In a recent blog post, CrowdStrike revealed a ‘callback’ email phishing campaign that had been observed recently. The tactics, techniques and procedures in play show the attackers impersonating prominent security companies to try and trick potential victims into making a phone call, under the guise that they will be calling a security firm to help assist with an active attack. If that call is made, the recipient of the phishing email will be greeted by a friendly person on the other end that will lead them to a website that will result in the soon-to-be-victim downloading malware, potentially up to and including ransomware.
The urgent nature of cyber breaches can motivate potential victims to move quickly, possibly foregoing normal procedures since they believe they are working directly with a known partner. As with countless other phishing campaigns, the best defense for organizations is a well-educated userbase. Awareness training focused on how to identify and handle phishing attempts has never been more important. Specifically, it is critical for users to understand that phishing attempts can come in many, many forms of human interaction – not just malicious links or attachments within emails.
The full CrowdStrike blog post is available here: https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies