Callback Phishing Scam Targets Businesses
Table of Contents
- By Steven
- Published: Jul 14, 2022
- Last Updated: Jul 15, 2022
A new callback phishing scam has victimized several digital security firms. Though the scam was limited to security firms, it has the potential to extend to other enterprises spanning several sectors and industries.
How Does the Scam Work?
The scam centers on the manipulation of targeted individuals. The manipulators instruct targets to make phone calls that redirect to harmful links. The links download malware onto the user's computer. The phishing campaign replicates what appears to be legitimate security businesses. The overarching aim of the scam is to trick targets into downloading the malware after an urgent request.
Once the call is made, and the link is clicked, the scam unfolds with the malware mentioned above. The most interesting component of this unique digital attack is that another human being is on the other side of the phone when the initial phone call occurs. On the other end, the human provides the web address for the target to access on a computer or other web-connected device.
Are There Any Other Online Scams Similar to This One?
Indeed, another similar attack was identified by CrowdStrike earlier this year. Rewind to March, and digital miscreants employed a phishing callback campaign to add AteraRMM along with Cobalt Strike to facilitate the spread of malware.
Were Any Companies Impersonated in the Scam?
The digital security researchers digging deep down into the nuances of the scam detailed above have not yet specified whether anyone impersonated other digital security specialists during the attack. A recent blog post exemplified the impersonation of CrowdStrike from the research effort in which a seemingly legitimate message was transmitted by hackers using CrowdStrike's name and logo. The phony email communicates to the target that it emanates from the business's outside security services provider. It explains that unusual activity was identified within that workstation's network. The message insists the target's IT wing has gotten word of the threat, yet user engagement is still necessary to conduct a comprehensive computer audit.
The message then directs the target to reach the customer service number. However, CrowdStrike is a professional organization that would not communicate with customers in such an amateurish manner. Aside from using common sense when receiving supposedly legitimate communication from alleged businesses, customers, employees, and others are advised to implement the industry’s latest digital security protections to safeguard their data, network, and systems. When in doubt, ask an IT specialist before clicking a shady link, contacting a supposed helpline, or even opting for annual employee cyber security training.
What Type of Malware Did Hackers Use in the Attack?
The digital security specialists researching the attack have not yet specified the type of malware used. However, there is suspicion that the malware variant uses RATs, an acronym short for remote administration tools, to obtain access and transition to lateral movement. Businesses can use off-the-shelf penetration testing tools to help search for such lateral activity. Ransomware is then transmitted to perform the extortion.