Cybercriminals masquerade as security companies
The American cybersecurity company CrowdStrike detected a callback phishing campaign that impersonates legitimate security companies.
How does it work? Victims receive an e-mail that says a potential compromise has been found on their network and they should call a phone number to resolve the situation. If victims call, they’ll likely be asked to install malware, which poses as a security update, in their system. While callback phishing is an old scam, the impersonation of a security company adds credibility to the attack.
The callback campaign employs emails that appear to originate from prominent security companies; the message claims the security company identified a potential compromise in the recipient’s network. As with prior callback campaigns, the operators provide a phone number for the recipient to call.