Attackers have been pounding employee inboxes at companies that still use private branch eXchange (PBX) telephone systems. Messages pretended to be voicemail notifications from PBX integrations and featured custom subject lines to pass a superficial legitimacy test. Threat actors are particularly active in this period, as they prey on employees forced to work from home. IronScales says that the attackers were likely after login data that would provide access to various services with personally identifiable information or business details. Apart from training employees to correctly identify a phishing email, companies should rely on adequate defenses.
Source: https://www.bleepingcomputer.com/news/security/100-000-company-inboxes-hit-with-voice-message-phishing/