Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

Enterprises Hit With Social Engineering Scheme That Starts With a Phone Call

Researchers at Symantec have reported a wave of attacks that take an interesting approach to social engineering – a telephone call.

Researchers at Symantec have reported a wave of attacks that take an interesting approach to social engineering – a telephone call.

According to Symantec, the victim will receive a phone call from the attacker who impersonates an employee or business associate of the organization. The caller spoke in French, and asked the victim to process an invoice they were able to receive in an email.

“The email typically contains a malicious link or an attachment, which is actually a variant of W32.Shadesrat, a Remote Access Trojan (RAT),” blogged Symantec’s Security Response Team. “There is evidence to suggest that these attacks began as early as February 2013, however, it was only more recently in April that phone calls were being placed prior to sending the victim the phishing email.”

The attacks are currently targeting only French organizations, but have also included subsidiaries that operate outside of France, the firm found.

Just recently, the Internet Crime Complaint Center (IC3) issued an advisory about phishing attacks targeting consumers that begins with a phone call directing the person to log on to a phishing site. The automated calls claim to be from the victim’s telecommunication carrier. Once on the site, the user is offered what appears to be a billing credit, discount or prize ranging from $300 to $500.

“The phishing site is a replica of one of the telecommunication carrier’s sites and requests the victims’ log-in credentials and the last four digits of their Social Security numbers,” according to the IC3, which is a partnership between the FBI and the National White Collar Crime Center. “Once victims enter their information, they are redirected to the telecommunication carrier’s actual website. The subject then makes changes to the customer’s account.”

In the case of the attacks reported by Symantec, the victims tend to be accountants or employees working within the financial department of the targeted organizations. This may not be too much of a surprise for some. According to Symantec’s latest Internet Security Threat Report, the percentage of targeted attacks focused on chief executive or board level employees fell from 25 percent in 2011 to 17 percent in 2012. The most targeted role belonged to employees in the research and development area, who were hit with 27 percent of attacks as opposed to just nine percent in 2011. The next most targeted group was the sales department, which saw 24 percent of attacks in 2012 compared to 12 percent in 2011.

Since the handling of invoices is something such employees would do on a regular basis, the lure is potentially “quite convincing,” Symantec said.

Advertisement. Scroll to continue reading.

“It appears that the attacker’s motivation here is purely financial,” according to Symantec. “Targeting employees who work with company finances likely provides access to sensitive company account information. These employees may also have the authority to facilitate transactions on behalf of the organization; a valuable target if the attacker gains access to secure certificates that are required for online transactions or confidential bank account information. “

These attacks are continuing to this day and organizations should be aware of these increasingly sophisticated social-engineering attacks, Symantec added.

“The attacker may have limited information, so asking additional questions on a call may help to determine the legitimacy of the request,” the team warned. “Organizations also need to be aware that personally identifiable employee information that exists outside of your enterprise, even in the form of an invoice, can be used against you if a business associate become compromised.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.