The voicemail scam.
Fake voicemail notifications are a growing phishing channel. The attached audio file isn't audio — it's malware in disguise.
You have a new voicemail." It's one of the most common subject lines in phishing — because business inboxes are full of real voicemail notifications from Teams, RingCentral, Zoom Phone, and traditional PBXes. Attackers know exactly how to mimic them.
Why this specific scam is sneaky
Real voicemail notifications often include a transcript preview, a play button, and an attachment or a link to listen. Attackers replicate all of that. When you click the 'play' button or the attachment, you either land on a credential-harvesting page or download malware disguised as an audio file.
The variants
“A "RingCentral voicemail" email with a transcript snippet and an MP3 attachment.”
Red flag: The 'MP3' was actually an executable with a double extension (voicemail.mp3.exe). Hidden by default on Windows.
“A fake "Microsoft Teams voicemail" notification with a "Play message" link.”
Red flag: Link pointed to a Microsoft login clone. The attacker harvested credentials and MFA codes in real time.
How to check voicemails safely
Don't trust the email. Go directly to the voicemail source — the Teams app, the RingCentral portal, your actual phone. If a voicemail is real, it'll be there waiting. If it's not, you've just dodged a phishing attempt without having to spot it from the email alone.
Hide those file extensions.
Turn on 'show file extensions' in Windows so staff can see voicemail.mp3.exe for what it is. We can do it across your team with a group policy.
- 1Check voicemails from inside the platform (Teams, RingCentral, phone app) — not from email.
- 2Turn on 'Show file extensions' in Windows to catch double-extension tricks.
- 3Block executable attachments from external senders via mail flow rules in M365 or Google Workspace.
- 4Train staff to verify voicemail notifications by checking the platform directly.
- 5Forward suspicious voicemail emails to threats@networkbrainiacs.com.
Want help securing your business?
Schedule a quick security review with our team. 15 minutes, no sales pressure — walk away knowing exactly where your gaps are.
Schedule a quick security reviewKeep reading
Verify before you wire.
Wire fraud is the fastest-growing financial attack on small businesses. The fix is a 90-second phone call before the money moves.
ReadTip #8 · Social engineeringThe fake CEO email.
Gift cards, wire changes, W-2 forms, payroll routing — all the classic CEO-impersonation scams. One callback habit kills every variant.
Read