Blog

The Evolution of Callback Phishing Scams

Nov 2, 2022 | Blog

Phishing is one of the oldest forms of cybercrime. It continues to grow and evolve, making it difficult for people to defend themselves.

Callback phishing scams are email campaigns that pose as expensive memberships to confuse recipients who have never signed up for these services.

The email includes a phone number the receiver may call to learn more about this “membership” and cancel it. But doing so opens the door to social engineering assaults that infect victims’ devices with malware and, in some cases, full-blown ransomware attacks.

This type of attack started with what is now known as BazarCall campaigns.

Under the alias “BazarCall,” threat actors started sending emails posing as subscriptions to popular services, along with a phone number to call so they could cancel the purchase.

When a target dialed the number, the threat actors guided them through a series of prompts that ultimately resulted in downloading an Excel file infected with the BazarLoader malware. BazarLoader allowed remote access to compromised devices, which led to ransomware assaults.

The evolution

The social engineering method has changed in recent callback phishing attacks, but the bait is still an invoice from well-known service provider companies.

Once the receiver phones the number provided, they are asked for “verification” invoice data. Next, the scammer says no matching records exist, and the victim’s email was spam.

The fake customer care worker tells the recipient that the spam email may have infected their computer with malware and offers to connect them with a technician. In the final step, the victim is connected to the fake technician to aid with the infection and takes them to a website where they download malware disguised as antivirus software.

In the security software campaigns, the scammers claim that the security package pre-installed on the victim’s laptop has expired and has been automatically renewed. Eventually, the fraudster takes the victim to a malware-dropping canceling and refund gateway.

These tactics convince victims to download malware like BazarLoader, remote access trojans, or other remote access software.

The final step is persuading the victim to access their bank account to get the reimbursement. But the victim is deceived into paying money to the con artist by locking the victim’s screen, starting a transfer-out request, then unlocking the screen when the transaction requires credentials.

After the transaction, the victim is supplied with a fake refund successful page to deceive him into believing that they have received the refund. In addition, in some cases, the threat actors send the victim an SMS stating that the money has been refunded to prevent the victim from noticing any fraud.

Of course, losing money is only one of the issues that infected users may have because the threat actors can launch new, more dangerous malware that will spy on them for a longer period and steal sensitive data.

Overall, callback phishing scams are difficult to defend against because they are constantly evolving. The best defense is to be aware of the signs of a scam, such as unexpected invoices or calls from numbers you don’t recognize. If you suspect you may be a victim of a callback phishing scam, hang up and call your bank or service provider directly to verify any suspicious activity.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech