As cyber criminals put more effort into sophisticated attacks against specific firms, they are not just using email to get to company’s users. They are also making phone calls.
This is what has been happening recently, specifically in a recent phishing campaigns against European companies, according to security firm Symantec.
Several French companies reported receiving calls from scammers trying to get their employees to open malicious files.
The calls were made to finance and accounting staff in the companies. The scammers claimed to be employees from other departments or business partners and asked the employee to process an “invoice” that was on its way by email.
However, the “invoice” attached to those emails was actually a Remote Access Trojan that, if installed, let the criminals control the victim’s PC.
According to Symantec, this type of scam has a good chance of success. This is because employees process invoices all the time and may think nothing of the request.
In addition users are probably more likely to trust someone who makes a phone call instead of just an email.
However everyone should be aware of this new threat. Hackers are always looking for new ways in which to get in touch with employees including email, social networking and know phone calls.
Any suspicious or unusual communication should be considered and investigated before proceeding with the request for information or action.
Remember it is critical to:
- Avoid opening attachments or URLs (websites) from unknown senders.
- Verify a link’s address before clicking on it.
- Never send any sensitive information in response to an email request.
Local Example of This Type of Scam
Probably related to this is the recent report of phone call scams being made to mobile phone numbers. For example I personally have received dozens of calls from someone “reporting to be from Verizon” on my mobile number. The “caller” leaves a message each time suggesting I return their call for “important information regarding your Verizon account”. These types of calls are almost always from some sort of cyber criminal. If you receive calls of this nature, simply call the “provider in question” using a phone number you previously had on record.