There's a dangerous new phishing scam you should be aware of and alert your employees to right away. A growing trend in the hacking world is to use mixed media, including phone calls with live actors at the other end, posing as "customer support" representatives, and even recorded messages including instructions and attached to emails. This is all done in a bid to lure unsuspecting recipients into downloading malicious files.

In this case, the attack is structured as follows:

A potential victim will get an email informing them that they've been subscribed to a fee-based service. The email instructs them to call a given phone number and speak with a representative who will be happy to help them.

If the recipient calls, the agent, who of course, is part of the hacker's organization, will guide the caller to a website where they can download a file the faux agent claims is necessary to finalize the cancellation. Naturally, the file does no such thing, and is instead, a piece of malware of the attacker's choosing.

The payload can vary and be just about anything. The currently identified campaign is using BazaLoader, which creates a persistent backdoor on Windows-based machines to give the attackers easy access to that device which they can exploit in a variety of ways later on.

While this may seem like a convoluted path for the attackers to take, it can be devastatingly effective. It has the key advantage, from the attackers' point of view, of being extremely difficult to detect and prevent. Most detection routines are file based, and since this type of email doesn't contain an attachment of any kind, it poses tremendous challenges for IT security professionals.

As ever, the best defense is education and mindfulness, so be sure your staff is aware.

About the Author

Marty Parker

Marty Parker
Owner & General Manager

Marty is the Owner and General Manager of Heritage Digital. Marty has managed and built high-performing IT teams for over 30 years. He served 13 years in the manufacturing industry and 13 years in corporate-owned healthcare organizations. Before acquiring Heritage Digital, Marty was the Chief Information Officer of Carolinas Hospital System (now MUSC Health Florence Medical Center) in Florence, SC. Marty is passionate about educating and protecting people against cybercriminals.

Used with permission from Article Aggregator