Cyber Criminals Calling Victims Ahead to Augment Spear Phishing Attack

If you’re in sales, you’ve always known that, when possible, it helps to call ahead and let a prospect know that you’ll be sending an email. Well, per a new PCWorld blog, it turns out that cyber criminals have been paying attention to this tactic and are doing the same thing – with alarming success.

In what Symantec is calling a sophisticated Spear Phishing attack, cyber criminals are calling various accounting and finance department employees in targeted French companies — along with their subsidiaries in Romania and Luxembourg — and asking if they can email over an invoice.

The unsuspecting victim on the other end of the phone (who typically deals with numerous invoices a day) agrees to receive the emailed invoice. However, when they open the email they either click a link or download an attachment that contains a variant of the remote access Trojan W32.Shadesrat, which can be used to steal passwords and launch DDoS attacks.

Symantec is noting that while the Spear Phishing attacks appear to have started in February of this year, it wasn’t until April that cyber criminals added a phone call to their malicious toolbox.
As we noted a few weeks ago in our blog on Spear Phishing attacks, cyber criminals typically don’t have to look long and hard for data about their victims. Email address and phone numbers are often available in various websites and directories, or in corporate information such as brochures, white papers, executive reports and more.

In light of this, it’s essential for employees to ensure that phone calls — even seemingly ordinary ones — are legitimate. They need to ask questions, and have a process in place to alert IT Security personnel if they detect a potential hack attempt or any other red flags.