Document Delivery Scams Use Legal‑Sounding Voicemails to Harvest Personal Data
What Happened — Scammers are leaving voicemail messages that claim to be from a “document delivery service” and threaten legal action unless the recipient calls a toll‑free number. The call is designed to scare victims into providing personal or payment information. Reported losses range from $100 to $500.
Why It Matters for Compliance & Audit Readiness —
- The scenario mirrors a classic phishing/social‑engineering attack that tests the effectiveness of your Security Awareness Training program, a core SOC 2 CC6.1 control.
- Documented training completion and simulated‑phishing results provide audit‑ready evidence that your organization mitigates credential‑theft risk.
- Continuous monitoring of user‑reporting metrics helps demonstrate due diligence during a SOC 2 audit.
Who Is Affected — Consumers and employees across all sectors; particularly high‑risk groups such as legal, finance, and healthcare professionals who are often targeted for personal data.
Recommended Actions —
- Update your security awareness curriculum with examples of “document delivery” scams and conduct a phishing simulation that mimics the voicemail script.
- Enforce a policy that all requests for personal or payment information must be verified through an independent channel.
- Log and review any reported suspicious calls as part of your incident‑response evidence collection. Source: https://www.malwarebytes.com/blog/scams/2026/06/document-delivery-scams-what-are-they-and-whats-their-goal
Technical Notes — Attack vector: phone‑based social engineering (voice phishing). No CVEs; the scam leverages caller‑ID spoofing and legal‑jargon to create urgency. Data sought includes name, address, and payment details. Source: https://www.malwarebytes.com/blog/scams/2026/06/document-delivery-scams-what-are-they-and-whats-their-goal