According to a recent study, the most recent variations of phishing attempts are the most hazardous.
The recent discovery by Trellix cybersecurity researchers revealed an advanced callback-style attack that, if executed successfully, deprives victims of their money, locks their systems with ransomware and takes identity (opens in new tab) data.
Callback assaults are precisely what they sound like: the con artists call the victim back and deliver the killing blow over the phone.
This specific campaign begins, as is customary, with an email. The victim gets a confirmation email for a purchase they never made and a phone number they may call to “cancel” the sale.
In most cases, this is where the attack would occur. The attacker would call the victim, get them to download remote access software, and then use that access to install malware, ransomware, or other viruses.
However, this advertisement goes a step further. The person who answers the phone when the victims dial the given number claims to have checked the database and informs them that the email is spam. Then, they imply that the victim’s PC is afflicted with a virus and promise to get in touch with a “technical professional” later in the day.
The victim of the second call is persuaded to download phony antivirus products onto their endpoint, which disseminates the support.Client.exe. The ClickOnce executable installs the ScreenConnect remote access tool.
“The attacker can also show a phony lock screen and prevent the victim from using the system, allowing the attacker to carry out tasks without the victim being aware of them,” added Trellix.
The researchers have also found a few variations of the campaign, one of which distributes fake cancellation documents on which victims are asked to provide their personal information. The victims must sign into their bank accounts to get their reimbursement. They ultimately fall victim to a scheme where they transfer money to fraudsters.
This is done by locking the victim’s screen, starting a transfer-out request, and unlocking the screen once the transaction needs an OTP (Time Password) or a backup password.
“To trick the victim into thinking they have the money, a phony refund success page is also displayed to him. To dissuade the victim from suspecting fraud, the fraudster may also use an SMS to give the victim false money received notification.”