Phishing emails have been synonymous with suspicious links and attachments. However, a growing number of phishing scams are challenging this perception. The callback phishing scam is a shrewd new approach that leverages phone calls to exploit unsuspecting victims.
How Phishing Scams are Changing
After decades of phishing emails, people have been trained to associate phishing attacks with emails containing links or attachments. Cybersecurity awareness campaigns by employers, financial services companies, and others have emphasized the importance of not clicking on unknown links or downloading suspicious files. As these tactics become less effective, scammers are changing their strategies to find new methods of successful scamming.
Callback phishing, is also sometimes called “vishing,” or voice phishing, and it represents a notable shift in phishing tactics. Instead of relying on clickable links or malicious attachments, scammers now try to scare the victim into calling them. Usually the victim will get an email about a large purchase they purportedly made or an issue involving a delivery. To resolve the issue, the email provides a phone number for the recipient to call.
Understanding Callback Phishing
The callback phishing scam usually follows a carefully crafted script designed to create a sense of urgency and panic. Some examples of these emails include the following:
- A large purchase you didn’t make from Amazon or other online retailer
- A cancellation or renewal of a subscription, such as antivirus software or streaming services, such as Norton or Disney+
- A package that couldn’t be delivered to your residence by FedEx, UPS, or DHL
- A suspicious login to a bank account
- A legal matter that requires immediate attention
In all of these examples, a phone number is listed for the victim to call. Upon calling the number, the victim is greeted by a scammer posing as a representative from the company, bank, government agency, or tech support. The imposter will use various tactics to get the victim to share sensitive information. This might include asking them for personal identification numbers (PINs), passwords, account information, and credit card details. In some instances, the scammer will use caller ID spoofing to further deceive the victim, making it look like they are calling, or getting a call from a legitimate source.
Protecting Yourself Against Callback Phishing
As callback phishing grows, it is important to understand this evolving threat. Here are some key steps to protect yourself:
Stay Skeptical: Treat unexpected emails with caution, especially those that make you upset and want to act quickly. Scammers know that when emotions are involved, people will usually act without fully thinking through the issue or situation. So beware of emails that are seemingly urgent or have threatening consequences. Verify the legitimacy of the email message by independently contacting the company or supposed organization by using known and trusted contact methods – not the phone number provided in the email message.
Don’t Call Back: If an email instructs you to call a specific number, don’t do it. Instead, go to the company’s website and contact them using a phone number listed on the site. It is even better if you can to the site and log into your account and contact the company through their account messaging tools.
The callback phishing scam represents an alarming evolution in cybercriminal tactics. By using phone calls instead of traditional email elements like links and attachments, scammers are reaching victims in new and deceptive ways. Vigilance, skepticism, and verifying issues are important to remember in the ongoing battle against these evolving threats. Knowing about these types of scams helps friends and family stay one step ahead of the criminals, so be sure to share this information with them.