Friday, November 1, 2024
HomeCyber Security NewsBeware Of Callback Phishing Attacks Google Groups That Steal Login Details

Beware Of Callback Phishing Attacks Google Groups That Steal Login Details

Published on

Malware protection

Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware.

The BazarCall scheme employed a text-based phishing email to lure victims into calling a malicious phone number.

The number impersonating Binance falsely claimed a withdrawal of a significant amount of money. 

- Advertisement - SIEM as a Service

However, the sender domain was not legitimate, and Binance does not use a hotline for customer support, which bypasses traditional email security measures.

Join ANY.RUN's FREE webinar on How to Improve Threat Investigations on Oct 23 - Register Here 

Text-based phishing
Text-based phishing

Spammers use text obfuscation to hide their messages from detection. Base64 encoding and invisible characters made the email appear normal while being difficult to parse, highlighting the importance of carefully examining email headers and content to identify phishing attempts.

By embedding malicious content in attachments or images, they bypass spam filters, while image-based spam uses image file extensions to hide text content.

They often use PDF, .txt, and .doc files in phishing emails to trick victims into opening malicious attachments. These attachments can contain fake invoices or other fraudulent information, leading to financial losses or identity theft.

Fake YouTube invoice
Fake YouTube invoice

The phishing attack leverages a legitimate scheduling platform to trick victims into providing personal information disguised as a QuickBooks upgrade notification. The email prompts victims to schedule a meeting with a fake support representative. 

Con artists can obtain the victims’ contact information through the scheduling process and exploit it to launch additional attacks.

QuickBooks phishing
QuickBooks phishing

A Calendly link allows victims to schedule a meeting and enter their contact details, which are used for further scams. The scammer’s Calendly account contains multiple fake QuickBooks events.

Cybercriminals exploit legitimate fintech platforms to send deceptive emails. They use these platforms’ credibility to disguise malicious links and requests, luring victims into providing sensitive information or clicking on malicious links.

Callback sent using Paypal
Callback sent using Paypal

Xero and HoneyBook, cloud-based accounting and project management platforms, are being exploited by fraudsters to send callback phishing emails. 

According to Trustwave, these emails, disguised as legitimate invoices or payment notifications, contain fake contact information and a sense of urgency to induce victims to call a bogus number.

Organizations should regularly train employees to identify and avoid phishing attempts.

These attempts often rely on social engineering tactics, which involve verifying email authenticity, avoiding unsolicited phone calls, and closely monitoring financial accounts for unauthorized activity.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...