Cybersecurity threats come in many varieties. Cybercriminals are simultaneously becoming more sophisticated in how they deploy and distribute their attacks. A recent rising popular tactic is "callback phishing."
The goal of a successful callback phishing attempt is to install ransomware on a target user’s device or gain access to private systems. With proper cyber training, you can help your organization defend against these cyberattacks and mitigate the risk they present.
Callback phishing tricks employees into divulging sensitive information, such as usernames and passwords. It involves the use of a phishing email or text, also known as smishing, that looks legitimate but contains a link to a malicious website. This method pushes faux food order delivery themes and other target user tactics. When the employee clicks on the link, they are directed to a page that looks like a legitimate login page. The employee then enters their credentials thinking they are confirming where to deliver a food order or obtain a refund for a missed delivery, for example. Instead of submitting these to a legitimate source, the cybercriminals are the ones who receive the information, giving them authentication credentials to the target’s real account or allowing them to gain access to the organization's systems and data.
Ransomware is a popular option for cybercriminal circles to push out. Ransomware is a type of malware designed to encrypt the victim's data, rendering it unusable. By holding the information, or even usage of systems, captive, cybercriminals can hold the target organization at ransom, demanding a ransom payment in exchange for the decryption key to restore things to normal. If the organization refuses to pay, the cybercriminals may threaten to release sensitive data or sell it on the dark web to inflict further damage.
The City of Dallas was a recent victim of a ransomware attack. The attack was carried out by the Royal group’s ransomware. The attack impacted the city's IT services, causing disruptions to several city departments, including the 911 call center and court system.
The attack was believed to have originated from a phishing email sent to a city employee. The email contained a link to a malicious website that looked like a legitimate login page for the city's email system. When the employee entered their credentials, the cybercriminals gained access to the city's systems and data. This is a common method of phishing asking the user to confirm or “callback” to gain access to trusted or known, often used, systems.
The attack caused significant disruptions to the city's operations and for any organization or company, can spell disaster totaling in the millions..
The City of Dallas ransomware attack highlights the importance of being cyber aware. It is essential to understand the tactics used by cybercriminals, such as callback phishing, and to take steps to protect against them. Here are some best practices to help your organization protect against callback phishing attacks:
Educate Employees
Employees are often the weakest link in an organization's cybersecurity defenses. It is essential to educate employees about the risks of phishing attacks and learn how to identify them. Provide training on how to recognize these phishing emails, how to verify the authenticity of login pages, and how to report suspected phishing attempts and what to do in the event of a mistaken click via an incident response plan.
Use Multi-Factor Authentication
Multi-factor authentication (MFA) adds an additional layer of security to the login process. It requires users to provide two or more forms of authentication, such as a password and a security token sent to a secondary device or account. MFA can help prevent cybercriminals from gaining access to an organization's systems, even if they have obtained a user's credentials, unless they can prod the target into accidentally pushing through access via the secondary or tertiary point.
Use Email Filters
Email filters can help identify and block phishing emails before they reach employee inboxes. They can be configured to block emails from known malicious domains or to flag emails containing suspicious links or attachments. These filters can also provide a quarantine area to review sends safely.
Keep Software Up-to-Date
Cybercriminals often exploit vulnerabilities in software programs to gain access to an organization's systems. It is essential to keep software up-to-date to prevent known vulnerabilities from being exploited. Keeping software current should include not only operating systems, but also applications, plugins, and extensions.
Regularly Back Up Data
Regularly backing up data is essential in the event of a ransomware attack. If data is backed up regularly to both a physical drive and a cloud storage location, the organization can restore the data from the backup instead of paying the ransom to the cybercriminals. It is important to ensure backups are stored offsite or in the cloud to prevent them from being compromised in the event of an attack and all data should be encrypted to avoid additional worry of information being released if obtained by cybercriminals.
"Take Home" Points
Callback phishing and other nuanced tactics are spearheading a new future for cybercriminals. Innovative, sophisticated cyber threats must be taken seriously, as was shown in the City of Dallas attack. By educating employees, using multi-factor authentication, implementing email filters, keeping software up-to-date, and regularly backing up and encrypting data, organizations can reduce the risk of falling victim to a callback phishing attack or other phishing theme. It is important to stay vigilant and to continuously update and improve cybersecurity defenses to stay ahead of today’s cybercriminals.
Phishing kits are becoming one of the most accessible components within a cybercriminal's arsenal.
Deepfakes are on the rise with AI. Are you ready to defend against them?
We break down how to spot and avoid tax season phishing scams.
