Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

Enterprises Hit With Social Engineering Scheme That Starts With a Phone Call

Researchers at Symantec have reported a wave of attacks that take an interesting approach to social engineering – a telephone call.

Researchers at Symantec have reported a wave of attacks that take an interesting approach to social engineering – a telephone call.

According to Symantec, the victim will receive a phone call from the attacker who impersonates an employee or business associate of the organization. The caller spoke in French, and asked the victim to process an invoice they were able to receive in an email.

“The email typically contains a malicious link or an attachment, which is actually a variant of W32.Shadesrat, a Remote Access Trojan (RAT),” blogged Symantec’s Security Response Team. “There is evidence to suggest that these attacks began as early as February 2013, however, it was only more recently in April that phone calls were being placed prior to sending the victim the phishing email.”

The attacks are currently targeting only French organizations, but have also included subsidiaries that operate outside of France, the firm found.

Just recently, the Internet Crime Complaint Center (IC3) issued an advisory about phishing attacks targeting consumers that begins with a phone call directing the person to log on to a phishing site. The automated calls claim to be from the victim’s telecommunication carrier. Once on the site, the user is offered what appears to be a billing credit, discount or prize ranging from $300 to $500.

“The phishing site is a replica of one of the telecommunication carrier’s sites and requests the victims’ log-in credentials and the last four digits of their Social Security numbers,” according to the IC3, which is a partnership between the FBI and the National White Collar Crime Center. “Once victims enter their information, they are redirected to the telecommunication carrier’s actual website. The subject then makes changes to the customer’s account.”

In the case of the attacks reported by Symantec, the victims tend to be accountants or employees working within the financial department of the targeted organizations. This may not be too much of a surprise for some. According to Symantec’s latest Internet Security Threat Report, the percentage of targeted attacks focused on chief executive or board level employees fell from 25 percent in 2011 to 17 percent in 2012. The most targeted role belonged to employees in the research and development area, who were hit with 27 percent of attacks as opposed to just nine percent in 2011. The next most targeted group was the sales department, which saw 24 percent of attacks in 2012 compared to 12 percent in 2011.

Since the handling of invoices is something such employees would do on a regular basis, the lure is potentially “quite convincing,” Symantec said.

Advertisement. Scroll to continue reading.

“It appears that the attacker’s motivation here is purely financial,” according to Symantec. “Targeting employees who work with company finances likely provides access to sensitive company account information. These employees may also have the authority to facilitate transactions on behalf of the organization; a valuable target if the attacker gains access to secure certificates that are required for online transactions or confidential bank account information. “

These attacks are continuing to this day and organizations should be aware of these increasingly sophisticated social-engineering attacks, Symantec added.

“The attacker may have limited information, so asking additional questions on a call may help to determine the legitimacy of the request,” the team warned. “Organizations also need to be aware that personally identifiable employee information that exists outside of your enterprise, even in the form of an invoice, can be used against you if a business associate become compromised.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Phishing

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Cybercrime

Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Phishing

The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...