Posted in: Information security, Latest News & Views
Security researchers say a new type of spear phishing attack is being used to target companies’ finance staffers with a telephone call.
Cyber criminals are starting to rely less on spreading malware and other broad attacks used to collect sensitive data from individuals and organizations. More often than before, hackers are specifically choosing organizations that have data they want or that can be infiltrated and using so-called “spear phishing” techniques to conduct their attacks.
In those schemes, employees within an organization are typically sent specially crafted emails that attempt to get the recipients to open a malicious link or attachment, or volunteer sensitive data. Often, the scammers do a significant amount of research about an organization to create as plausible a scheme as possible.
Apparently, at least one group of cyber criminals have begun using another tool to conduct their spear phishing attacks: the telephone.
Several organizations have reported being targeted by phishing campaigns in which a call from an attacker was followed up by an email, according to security firm Symantec.
In the attacks, the target — typically someone in the accounting or finance departments — received a phone from one of the criminals, who was posing as another employee in the organizations or someone from one of the company’s partners.
The attacker asks the employee to process an invoice that will arrive soon via email. However, the alleged invoice attached to the email is a piece of malware that then steals information from the company.
According to Symantec, employees are more likely to fall for this time of scam than others because people are more likely to trust someone who makes a phone call, compared to an email receive. And, since processing invoices is something those staffers do regularly, many of them will think nothing of the request.
However, as hackers look for additional ways to get access to companies’ data, it’s important to keep in mind that phone calls are also being used as a way to conduct attacks. Warn your company’s accounting and finance staff about avoid suspicious communications no matter how they’re conducted.
FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.