Last month, the United States Federal Bureau of Investigation (FBI) released an official advisory about the rise of callback phishing attacks. Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. Typically, if you call the number in a callback phishing email, the cybercriminal will try to trick you into providing sensitive information. The FBI’s recent advisory outlined a new and more dangerous tactic.
In this scam, cybercriminals send an email claiming that you have a pending charge on one of your accounts. If you call the number provided, the cybercriminal will guide you on how to connect with them through a legitimate system management tool. System management tools are often used by IT departments to remotely connect and control your device. Once the legitimate software has been installed, cybercriminals can use it to sneak ransomware onto your device. With ransomware installed, sensitive information can be stolen and used to extort you or your organization.
Stay safe from similar scams by following the tips below:
- Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.
- Consider the context, timing, grammar, and other details of the email or call. For example, does your bank usually ask you to call in?
- Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.