Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    New Research: 140% Increase in Callback Phishing

    Researchers at Trustwave observed a 140% increase in callback phishing attacks between July and September 2024.

    Callback phishing is a social engineering tactic that involves emails and phone calls to trick users into handing over login credentials or other sensitive data or installing malware.

    The attacks begin with a phishing email that appears to be a notification for something that needs to be addressed urgently, such as an order invoice or an account termination notice.

    The emails contain a phone number that the user can call to resolve the issue. If a user calls this number, the scammer will pose as a customer service agent in order to achieve one or more of the following goals:

    1. “Vishing: Attackers will interrogate the victim for their personally identifiable information (PII), banking credentials, and other relevant details
    2. Malware Download and Infection: In some campaigns including BazarCall, victims are instructed to visit a website that will directly download malware, such as a document with malicious macros. Attackers will guide them through the installation process. The infected machine is used for stealing information, reconnaissance, and installing follow-up malware
    3. Remote Access Control: To settle the issue, the attackers will instruct the victim to download a remote administration tool and invite them to a meeting session. Once the victim is connected, attackers will take control of their machine via remote access. In some campaigns, such as Luna Moth, attackers blank out the screen to hide their actions. They will then proceed to steal information or install another malware for further exploitation”

    The researchers note that getting the victim on the phone gives the scammer more control over the situation than simply communicating via email.

    “A phone call provides real-time and dynamic communication between the victim and fraudsters. In a direct conversation, attackers can continue to manipulate and dispel hesitations,” Trustwave says. “The attacker often emphasizes the urgency of the matter, which might influence the victim into making a rash decision, such as divulging sensitive information.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Trustwave has the story.


    Will your users respond to phishing emails?

    KnowBe4’s Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

    Here’s how it works:

    • Immediately start your test with your choice of three phishing email reply scenarios
    • Spoof a Sender’s name and email address your users know and trust
    • Phishes for user replies and returns the results to you within minutes
    • Get a PDF emailed to you within 24 hours with the percentage of users that replied

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-reply-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top