How to Prevent Callback Phishing Attacks on Your Organization

Hybrid phishing attacks continue to pose a clear and present danger to all organizations. How can these threats be mitigated to reduce their impact? A combination of targeted security tools and a strong cybersecurity culture are the dual approach organizations can use to protect their network from an attack.

According to the cyber intelligence report from Agari, hybrid phishing attacks have increased by 625%. One of the most damaging is callback phishing – also often known as a TOAD (Telephone-Orientated Attack delivery).

First appearing in the wild in March 2021 as BazarCall, the attacks were mounted to install ransomware on corporate networks.

These attacks use two vectors, usually beginning with an email and later followed up by one or more voice calls. First, the threat actor sends what appears to be a legitimate invoice of high value for a service. Next, the recipient is asked to call a number to investigate the charge being made.

Example of Callback phishing email attachment

At this point, the attacker will use more social engineering tactics to gain network access information or install remote access software.

Used as bait, the initial email is often linked to older subscriptions that the recipient may know of but had thought they had cancelled. Connecting these messages to live verification voice calls makes callback phishing so dangerous. The attackers have a direct connection to their intended target, often using bogus calls from technical support that convince their victims to install a ClickOnce executable named ‘support.Client.exe.’

As organizations look toward their post-pandemic future, securing networks, and remote workers who now form a significant percentage of their workforce, is imperative.

What is clear, and as ProofPoint illustrates in their report, is that developing a strong culture of cybersecurity is the most effective defence against personalized attacks, such as callback phishing.

The future of cyberattacks will see phishing attacks proliferate. In addition, hybrid attacks are becoming more common as they use several approaches that are often more successful than single attack vectors.

Security culture

It has often been said that end-users are the weakest link in an organization’s security. Low levels of cybersecurity awareness can be the root cause of successful cyberattacks, especially attacks such as Callback phishing.

Organizations must have a strong culture of security and a first step to strengthening cybersecurity awareness, is setting up training programs specifically for phishing messages that invoke fear or a sense of urgency, unexpected invoices, and requests to establish a phone call or install software.

Additionally, expanding investments in tools designed to detect and prevent anomalous activity, such as installing unrecognised software or exfiltrating sensitive data.

Businesses should, of course, have robust and comprehensive security systems to protect against phishing attacks. Services such as Mimecast and the range of Microsoft Defender options available enable enterprises to raise their cyber threat protection.

Practicing Zero Trust

Taking a Zero Trust approach to cybersecurity has been expanding. This is vital to appreciate as cybersecurity has become as perimeter-less as remote working.

Focusing on data, hosted services, and identities becomes paramount in a Zero Trust environment. Identities are a key emphasis here. Callback phishing is not an attack on the physical network infrastructure, but the end-users accessing these resources – often remotely.

Callback phishing attacks can also be used against service desks. Almost half of organizations do not have secure user verification in place for calls to the service desk, opening up vulnerabilities for targeted attacks.

The Specops Secure Service Desk is a practical example of how a Zero Trust security environment can be effectively managed. Specops Secure Service Desk increases security by enforcing strong authentication methods to verify callers, minimizing the risk for user impersonation.

Specops Secure Service Desk

Service desks must have robust and comprehensive security with access to password resets, user verification, and account unlocking. Desk operators must also have high levels of cybersecurity awareness and make conscious decisions that protects the network and user access.

The working environment has changed out of all recognition – something cybercriminals are all too aware of. Therefore, protecting critical systems from cyberattacks requires a multifaceted approach to security.

Taking a Zero Trust stance is a robust approach, but with attacks such as callback phishing using several channels of attack, protection must also be multi-functional. And never forget that often, with these attacks, a strong and resilient security culture will always be the most effective frontline of defence.

Sponsored and written by Specops Software