Researchers have discovered a new evolution in call-back phishing campaigns. Call-back phishing involves tricking victims into calling a fraudulent call center, where they are then tricked into downloading malware. This gives hackers remote access to their PC.
The attackers exploit the fact that most people do not check email headers to determine if an email is legitimate. They send phishing emails from services that victims use, providing a compelling reason to call a support number.
The latest attacks are even more convincing because they exploit Google Forms. Attackers create a bogus statement in Google Forms and change the settings to automatically send a copy to any email address entered. They then invite themselves to complete the form and enter the victim’s email address. This way, the victim receives the statement and is prompted to call a number to dispute charges.
Using Google Forms helps attackers make the emails look more legitimate as they are sent from the google.com domain. This reduces the likelihood of interception by email-filtering solutions.
Businesses and individuals need to be cautious when calling customer support call centers. It is important to verify the legitimacy of the support center to avoid falling victim to call-back phishing attacks.
– Call-back phishing involves tricking victims into calling a fraudulent call center and downloading malware.
– Attackers exploit the fact that most people do not check email headers to determine if an email is legitimate.
– The latest attacks use Google Forms to make phishing emails more convincing and legitimate-looking.
– Using Google Forms helps attackers bypass email-filtering solutions.
– It is crucial for businesses and individuals to verify the legitimacy of support centers before making calls.