The past few weeks have seen an uptick in callback phishing campaigns impersonating prominent security companies. In these phishing campaigns, cybercriminals’ goal is to try and trick their potential victims into making a phone call. Victims who fall for the phishing campaign and make the call are instructed to download malware.
In one of the most recent callback campaigns, cybercriminals are impersonating CrowdStrike, one of the largest cybersecurity companies, warning their potential victims that malicious network intruders have compromised their workstations. The phishing email ends with a call to action that tries to convince its potential victims that their systems need an audit.
If a victim falls for such a phishing email, they are then instructed to make a phone call where they will receive instructions on solving the issue. When a phone call is made, a ‘friendly person’ is always on the other side pretending to help. They start by giving their potential victims a website. However, the web address given helps the cybercriminals launch an attack by downloading malicious software into the computers of their potential victims.
How Callback Emails Are Phrased
The callback phishing campaigns are focused on social engineering. In one of the emails seen by researchers, cybercriminals started by pointing out that they had identified a problem with a segment of the network. They also indicated that they had contacted network administrators of the said institutions.
However, as the email progresses, their plans start to get executed. They start by convincing their victims to give them access to their workstations. To achieve this, they indicate that they have consulted with the victim’s information security department, which has given a green light for full access to the system.
The email also points to agreements between the victim’s workplace and the cybersecurity firm that is being used for phishing. This is done to ensure that no suspension is raised. As the email progresses, they emphasize the urgency of the email and then leave a phone number that their potential victims can use to contact them.
Ransomware Attacks as a Result of Callback Phishing
According to a report released by CrowdStrike, they assessed the callback phishing attacks as having the potential to launch ransomware in a bid to monetize their operations. They pointed out that in 2021, a similar callback campaign, the BazarCall campaigns, would result in computer systems being infected with the Conti ransomware.
The BazarCall campaign was the first known widespread callback campaign that resulted in ransomware attacks. There is a high likelihood that we will see a surge in these types of attacks in the coming months.
How Veterinary Practices Can Prevent Callback Phishing Attacks
Callback phishing attempts may sound impossible to pull off, but recent adoption by many cybercriminals indicates such attacks are succeeding. Part of the reason why such is the case is due to their target victims. For instance, in a veterinary practice setting, cybercriminals will look for staff who are not technologically savvy and target them with phishing. In most cases, victims are convinced that their workstation is infected and that they need to install additional software during the call. After installation, cybercriminals are able to move laterally through the network and launch a practice-wide ransomware attack. To avoid this, practice owners should consider implementing the cybersecurity strategies listed below.
- Training staff: The callback phishing scams are dependent on people’s ignorance for them to succeed. Therefore, it is important for a veterinary practice to emphasize the need to know how to respond to emails. If your staff are not well trained, there is a high likelihood that, once targeted, they may fall victim to such attacks which lead to your practice getting compromised.
- Access control on your network: Ensure that your network has access control. This will prevent cyber criminals from moving laterally in your network in case some of your staff fall victim to cybercrime.
- Install Antivirus/Anti-Malware: Failing to have an antivirus/anti-malware on your system can result in ransomware attacks once cybercriminals gain access to your systems through callback phishing campaigns.
- Cybersecurity verification policy: Ensure that all your staff follows a cybersecurity policy that ensures they verify all emails before responding, downloading its content, and making a phone call for a follow-up. This will help in avoiding all types of phishing attacks including callback phishing.
- Never open suspicious email: In most of these callback phishing emails, it is very easy to tell, because they are guessing whether you use a given IT service provider. In most cases, cybercriminals get the details wrong. Therefore, in such cases, you should not bother opening the email if you do not recognize the senders.
Need help protecting your veterinary hospital from cyber crime?
Start by downloading our FREE eBook “5 Simple Steps to Protecting Your Hospital“. It includes all the basics to shore up your cyber security for little to no cost!
Clint Latham