Consumers Warned About Rise in Call Center Threats

Consumers have been warned about a significant rise in call center threat activity, in which attackers use email alongside call center customer service agents to scam victims, sometimes out of tens of thousands of dollars.

Telephone-oriented attack delivery (TOAD) usually comes in two forms, according to cybersecurity firm Proofpoint. One uses free, legitimate remote assistance software to steal money, while the other uses malware, such as BazaLoder, disguised as a document to compromise a computer. These techniques begin with an email claiming to be from a legitimate source. The emails contain a phone number for customer assistance, and when the recipient calls the number, they are connected to a malicious call center attendant. The customer service representative will then verbally guide the victim through different types of user interaction, such as downloading a malicious file, allowing them to remotely access their machine or downloading a malicious application for remote access.

Proofpoint said that recent lures have included Justin Bieber ticket sellers, computer security services, COVID-19 relief funds, online retailers promising refunds for mistaken purchases, software updates and financial support.

These attacks can be “life-altering” for victims, with the vendor noting nearly $50,000 was lost in a single case in which the threat actor masqueraded as NortonLifeLock.

The researchers were able to pinpoint many of the attacks as coming from India, with multiple activity clusters occurring in Kolkata, Mumbai and New Delhi. Interestingly, they found many of these malicious call centers are architected like legitimate businesses, with leases being signed on buildings purporting to be telemarketers or other phone-based companies. Additionally, local jobseekers are often recruited to support the operation.

The repor ..

Support the originator by clicking the read the rest link below.