Phishing attacks trick individuals into revealing sensitive info by impersonating trusted entities, often through urgent emails with malicious links or attachments. Trustwave analysts recently warned of Callback Phishing attacks using Google Groups to steal login details.
Callback Phishing
Trustwave SpiderLabs reported a 140% increase in callback phishing attacks (also known as Telephone-Oriented Attack Delivery or TOAD) from July to September. These attacks have evolved from an earlier fake order spam scheme using Google Groups.
This hybrid cyberattack combines traditional email phishing with social engineering via phone calls, using various tactics. It starts with phishing emails that use text obfuscation (like base64 encoding and invisible characters), image-based spam (such as GIF files), or document lures (like PDFs, TXT, and DOC files) to impersonate legitimate brands.
These emails urge victims to call numbers about fake invoices or account terminations and often bypass text-based spam filters. The attack uses three main vectors:
- Vishing to steal PII and banking credentials
- Malware deployment (e.g., BazarCall distributing BazarLoader)
- Remote access exploitation (seen in Luna Moth campaigns)
The scheme’s effectiveness comes from its dual-channel approach, using real-time social manipulation through phone calls, minimizing digital footprints, and leveraging legitimate services like Calendly to schedule fraudulent calls. This makes detection and prevention challenging for traditional security measures.
Financial platforms are facing sophisticated breaches where attackers exploit services like PayPal and QuickBooks through callback phishing. They use real email authentication protocols to bypass security, sending fraudulent payment requests to dummy addresses before forwarding them to victims.
These deceptive emails feature legitimate “From” addresses and authentic links but may have red flags like suspicious payment notes, mismatched “To” addresses with new domains, and fake customer service numbers.
This attack vector is effective because it blends social engineering with technical legitimacy, allowing emails to bypass security filters by appearing to come from trusted financial platforms. They use urgency triggers like overdue payments to manipulate victims into calling fake support numbers.
This shows a sophisticated evolution of TOAD, exploiting trust in established financial platforms while maintaining the human manipulation aspect of traditional phishing.
To mitigate the risks associated with this sophisticated attack vector, consider implementing the following recommendations:
- Educate Employees: Train staff to recognize phishing tactics, including urgency triggers and fraudulent communication.
- Verify Requests: Encourage employees to verify unexpected requests for sensitive information or payment changes through official channels.
- Implement Strong Authentication: Use multi-factor authentication (MFA) for all financial accounts to add an extra layer of security.
- Monitor Communications: Regularly review and monitor communication channels for unusual activity or messages that bypass security filters.
- Use Advanced Email Filtering: Employ email filtering solutions that analyze not just the sender but also the content and context of messages.
- Report and Respond: Establish a clear process for reporting suspicious emails or calls and responding to potential threats quickly.
Leave A Comment