As the year-end festivities approach, staying vigilant against evolving cyber threats is crucial. In a recent advisory report, the FBI highlighted a rising trend in callback phishing attacks, adding a new layer of sophistication to the age-old phishing technique.
The Callback Phishing Twist: A Deceptive Charge Scam
Callback phishing has taken a dangerous turn, with cybercriminals now using a two-step approach. In this scam, a phishing email claims a pending charge on one of your accounts, prompting you to call a provided number. Cybercriminals guide you through a seemingly legitimate connection process using system management tools if you make the call. These tools, typically used by IT departments for remote device management, become an entry point for installing ransomware on your device.
Tips to Stay Safe:
- Beware of Urgency: Be suspicious of emails urging immediate action. Cybercriminals often create an urgency to catch you off guard.
- Verify every detail: Consider the context, timing, and details of emails or calls. Authentic communications align with your usual experiences.
- Navigate Officially: Avoid calling numbers from emails or clicking on supposed links; instead, navigate to official websites to find accurate information.
- Attachments/links: Never download an attachment or click a link in an email you didn’t expect.
- Timing and Format: Watch out for emails sent outside business hours and emails containing spelling or grammatical errors.
- Check the sender’s address: it can say a lot! (For example: am0zon, m1crosoft, w3llsfarg0…)
Visual Matrix Security Practices:
As a valued Visual Matrix user, it’s essential to practice caution. Recently, spam calls impersonating Visual Matrix have been reported. See below for the best safety practices to remember:
- Legitimate Contacts: Our contacts are related to open tickets or follow-ups on alerts. We connect through Zoho Assist and only request screen access for assessments.
- Additional Security Tips:
- Visual Matrix employs admin logins and will never ask you for your credentials.
- If you have any doubts, do not hesitate to call back and request the caller’s name and a ticket number for authentication. Our contact number is available on our website.
Explore our Security Reminders and Best Practices for a more comprehensive list of online safety practices.
Stay informed, stay secure. Your awareness is the best defense against cyber threats.