Project Hyphae

‘Callback’ Phishing Impersonating Cybersecurity Companies

FRSecure WILL NOT email your end users and ask them to call us back.

Share This Post

In a recent blog post, CrowdStrike revealed a ‘callback’ email phishing campaign that had been observed recently. The tactics, techniques and procedures in play show the attackers impersonating prominent security companies to try and trick potential victims into making a phone call, under the guise that they will be calling a security firm to help assist with an active attack. If that call is made, the recipient of the phishing email will be greeted by a friendly person on the other end that will lead them to a website that will result in the soon-to-be-victim downloading malware, potentially up to and including ransomware.

The urgent nature of cyber breaches can motivate potential victims to move quickly, possibly foregoing normal procedures since they believe they are working directly with a known partner. As with countless other phishing campaigns, the best defense for organizations is a well-educated userbase. Awareness training focused on how to identify and handle phishing attempts has never been more important. Specifically, it is critical for users to understand that phishing attempts can come in many, many forms of human interaction – not just malicious links or attachments within emails.

The full CrowdStrike blog post is available here: https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies

More To Explore

The Teams Call is Coming from Inside the House

Researchers at Vectra stumbled across some genuinely troubling design flaws in Microsoft Teams.  Essentially, Teams stores authentication tokens in plaintext capable of granting access to

When Oktapuses Attack

Group-IB, a Singapore based security and threat research company, identified a multiphase smishing (I really hate that word) campaign complete with MFA capture. The campaign

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.