malicious

Article Dean Dorton

Let’s start with the basics: What is ‘callback phishing’?

Callback phishing is a specific type of cyber security email threat. In this type of phishing attack the cyber criminal impersonates a business and claims that a transaction has been made using the recipients information (credit card, bank account numbers, address, etc.). Then, the attacker attempts to entice the recipient to ‘confirm’ the fake transaction by calling a fictional customer support line or by submitting confidential information to validate the transaction. These attacks aim to collect specific, sensitive information from the recipient like credit card numbers and bank account information.

Dean Dorton’s Cyber Security Team has observed callback phishing attacks that impersonate PayPal, McAfee, CrowdStrike, etc., but there are countless companies that could be impersonated in this type of attack and attacks of this nature are on the rise.

Below are two examples of callback phishing attacks:

PayPal Callback Phishing Example:

https://deandorton.com/wp-content/uploads/2022/07/Callback-phishing-image-1.png

CrowdStrike Callback Phishing Example:

https://deandorton.com/wp-content/uploads/2022/07/callback-phishing-example-2.png

Callback phishing emails are unique in the way they often bypass email filters. Since they do not include malicious links or attachments with malware, email filters typically won’t catch them, so it’s important to be able to spot the general warning signs on your own.

Dean Dorton’s Cyber Security Team has a few tips to help you spot this kind of cyber attack:

  1. Review the sender. Ensure that the email is actually from the company it is purporting to be. Even email addresses can be spoofed, so this is not foolproof, but it is a great first step in the investigation process. For example, the PayPal email shown above was sent from a personal Gmail address.
  2. Ask yourself, what does this email want me to do?  If the language in the email is trying to convince you to do something (especially if it insinuates urgency), that is a red flag! In the examples above, the cyber criminal is trying to convince you to ‘callback’, but in other cases, they may try to convience you to click a fraudulent link. Be diligent before clicking any links within emails and do not call phone numbers that you can’t indentify.
  3. If you are sceptical, ask for help. After the intial investigation, you are still not sure, contact your IT team to do some further digging. Remember, causing a false alarm is much better than setting off a real one!

Dean Dorton’s Technology team is here to help. If you have questions about ‘callback phishing’ attacks, or want to discuss how we can help protect your business with cyber security services, contact us today.

 

Cyber Security Services

Jordan Johnson
Cyber Security Consultant
jjohnson@ddaftech.com • 859.425.7659

Article Dean Dorton

Phishing attacks have been occurring for years. You know the story, a threat actor attempts to trick an unsuspecting user into clicking a link or malicious attachment that leads to installing malware or directs them to a malicious domain that could attempt to harvest email credentials, or further penetrate your device. The tactic is still common because unfortunately, it still works. But with the increase of organizations relying on stronger email filtering solutions and better end user awareness training programs, they are not as susceptible to some of these basic attacks. Enter the evolution of more sophisticated and clever tactics.

“But this domain is safe!”

Threat actors are utilizing clever strategies to attempt to bypass even the best email filters. One such strategy is using common, legitimate domains to host a link to their malicious site or attachment. These domains could be Google Drive, ShareFile, OneDrive, Box, Dropbox, Adobe InDesign, etc. On the surface, these services are legitimate and offer users ways to quickly share files amongst one another. This is why most reputation-based scanning used within email filters will not often categorize the initial link as malicious because it is not. The following screenshots provide an excellent example of this in action.

Initial Email Example:

https://deandorton.com/wp-content/uploads/2022/05/1.png

In this example, a threat actor gained unauthorized access to a trusted sender for the recipient. They then sent this email that included a link to open a document. Due to this being a trusted sender, the recipient opened the file because they had no reason to assume that the link was malicious. The link then led to the following:

Ind.adobe.com site hosting the malicous file:

https://deandorton.com/wp-content/uploads/2022/05/2.png

In our example, once the user proceeded to this point, they realized something was off and reported the email to the IT team; however, if they had proceeded on to the next step, they would have received the following:

Malicious Site:

https://deandorton.com/wp-content/uploads/2022/05/3.png

There it is! The true purpose of the email was to try and harvest email credentials. An unsuspecting user could have being successfully phished here and it was all because that initial email was being hosted by a legitimate service. This is not the only variety of these types of emails and certainly will not be the last, so that leaves us with more questions.

So what can we do?

There are few different strategies that can help prevent against phishing attacks:

  1. Never assume that an email is safe just because it came from a trusted sender that you communicate with regularly.  Threat actors are engaging in reply-chain attacks, where they gain unauthorized access to an account and then start replying to emails posing as the hacked user. When in doubt, contact the sender out-of-band (phone call, preferably) to verify the email.
  2. Make end user awareness training a priority. An end user is any organization’s first line of defense! A well-trained staff can bring attacks to a halt. Ensure that your users are provided with regular security training and that they are informed of the latest threats. Ensure that they are trained to review the address bar for any site that is asking them for email credentials. If it’s not a Microsoft (or whatever email system you may be using) domain, then that is a red flag. It is also helpful to periodically test the effectiveness of the training by sending out phishing simulations.
  3. Utilize multi-factor authentication (MFA). In any particular scenario, even if a threat actor was able to harvest email credentials, they would not have be able to perform any actions on objectives if multi-factor was enabled for the account. It is a cybersecurity best practice to ensure that MFA is enabled on all externally-facing systems, email being one of the highest priorities.
  4. Block uncategorized websites in your web filtering solution and/or firewall. Threat actors spin up thousands of domains per day and these are often categorized as, “uncategorized,” where filtering solutions are not sure if they are malicious or not. Blocking these outright could help stop attacks in which the malicious site is uncategorized.

If any of the tips above have given you pause and you would like to know where your security posture stands, please contact Dean Dorton’s team of cybersecurity professionals for assistance.

Jordan Johnson
Cyber Security Consultant
jjohnson@ddaftech.com • 859.425.7659

Article Dean Dorton

Recent news reports have highlighted computer security vulnerabilities being referred to as Meltdown and Spectre. Computer researchers have found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer in existence including workstations, servers, and some mobile devices.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents.

As with most computer vulnerabilities, the best way to stay protected is to keep up to date on security patches for your devices and applications. Because of the pervasiveness of this hardware bug, vendors are still doing research, so some patches are not even available yet. So be extra vigilant with security top of mind and think before you click. In many cases, bad guys get access by tricking you into clicking on a bogus link or document.

Learn more: Meltdownattack.com

If you are interested in learning about user security awareness training and how Dean Dorton can help you, please contact our technology team.