‘Callback’ Phishing Campaign Imitates Security Companies


A new callback phishing campaign is attempting to deceive potential victims into making a phone call that will urge them to download malware by posing as well-known security firms.

According to a recent blog post by CrowdStrike Intelligence, researchers found the effort because CrowdStrike is actually one of the security organizations that is being impersonated, along with other impostor corporations. In order to trick a victim into responding urgently, the campaign uses a standard phishing email. In this instance, it implies that the recipient’s firm has been compromised and demands that they call a phone number provided in the message, according to researchers.

They claimed that when a target contacts the number, they are connected to someone who takes them to a website that has malicious intent.

Read More: https://threatpost.com/callback-phishing-security-firms/180182/