Criminals are now posing as security companies to trick you into installing malware
If a cybersecurity company tells you to call them, it’s probably a scam
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybercriminals are impersonating cybersecurity companies to try and lure victims into downloading compromising programs.
An investigation by Crowdstrike, one of the cybersecurity companiesimpersonatedin the campaign, uncovered a “callback phishing” campaign in which threat actors are reaching out to various companies via email, telling them theirendpointsare compromised, and urging them to call the company back for further instructions on how to eliminate the threat.
Theemailalso carries the phone number that the victims should call, and as you might imagine, it doesn’t belong to the actual company, but rather to the attackers.
Legitimate software and nefarious goals
If the victim falls for the scam and actually calls the number in the email address, the person on the other end of the line will try and persuade them into downloading “common legitimate remote administration tool (RATs),” which would give them access to the target network. Furthermore, they’d try and get the victim to install off-the-shelf penetration testing tools, such as Cobalt Strike, to allow for lateral movement.
Following the successful breach and lateral movement, the attackers will look to deploy ransomware, although Crowdstrike could not say exactly which ransomware variant they use.
One of the reasons why such a campaign could be relatively successful is the fact that the emails carry no links, or attachments. As such, it is possible foremail securitysolutions, as well as antivirus programs, not to detect these emails as malicious, and release them to the target’s inbox.
These are the best firewalls right now>Black Friday scammers are turning to low-tech phone scams>Hackers are targeting your smartphone like never before
What’s more, giving cyberattackers your phone number also opens up an additional avenue for attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
It’s not exactly a new strategy. Cybercriminals have been using this approach for months now, as email security systems grew more sophisticated and better at spotting malicious actors.
Around Black Friday 2021, scammers were also found to be impersonating big brands such asAmazon, Target, and Walmart, attempting to get victims to call them.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report
