One cyber insurance specialist is warning brokers and clients of a ransomware attack method that subverts common cybersecurity controls by tricking victims into phoning a call centre – rather than clicking a link – and instructing them to download malicious software to infect their own computers.
“Making the victim do all the heavy lifting is a notable shift from the more traditional hacking attack vectors,” Tom Bennett, cyber threat analysis team leader with CFC Underwriting, said in a press release earlier this month. “Unfortunately, most workplace education around phishing emails doesn’t warn about this type of social engineering, so it represents a significant new threat.”
Dubbed ‘BazarCall,’ the scam targets small businesses by convincing victims through “good impersonations of legitimate companies” to visit a phishing site, phone a call centre and download a Microsoft Excel file to infect the victim’s network. For example, the phishing email may tell the victim a subscription has been renewed as requested and to call a phone number to cancel within 14 days if they don’t want to renew.
Read the complete article here