Callback phishing attacks or hybridized voice phishing that includes pre-call email. Increased by 625% between the first quarter of 2021 and the second quarter of 2022. Even though overall phishing volumes only rose by 6% during the same period, indicating hackers’ evolving techniques in phishing, reports BleepingComputer.
Nearly 25% of response-based threats during the second quarter of 2022 were attributed to hybrid vishing attacks, which were initially introduced by the BazarCall or BazaCall campaigns, according to an Agari report.
“While this is the second quarter, hybrid vishing attacks have declined in share due to the overall increase of response-based threats, vishing volume has steadily increased in count over the year,” said Agari.
QBot – Callback Phishing
The report also showed that Emotet surpassed QBot as the dominant botnet in phishing campaigns during the second quarter. Meanwhile, financial organizations have been most targeted by phishing attacks, followed by the telecommunications, social media, webmail, e-commerce, and cloud storage/hosting sectors.
Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks.
According to Agari’s Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022. However, the use of ‘hybrid vishing’ is seeing a massive 625% growth.
Its hybrid form, called “callback phishing,” also includes an email before the call, typically presenting the victim with a fake subscription/invoice notice.
Scammers – Callback Phishing
The recipient is advised to call on the provided phone number to resolve any issues with the charge. However, instead of a real customer support agent, the call is answered by phishing actors.
The scammers then offer to resolve the presented problem by tricking the victim into disclosing sensitive information or installing remote desktop tools on their system. The threat actors then connect to the victim’s device remotely to install further backdoors or spread to other machines.
These callback phishing attacks were first introduced by the ‘BazarCall/BazaCall’ campaigns that appeared in March 2021 to gain initial access to corporate networks for ransomware attacks.
Hybrid Vishing attacks
The attacks work so well that multiple ransomware and extortion gangs, such as Quantum, Zeon, and Silent Ransom Group, have adopted the same technique today to gain initial network access through an unsuspecting employee.
“Hybrid Vishing attacks reached a six-quarter high in Q2, increasing 625% from Q1 2021. This threat type also contributed to 24.6% of the overall share of Response-Based threats,” details the Agari report.
“While this is the second quarter, hybrid vishing attacks have declined in share due to the overall increase of response-based threats. Vishing volume has steadily increased in count over the year.”
