Happy New Year 2025 to all our members and visitors! Our Forum is Now Back Online After Some Critical Upgrade- We Apologize for the inaccessibility Period! Thank You all. CORONAVIRUS safety tips from Admin! 1. Watch your hands with running water 2. Dont cough in your hands 3. Keep distance from people 4. Stay indoor if neccessary!! Stay safe !!! Dear Members,Do you know that naijacrux is fully programmed to serve you better, Do you know that you can share your favorite post on naijacrux with friends on twitter,facebook, googleplus,myspace and many more! To share post on naijacrux with friends and family on twitter, facebook,googleplus,myspace,and many more, scroll to the down page of the post, Click on the Social Icon You Want To Share On To Share.


Author Topic: Why It's So Easy to Fall for Callback Phishing Scams (and How to Protect Yourself)  (Read 443 times)

0 Members and 1 Guest are viewing this topic.

Offline Nairaland

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 405
  • Karma: +0/-0
Advertisement
Why It's So Easy to Fall for Callback Phishing Scams (and How to Protect Yourself)

It's easy to believe that you'd never fall for a scam—after all, spam texts about unpaid tolls, package deliveries, and job offers aren't particularly sophisticated and seem like obvious frauds. But bad actors are always looking for ways to fool you, such as with callback phishing scams that impersonate brands you trust.

According to a recent report from Cisco Talos covered by Malwarebytes Labs, consumers are being targeted with malicious emails appearing to be from well-known companies, directing them to call tech support to fix a problem. Here's how and why these scams work—and what to watch out for.

How callback phishing scams work

Callback phishing, or telephone-oriented attack delivery, actually begins with an email. Scammers send messages to potential targets impersonating a well-known company. These fraudulent emails typically contain information about an upcoming purchase or transaction, an account issue, or a technical concern and direct recipients to call the listed phone number to resolve the problem.

Once they have you on the phone, threat actors posing as customer service representatives or tech support will ask for personal information and/or direct you to malicious links or downloads that harvest data or install malware on your device.

This attack works for the same reason as many other phishing scams: It uses social engineering to prey on emotions (like fear) and promotes a sense of urgency to fix a problem, so you're less likely to stop and think critically about what's happening. But the campaign identified by Cisco Talos has a few other elements that make it even easier for threat actors to avoid detection.

First, the initial emails impersonate well-known brands whose products and services are widely used, including Microsoft, Adobe, Norton LifeLock, PayPal, DocuSign, and Geek Squad. Interacting with any of these companies may involve signing into an account, making purchases, viewing and downloading documents, receiving payments, or contacting tech support, so you may not be suspicious if you are asked to resolve a problem with these functions.

The other tactic scammers employ is attaching a PDF to the email that loads automatically when you open the message. The actual email body is blank, but you see a legitimate company logo and text about the supposed issue with a phone number to call. This allows the messages to avoid email security features, which typically scan for text and links. Plus, it doesn't require you to actually open an attachment, which you (hopefully) know is a telltale sign of a phishing scam.

(In some cases, when the PDF loads, it'll include a QR code to scan or a link to click, which directs you to a phishing website, rather than a number to call.)

Callback phishing red flags

As with any scam, communication that seems urgent or provokes fear, confusion, or another strong emotion should give you pause. You should also be skeptical of emails that come with attachments, which you can see even if they load automatically and don't require you to click to download—legitimate companies rarely, if ever, send email attachments.

And, of course, you should never click links or scan QR codes in emails, texts, or social media messages until you have verified the sender and the request by going directly to the company's website and contacting support. Email addresses can be spoofed in pretty sophisticated ways, so seeing is not always believing.


Source: Why It's So Easy to Fall for Callback Phishing Scams (and How to Protect Yourself)


 

 

Once a billionaire, now penniless, US self-made woman billionaire Rise and fall

Started by mastercode

Replies: 0
Views: 2736
Last post June 06, 2016, 12:54:03 AM
by mastercode
9 guaranteed ways to make a Nigeria girl fall and stay in love with you

Started by legendguru

Replies: 0
Views: 4050
Last post May 13, 2016, 12:29:50 AM
by legendguru
Don't Fall for This Fake Email About Your Instagram Account

Started by Nairaland

Replies: 0
Views: 223
Last post August 07, 2025, 10:32:01 AM
by Nairaland
Don’t Fall for These Eight Deceptive Marketing Terms

Started by Nairaland

Replies: 0
Views: 419
Last post May 16, 2025, 07:05:23 AM
by Nairaland
The Four Best YouTube Channels to Help You Fall Asleep

Started by Nairaland

Replies: 0
Views: 75
Last post September 02, 2025, 01:15:07 AM
by Nairaland