Scam Radar

How can you recognize Email 'voicemail received' — malware attachment?

Published

TLDR

Email simulates voicemail notification from corporate PBX (Mitel/Cisco/RingCentral) with attachment 'voicemail.html' or 'voicemail.zip'. The attachment is a malware downloader (Emotet, Qakbot, IcedID). Indicators: 1) PBX that your company...

How it works

Email simulates voicemail notification from corporate PBX (Mitel/Cisco/RingCentral) with attachment 'voicemail.html' or 'voicemail.zip'. The attachment is a malware downloader (Emotet, Qakbot, IcedID). Indicators: 1) PBX that your company...

Red flags

  • Urgent pressure to click, pay, or share codes immediately.
  • A link or sender that does not match the official organization.
  • Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What to do

  1. 1WHAT TO DO: modern PBX systems display voicemails in clients (Teams/Webex/RingCentral app), NEVER as an executable attachment.

Source

FBI-IC3

Source reviewed by Mythos Forensic Team

https://www.ic3.gov/

FAQ

Is Email 'voicemail received' — malware attachment a real scam pattern?

Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.

What are the first warning signs?

Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What should I do first?

WHAT TO DO: modern PBX systems display voicemails in clients (Teams/Webex/RingCentral app), NEVER as an executable attachment.

Can LegalAudit check my case?

Yes. Start a free chat and paste the message, link, sender, or payment details for triage.