Friday, June 18, 2021

New Subscription Billing Notif Could Be A Phishing Attack



There's a dangerous new phishing attack you should be aware of and alert your employees to right away. A growing trend in the hacking world is to use mixed media, including phone calls with live actors at the other end, posing as "customer support" representatives, and even recorded messages including instructions and attached to emails. This is all done in a bid to lure unsuspecting recipients into downloading malicious files.

In this case, the attack is structured as follows:

A potential victim will get an email informing them that they've been subscribed to a fee-based service. The email instructs them to call a given phone number and speak with a representative who will be happy to help them.

If the recipient calls, the agent, who of course, is part of the hacker's organization, will guide the caller to a website where they can download a file the faux agent claims is necessary to finalize the cancellation. Naturally, the file does no such thing, and is instead, a piece of malware of the attacker's choosing.

The payload can vary and be just about anything. The currently identified campaign is using BazaLoader, which creates a persistent backdoor on Windows-based machines to give the attackers easy access to that device which they can exploit in a variety of ways later on.

 

Call Now

 

While this may seem like a convoluted path for the attackers to take, it can be devastatingly effective. It has the key advantage, from the attackers' point of view, of being extremely difficult to detect and prevent. Most detection routines are file based, and since this type of email doesn't contain an attachment of any kind, it poses tremendous challenges for IT security professionals.

As ever, the best defense and cybersecurity method is education and mindfulness, so be sure your staff is aware.

 

Call SpartanTec, Inc. now and let us help protect your business against phishing attacks and other online threats with our managed IT services.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence