Notification Of New Subscription Billing Could Be A Phishing Attack
There's a dangerous new phishing scam you should be aware of and alert your employees to right away. A growing trend in the hacking world is to use mixed media, including phone calls with live actors at the other end, posing as "customer support" representatives, and even recorded messages including instructions and attached to emails. This is all done in a bid to lure unsuspecting recipients into downloading malicious files.
In this case, the attack is structured as follows:
A potential victim will get an email informing them that they've been subscribed to a fee-based service. The email instructs them to call a given phone number and speak with a representative who will be happy to help them.
If the recipient calls, the agent, who of course, is part of the hacker's organization, will guide the caller to a website where they can download a file the faux agent claims is necessary to finalize the cancellation. Naturally, the file does no such thing, and is instead, a piece of malware of the attacker's choosing.
The payload can vary and be just about anything. The currently identified campaign is using BazaLoader, which creates a persistent backdoor on Windows-based machines to give the attackers easy access to that device which they can exploit in a variety of ways later on.
While this may seem like a convoluted path for the attackers to take, it can be devastatingly effective. It has the key advantage, from the attackers' point of view, of being extremely difficult to detect and prevent. Most detection routines are file based, and since this type of email doesn't contain an attachment of any kind, it poses tremendous challenges for IT security professionals.
As ever, the best defense is education and mindfulness, so be sure your staff is aware.