Microsoft is warning users of a new type of phishing attack that involves a call centre to help you download malware. Using a call centre to help victims install the malware is one of the unique features of this type of malware.
The criminal group, BazarCall, is using the call centres to infect PCs with their malware BazarLoader. The malware is designed to give the cyber criminals a backdoor to send more malware, scan the network environment and exploit unpatched vulnerabilities. The group also uses the Cobalt Strike pen testing kit to steal credentials and the Active Directory database. The Active Directory database contains an organization’s identity and credential information, making it a big score for cyber criminals.
This attack works well as the phishing email advises the victim that a trial subscription has expired and that they will be automatically charged a monthly fee unless they call a number to cancel the trial. Microsoft Security Intelligence explains the scam as follows: “When recipients call the number, a fraudulent call center operated by the attackers instruct them to visit a website and download an Excel file in order to cancel the service. The Excel file contains a malicious macro that downloads the payload.”
To help you and your staff avoid falling victim to this type of attack, here are some things you need to consider before calling that call centre number:
- Have you actually started a trail subscription for the service the email says it is coming from?
- If you do actually have a subscription, does this email look correct? Do the contact details match those from the original subscription details?
- If you do call a number and request to cancel your service, why do you need to download anything?
Asking yourself these questions ahead of time can save you and your business a lot of headaches down the road. Take the time to think about the request rather than react emotionally. If you’ve never started a trail subscription, odds are the email is fake. If you are cancelling a service, you don’t need to download anything. If a call centre operator insists you need to, ask why and hang up.
Need help securing Office 365? Uzado can help. Contact us today.