More and more elaborate cyber threats: malware installed with a fake customer support call, 29.8 billion losses recorded

Proofpoint, an American corporate security company, took over a notable increase in call center scams. According to their research, about 60 million Americans, with a collective loss of $ 29.8 billion between 2020 and 2021. They are called “TOAD“-“telephone-oriented attack delivery“ and use telephone fraud combined with e-mail as an attack channel. Proofpoint observed two types of scams: the first is the classic call center fraud with intent to steal money, while the second uses a call center to send hidden malware in the form of a document. The latter is often associated with malware BazaLoader.

Both types are profitable for cybercriminals and cause unsuspecting victims to lose even large sums. The approach usually starts with a deceptive email, where scammers present themselves as company representatives who sell all sorts of products: concert tickets, cybersecurity tools, Covid assistance funds and many others, offering services ranging from software updates to the financial support to the refunds for wrong purchases. The email address is usually an account Gmail, Yahoo or a other free service.

Customer support, refunds and fake receipts: also beware of Amazon and PayPal emails

Victims are invited to contact customer support with a telephone number behind which the malicious call center. This attacks require asignificant interaction with the victim, generally with the receipt-bait of a purchase also linked to companies such as Amazon and PayPal; however, the attack paths can be very different depending on the target. Once the call center is contacted, the consumer is asked to install remote access software cone AnyDesk, Teamvier or Zoho. Under the pretext of offering help, the victim is asked to connect with your bank account in order to obtain a refund or purchase gift vouchers.

Having done this, the scammers connected with the device they blank the screen to change the HTML code of the bank page to show a different amount or try to steal the money directly from the victims.

Cyber ​​threat inventors are increasingly creative in developing “baits”, and often manage to deceive even the most attentive consumers: it is always advisable to pay close attention to the emails and spam calls that you receive, and not to click never on any link in the e-mails if you do not know the recipient and are unsure of the veracity of the content.