Call centers are increasingly being used by scammers to execute cyberattacks and infect their victims with malware, according to experts.
According to a new study published by Proofpoint, researchers at the firm’s security team have seen an increase in attacks that rely on consumers to contact scammers directly and begin the conversation after receiving an email with their phone number.
In a web-based phishing campaign, however, there are two distinct varieties.
One uses free remote assistance software to steal money, while the other, which is frequently linked with BazaCall, employs the BazaLoader malware disguised as a document to gain access on a user’s computer and access their online accounts.
He’s faking it.
In the most recent attacks, threat actors have begun impersonating representatives from Justin Bieber ticket sellers, computer security firms, Covid-19 relief funds, or online vendors and threatening recipients with refunds for mistaken purchases, software upgrades, or financial assistance.
These emails contain a phone number for customer service but when a victim calls it to resolve any problems they may be connected with a malicious call center agent who begins the assault.
This clever new fraud strategy is that scammers may use it to bypass some automated threat detection systems, which are only able to flag dangerous links or attachments sent in emails if the targets call themselves.
Lures targeted towards call centers
A financially motivated phone-oriented attack delivery (TOAD) threat, which appeared to be a PayPal invoice from a weapons maker in the United States, was discovered by a Proofpoint specialist recently.
The researcher was told to download AnyDesk and log into his bank account after answering the phone on the invoice. With Justin Bieber’s 2022 Justice World Tour set to premiere in February of next year, Proofpoint claims it has seen the Canadian singer being utilized as bait with BazaCall threats quite frequently.
When the scammers called the real number on a phony ticket invoice, they put the researcher on hold while Bieber’s music played in the background.
The scammer said that someone had made an error and placed an order on the researcher’s credit card, which could be fixed by going to ziddat[.]com/code.exe and requesting a refund.
On visiting the site, BazaLoader malware was downloaded successfully to the researcher’s virtual machine.
Call center-based email scams are particularly dangerous since the scammers who create them don’t target people based on demographics, occupations, or location but instead acquire their contact information from legitimate data brokerages or other telemarketer services.
NortonLifeLock is one of the names used by the threat actor in an attempt to deceive victims into thinking he was a representative of Norton antivirus software.
Call center-based email threats frequently imitate a variety of famous companies, including Norton, MacAfee, eBay, GeekSquad, Santander Bank, Amazon, Symantec, and others.
Users should be wary while checking their emails and avoiding calling the phone numbers mentioned in any suspicious emails, especially for things they didn’t buy.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover