RingCentral Email Scam

A new campaign disseminating thousand of bait emails has been detected. The deceptive messages are designed to appear as if they are coming from RingCentral, a company providing cloud-based communication services. The fraudsters use the name of the legitimate company to try and trick the unsuspecting users into opening a phishing HTML file. All information entered into the file will be packaged and uploaded to a remote server under the control of the con artists.

The bait emails usually have a subject or title that is a variation of 'Incoming NonReadable Voicemail from 306-045-0672.' In the body of the email, these people claim that the user has received a new voice message. They even provide some fake details such as sender, date, length, etc. To hear the non-existent message, users are directed to download and open the attached file. Before it can be opened, however, the HTML file asks users to provide their email account and password. As we said, the phishing file will then collect the user credentials and deliver them to the fraudsters.

There are a variety of ways that the acquired information can then be exploited. The people behind the RingCentral email scam could try to take over other accounts associated with the user that are connected to the already exposed email address. The hijacked social media, messaging, networking, and other accounts could be exploited to proliferate other scams or deliver malware threats. If the scammers manage to access finance-related details, they could try to conduct various online transactions or purchases. 

Users should always exercise caution when dealing with unexpected and rather suspicious email messages. Especially, if the email tries to convince them into downloading a file or clicking on an unverified URL.