Consumers have been warned about a significant rise in call center threat activity, in which attackers use email alongside call center customer service agents to scam victims, sometimes out of tens of thousands of dollars.
Telephone-oriented attack delivery (TOAD) usually comes in two forms, according to cybersecurity firm Proofpoint. One uses free, legitimate remote assistance software to steal money, while the other uses malware, such as BazaLoder, disguised as a document to compromise a computer. These techniques begin with an email claiming to be from a legitimate source. The emails contain a phone number for customer assistance, and when the recipient calls the number, they are connected to a malicious call center attendant. The customer service representative will then verbally guide the victim through different types of user interaction, such as downloading a malicious file, allowing them to remotely access their machine or downloading a malicious application for remote access.
Proofpoint said that recent lures have included Justin Bieber ticket sellers, computer security services, COVID-19 relief funds, online retailers promising refunds for mistaken purchases, software updates and financial support.
These attacks can be “life-altering” for victims, with the vendor noting nearly $50,000 was lost in a single case in which the threat actor masqueraded as NortonLifeLock.
The researchers were able to pinpoint many of the attacks as coming from India, with multiple activity clusters occurring in Kolkata, Mumbai and New Delhi. Interestingly, they found many of these malicious call centers are architected like legitimate businesses, with leases being signed on buildings purporting to be telemarketers or other phone-based companies. Additionally, local jobseekers are often recruited to support the operation.
The report indicated that these attacks are not targeted, and contact lists are most likely procured from legitimate data brokerages or other telemarketer resources.
Commenting on the research, Sherrod DeGrippo, VP, threat research and detection at Proofpoint, said: “Threat actors are getting very creative with their lures, and a fake receipt for Justin Bieber tickets or a firearm purchase are attention-grabbing enough to trick even the most vigilant email recipient. Should you respond in an attempt to dispute the charges, what follows is an elaborate infection chain that requires significant human interaction and takes victims down the rabbit hole of the worst possible fake customer service experience imaginable – one that ultimately steals your money or leaves behind a malware infection.”