Cybersecurity company Proofpoint released a new report on Thursday highlighting an increase in call center-based cyberattacks, noting a variety of scams perpetrated by threat actors stealing almost $50,000 per attack in some instances.
Proofpoint researchers Selena Larson, Sam Scholten and Timothy Kromphardt said their company sees thousands of telephone-based cyberattacks each day, with most falling into two different categories. Some use fake call centers to steal a victim’s money and others use call centers to spread malware that can be used in other attacks.
“The attacks rely on victims to call the attackers directly and initiate the interaction. Email fraud supported by call center customer service agents is prolific and profitable. In many cases, victims lose tens of thousands of dollars stolen directly from their bank accounts,” the researcher’s wrote.
“One uses free, legitimate remote assistance software to steal money. The second leverages the use of malware disguised as a document to compromise a computer and can lead to follow-on malware. The second attack type is frequently associated with BazaLoader malware and is often referred to as BazaCall. Both attack types are what Proofpoint considers telephone-oriented attack delivery (TOAD).”
Proofpoint researchers tied the activity to people working in the Indian cities of Mumbai, Kolkata