Warning regarding fraudulent voicemail emails

Hello all,

We’ve received reports of fraudulent emails about pending voicemail.  These are a very common tactic of criminals to trick people into giving out their usernames and passwords – and are something I wanted to write to you all about.

First off – if you haven’t signed up to receive voicemails in your email then all such messages are fraudulent.  If you have – I want to share some screenshots of legitimate and fraudulent messages so you can see the differences:

The first is an example of a voicemail left by a number from off-campus.  They will often contain a location that the call originated (or appeared to originate) from and the phone number.  I’ve blacked out the full number – but you can see the example here.  A few things to note:

  • There are no links or even message text – just an attachment with a ‘WAV’ file
  • There is no indication that this is an external message
  • The from address shows as “Cisco Unity Connection Messaging System <unityconnection@cuc-pub>” – which is the internal voicemail system.

The second below is from an on-campus number and it shows the name and their extension but is otherwise mostly the same as the off-campus one.  It does have the ‘from’ address – not as an @newpaltz.edu address – but this @cuc-pub domain though (you can disregard the address other than noting it isn’t a real domain).

Below is an example of a fraudulent voicemail.  Each such fraudulent message may look completely different – but they all have:

  • An external message warning
  • An external email address
  • Links – sometimes several (if you hover over the links – you can see that they are not New Paltz addresses).  In this case – it was sent by an almost certainly compromised email address in the United Kingdom – and was going to a SharePoint site (though not New Paltz – one with an address to downehouseschool – a UK boarding school).

Any one of these red flags should be enough to be suspicious – but if you need more – if you were to click on one of these fraudulent links they will bring you to a login page (our voicemail system just sends the voicemail as an audio attachment – no links).

As always – thanks to those who are both reading these messages – and reporting fraudulent/suspicious emails.

Paul Chauvet, CISSP
Information Security Officer