"'Callback' Phishing Campaign Impersonates Security Firms"

A new callback phishing campaign impersonates well-known security firms in order to trick potential victims into making a phone call that will instruct them to download malware. CrowdStrike Intelligence researchers discovered the campaign because CrowdStrike is one of the companies being impersonated, along with other security firms. According to the researchers, the campaign uses a standard phishing email to trick a victim into responding with urgency. In this case, the email implies that the recipient's company has been breached and insists that they call a phone number included in the message. When a target calls the number, they are connected to someone who directs them to a malicious website. Callback campaign operators have traditionally attempted to persuade victims to install commercial Remote Access Trojan (RAT) software in order to gain an initial foothold on the network. The new campaign is similar to the BazarCall campaign discovered last year by the Wizard Spider threat group. That campaign used a similar tactic to try to get people to call to opt out of renewing an online service that the recipient was allegedly using at the time. If people called the number, a person on the other end would provide them with a website address where the soon-to-be victim could unsubscribe from the service. That website, however, led them to a malicious download. This article continues to discuss the new callback phishing campaign, the potential to spread ransomware through the operation, and other similar campaigns. 

Threatpost reports "'Callback' Phishing Campaign Impersonates Security Firms"