Technology Top Stories
GBO_Phishing

The sophisticated phishing scams: All you need to know

Phishing attacks are precisely what they sound like: the con artists call the victim back and deliver the killing blow over the phone

According to a recent study, the most recent variations of phishing attempts are the most hazardous.

The recent discovery by Trellix cybersecurity researchers revealed an advanced callback-style attack that, if executed successfully, deprives victims of their money, locks their systems with ransomware and takes identity (opens in new tab) data.

Callback assaults are precisely what they sound like: the con artists call the victim back and deliver the killing blow over the phone.

This specific campaign begins, as is customary, with an email. The victim gets a confirmation email for a purchase they never made and a phone number they may call to “cancel” the sale.

In most cases, this is where the attack would occur. The attacker would call the victim, get them to download remote access software, and then use that access to install malware, ransomware, or other viruses.

However, this advertisement goes a step further. The person who answers the phone when the victims dial the given number claims to have checked the database and informs them that the email is spam. Then, they imply that the victim’s PC is afflicted with a virus and promise to get in touch with a “technical professional” later in the day.

The victim of the second call is persuaded to download phony antivirus products onto their endpoint, which disseminates the support.Client.exe. The ClickOnce executable installs the ScreenConnect remote access tool.

“The attacker can also show a phony lock screen and prevent the victim from using the system, allowing the attacker to carry out tasks without the victim being aware of them,” added Trellix.

The researchers have also found a few variations of the campaign, one of which distributes fake cancellation documents on which victims are asked to provide their personal information. The victims must sign into their bank accounts to get their reimbursement. They ultimately fall victim to a scheme where they transfer money to fraudsters.

This is done by locking the victim’s screen, starting a transfer-out request, and unlocking the screen once the transaction needs an OTP (Time Password) or a backup password.

“To trick the victim into thinking they have the money, a phony refund success page is also displayed to him. To dissuade the victim from suspecting fraud, the fraudster may also use an SMS to give the victim false money received notification.”

Related posts

UK Credit card borrowing rises at its fastest in 17 years

GBO Correspondent

How Taiwan used low-tech solutions to keep COVID in check

GBO Correspondent

Indonesian investment platform Ajaib raises $153 mn to expand its product development and engineering capabilities

GBO Correspondent