A new scam alert is in town. Hint: Don't just answer any call.

A new scam alert is in town. Hint: Don’t just answer any call. (Source – Shutterstock)

Scam alert: don’t fall for this new attack

  • A new scam alert cyberattack has been registered by security professionals.
  • By merging phone and email tactics, this attack reveals evolving cybercriminal strategies.
  • Once inside the network, the perpetrators mined data from accounting tools, cookies, browsing records, and digital wallets.

For most, the concept of phone scams isn’t new. In these “scam alert” scenarios, perpetrators often masquerade as telemarketers, offering enticing deals on various products and services. Their goal is to extract sensitive banking or credit card details from the unsuspecting victim.

A dive into sophisticated digital treachery

Recent investigations have revealed a new sophisticated scam, blending phone and email communications to infiltrate corporate systems and steal data. In an intriguing twist, the malware was introduced when the scammer persuaded a target to open a unique email. This email contained an image mimicking an Outlook message, leading the individual to download an Electron app linked within the “image spam” email.

Such targeted strategies underscore the growing sophistication of social engineering techniques. It’s evident that these malicious actors are refining their tactics, employing a blend of methods to ensure their nefarious activities go unnoticed.

Sophos X-Ops uncovered the beginnings of this malicious plot, tracing it back to a seemingly harmless phone call. This call, directed at an employee of a Swiss firm, was the precursor to a multi-tiered cyberattack.

Analysts from Sophos noted that this wasn’t a random call. The evidence suggests that the attackers may have meticulously selected their victim, setting in motion a complex trap. Though the scheme was momentarily successful, the alert employee detected something amiss and promptly disconnected their device.

The impersonator, with a tone suggesting he was middle-aged, claimed he was a courier with a pressing delivery for the company. With no-one available at the initial delivery address, he sought a new one at the employee’s workplace, stating that a code, emailed by his firm, would need to be read back to him.

As this conversation was unfolding, an email, allegedly from the courier’s firm, arrived in the employee’s inbox. This email (in French) indicated an attached PDF contained the essential delivery code.

The art of deceptive emailing

Andrew Brandt, a researcher at Sophos, highlighted the novelty of this approach. He pointed out that camouflaging malicious intent with images instead of actual PDFs, was a unique twist. Traditional malware markers, usually associated with real PDF attachments, often raise red flags, so this technique cleverly sidestepped such pitfalls.

Once the attackers gained access, they unleashed malware that rifled through various types of data, from accounting details to cryptocurrency wallets. To mask their tracks, they tethered the compromised system to the Tor network. But their activities didn’t go unnoticed for long. An astute employee detected anomalies and swiftly unplugged the Ethernet cable, limiting the damage the attackers were able to do.

Scam alert: this attack relies on multiple layers of social engineering

This attack relies on multiple layers of social engineering. (Source – Sophos)

Such intricate schemes underscore the lengths to which cybercriminals are willing to go to steal company data. Their tactics continuously evolve, keeping pace with emerging technologies. Although text messages are becoming their preferred modus operandi, phone calls remain a potent tool in their arsenal.

“We teach employees a lot about email safety, but we don’t necessarily teach them how to handle unusual phone calls,” Brandt said. “In this case, the employee reacted quickly and showed great presence of mind; this attack could have had much more serious consequences for the company. It’s important to be wary of unknown callers and check with a business directly if you are unsure about something they are asking you to do.”

If in doubt of a scam alert cyberattack - pull the plug!

If in doubt of a scam alert cyberattack – pull the plug!

Scam alert down under

After the attack on the Swiss firm, Sophos X-Ops identified a similar strategy targeting an Australian enterprise. The entity orchestrating these schemes seems persistently active, with Sophos keeping a vigilant eye on its activities.

An attentive staff member, diligently monitoring system activities, took decisive action, disconnecting the compromised machine from the network. This timely intervention severed the communication link with the perpetrators, halting the attack’s progression.

These meticulously designed attacks often involve multiple culprits. In this case, a direct phone call set the stage, with other accomplices deploying malicious scripts and apps in the background. This blend of phone and digital tactics significantly amplified the efficacy of their deceptive narrative.

Consistent security advice warns against engaging with suspicious email links or attachments. However, this new blend of phone-initiated email threats suggests that individuals must exercise caution even when a phone call precedes an email. In situations where a caller’s identity remains dubious, it’s always prudent to exercise heightened caution.

More scams from more scammers – look alive!