Cybercrime that starts with a phone call
(MoneyWatch) So-called phishing attacks are getting more sophisticated. And the latest trend in cybercrime appears to include a preparatory phone call.
Security software company Symantec is reporting a variation on such schemes that it calls "spear phishing." The targeted company still gets a malware-packed email disguised as a legitimate business message, but the twist is that the criminal calls ahead to let you know it's coming.
- Is anti-virus software a waste of money?
- Simple ways to protect yourself from botnets
- Is malware lurking in your search results?
As the security company explains on its blog this week, criminals find the name and phone number of marks within a targeted company -- this information is quite easy to uncover, and might even be supplied right on the corporate website. Since the fraudsters look for people whose job includes processing invoices or other financial documents, this would not be suspicious, and in fact the call helps to defuse any concerns about the email and malware-infected payload.
So far, these attacks have been limited to French-speaking companies in France, Romania and Luxembourg. But if they're successful, expect such attacks to spread to the U.S. as other cybercriminals leverage a new technique.
Symantec advises that companies be on guard in dealing with cold calls regarding processing emails. Since the caller is likely to have limited information and is simply hoping the call itself will help deflect scrutiny from the email, asking additional questions can help verify the legitimacy of the request and ferret out possible fraud.