Listen to the episode
TLDR
Summary : Cybercriminals are sending fake voicemail notifications by email, spoofing Microsoft branding to either harvest Office 365 / Outlook login credentials on phishing pages or trick victims into installing malware. The NCSC...
How it works
Summary : Cybercriminals are sending fake voicemail notifications by email, spoofing Microsoft branding to either harvest Office 365 / Outlook login credentials on phishing pages or trick victims into installing malware. The NCSC...
Red flags
- : You receive an unsolicited "voice message" or "voicemail" email from a sender or domain that is not an official Microsoft address. The message pressures you to click a link or open an attachment to listen to a message you never actually received. The linked login page looks like Microsoft 365 or Outlook but the URL is misspelled, shortened, or on an unfamiliar domain
What to do
- 1: Do not click any link or open any attachment in unsolicited voicemail notification emails. Verify any supposed voicemail directly inside your official Microsoft / Teams / Outlook account, never via the email link. Report the message to your IT team or the NCSC reporting form, then delete it
- 2if you already entered credentials, change your Microsoft password immediately and enable multi factor authentication
Source
ncsc-switzerland
Source reviewed by Mythos Forensic Team
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/wochenrueckblick_25.htmlFAQ
Is Fake Voicemail Emails Impersonate Microsoft to Steal Logins and Spread Malware a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
: You receive an unsolicited "voice message" or "voicemail" email from a sender or domain that is not an official Microsoft address. The message pressures you to click a link or open an attachment to listen to a message you never actually received. The linked login page looks like Microsoft 365 or Outlook but the URL is misspelled, shortened, or on an unfamiliar domain
What should I do first?
: Do not click any link or open any attachment in unsolicited voicemail notification emails. Verify any supposed voicemail directly inside your official Microsoft / Teams / Outlook account, never via the email link. Report the message to your IT team or the NCSC reporting form, then delete it; if you already entered credentials, change your Microsoft password immediately and enable multi factor authentication
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.