Even though you might not be familiar with “callback phishing” scams, there’s a good chance that one will hit your email inbox soon.
Callback phishing is like ordinary phishing in that it begins with an unexpected email with an urgent subject line. But whereas typical phishing scams try to hook the user into clicking on a dangerous link or visiting a malicious website, the callback phishing email has a phone number for the user to call.
In one common variation, the user gets an email purportedly from PayPal suggesting a pending charge on the user’s PayPal account. If the charge is unauthorized, the user is instructed to call a toll-free telephone number, which is displayed prominently in the body of the email. In a second twist, the user receives a fake McAfee email saying their antivirus software subscription will be automatically renewed for a stated price unless the user calls a toll-free number – again, displayed prominently – to dispute the charge.
“The phishing message is begging the user to call,” says Knowbe4 cyber-defense expert Roger Grimes. “When the user calls, they are normally sent to an overseas call center. Oftentimes, the call center person is handling so many callback scams that they do not know which scam the potential victim has been sent and they will ask for more details so they can familiarize themselves with the particular version of the callback scam that the user received.”
How would you rate your general wellbeing? On most days, do you feel healthy, happy and capable? Or hurried, harried and worn out? Find out on Thursday, December 14 at 12 noon CT for our free, one-hour CLE webinar: “Take Control of Your Well-being.” This is the fourth annual installment of our popular Lawyer Wellness webinar. Back by popular demand as presenter is the sensational Colleen Byers, JD, a seasoned litigator, mediator, legal educator, certified yoga instructor, and 2020 North Carolina Lawyer of the Year. Colleen’s tips and encouragement will help you finish 2023 strong and start 2024 off right! Register here for “Take Control of Your Well-being.” Free! Just one of many benefits available to members of the Alta Pro Lawyers Risk Purchasing Group (RPG). Learn more here.
4 Things to Know About Callback Phishing
- From Knowbe4’s Roger Grimes: “As with typical callback scams, the hacker wants to induce the user into installing new software. In the past, the software might have been a custom backdoor or trojan horse program. These days, the installed program is likely to be a legitimate (or semi-legitimate) remote access program that legitimate admins and users might use to manage computers they are authorized to use. But in the callback scams, the legitimate software is used so that the remote attacker can install more malicious programs, scripts and watch the user’s screen.”
- Callback phishing scams are prevalent because they bypass many spam email filters. There is no link to click on, just an unclickable image. “If you want your anti-phishing content filter to be able to read the text on a picture file, it should have Optical Character Recognition (OCR) capabilities,” writes Grimes.
- Anti-phishing filters can’t read the phone number and determine if it is malicious.
- Educate your team about callback phishing. Share this blogpost at your next staff meeting.
- Beware any email that contains a single image.
Did you know Alta Pro RPG now offers Lawyers Professional Liability coverage in 15 states: Arizona, Colorado, Georgia, Iowa, Illinois, Indiana, Kentucky, Michigan, Minnesota, North Carolina, Ohio, South Carolina, Tennessee, Texas or Wisconsin? Membership in the Alta Pro Lawyers Risk Purchasing Group (RPG) brings you free, cutting-edge CLE webinars featuring top experts tackling timely topics; the Pro Practice Playbook; the Pro Practice Blog; Reminger’s ProLink risk management assistance; Reminger’s Claim Repair Hotline; discounts on CLIO practice management software; tax savings on health insurance; and access to the Risk Pro, to keep your firm safe and successful. Click here to learn more about Alta Pro RPG benefits.