The Subject line of the message is “You Have a New Voicemail from (+1 424 696 0700)” .  The body of the message claims that a contact in your address book has sent you a voicemail message.  It goes on to provide the date and note that your access to the message will expire within 24 hours and provides a link to preview or download the voicemail as a PDF.

It is true that our new voicemail service can be configured to deliver voicemail messages to your email address, either as an attached .WAV file or (with some additional software installed on your computer) as a link to the sound file in your voice mailbox.  However, such message originate from an address within the NWU domain.  Genuine messages regarding voicemail make no claims about whether the caller is in your address book and do not include any claim that your access to the message will expire.  Genuine messages regarding voicemail do not include links to PDF attachments, but rather have an attached WAV file or (with some additional software installed on your computer) as an audio player.

As always, we advise special caution in your handling of any email message with embedded links or attached files.  Please be especially cautious for the next few weeks, as transitional times in the academic calendar increase the number of phishing attempts and come as we are all busy and more vulnerable.  Some, like the one described here, are unfortunately timed to exploit changes to our infrastructure, even if only serendipitously.