New cybercrime tactic: Call-back phishing

Approximately a 1-minute read

Cybercriminals are at it again – but you can take some important steps to help your personal data and the organization stay safe!

Criminals have been observed using multi-layered tactics to lure victims into believing their contact is legitimate. It’s a type of online attack known as call-back phishing. 

Here’s how it works: 

Initial contact is typically made through email. However, without any malicious attachments or links embedded in the message, the email rarely gets flagged by a company’s IT security system.

The email usually indicates some kind of immediate or urgent problem has occurred, such as a fake notification that your computer has been infected when it actually has not. The key to this type of phishing scam is that the criminal provides a call-back number, directing panicked victims to call immediately.

Once on the phone, cybercriminals employ a variety of social engineering tactics to gain a victim’s trust – and possibly compromise the person’s IT systems and devices by gathering sensitive information and/or remotely installing harmful software.

Please be diligent and play your role in helping keep the organization – and yourself – as safe as possible.

Keep current about current cybersecurity scams and fraud by visiting Safe Computing.