Callback phishing emerged as a hybrid social engineering technique that combines phishing and vishing. The phishing technique used to steal sensitive data or transmit harmful packages via email and vishing.
Malicious attachments cannot always evade security solutions. The sent email does not contain a malicious file or URL in Callback Phishing. Instead of these, a phone number left for the victim to call dramatically reduces the possibility of being considered spam. Victims follow instructions over the phone and get infected with their actions in this process.
How they work ?
Callback Phishing usually starts with an email; threat actors can follow various tactics to attract the victim’s attention. These can be specific issues that have been studied specifically for the victim, or they can be issues that will attract the attention of all kinds of people, like a discount or a heavy debt bill.
Some threat actors are social engineering experts, and their well-crafted phishing emails may not arouse suspicion
In the last years, an APT group, Trickbot (which was taken over by the Conti), ran a campaign called BazarCall to install the backdoor malware BazarLoader. They were connecting their victims to a call center whose number was forwarded via email and then redirecting them to a malicious website to download malware. This campaign, which has attracted attention since March 2021, pioneered the social engineering attack we call Callback Phishing and is now used by many threat actors.
Recommendation For Callback Phishing
- The essential point of protection is detecting malicious email quickly and, if possible, deleting it without opening it.
- If you are unsure of the legitimacy of the incoming mail, you should have it checked by your organization’s IT Department or the appropriate authority.
- Even if the authenticity of the incoming email is not suspected, check the content, and reassess an email that asks you to take urgent action.