Consumers Warned About Rise in Call Center Threats
Consumers have been warned about a significant rise in call center threat activity, in which attackers use email alongside call center customer service agents to scam victims, sometimes out of tens of thousands of dollars.
Telephone-oriented attack delivery (TOAD) usually comes in two forms, according to cybersecurity firm Proofpoint. One uses free, legitimate remote assistance software to steal money, while the other uses malware, such as BazaLoder, disguised as a document to compromise a computer. These techniques begin with an email claiming to be from a legitimate source. The emails contain a phone number for customer assistance, and when the recipient calls the number, they are connected to a malicious call center attendant. The customer service representative will then verbally guide the victim through different types of user interaction, such as downloading a malicious file, allowing them to remotely access their machine or downloading a malicious application for remote access.
Proofpoint said that recent lures have included Justin Bieber ticket sellers, computer security services, COVID-19 relief funds, online retailers promising refunds for mistaken purchases, software updates and financial support.
These attacks can be “life-altering” for victims, with the vendor noting nearly $50,000 was lost