Callback phishing is a specialized type of cyber-security email threat. In a Callback phishing attack, cyber-criminals attempt to impersonate a business through an email or a phone call to a target recipient claiming that a transaction initiated by the recipient has been successfully completed. The recipient is then advised to call on the provided phone number should she/he not in agreement with the amount charged.
Clearly, the provided telephone number will not be that of the business being impersonated but rather a fictional customer support line setup by phishing actors. The aim being to attempt to lure the recipient to submit confidential information. Callback phishing attacks aim to collect specific, sensitive information from the recipient; this includes credit card numbers and bank account information.
VirtualDoers Cyber Security Team has observed callback phishing attacks that impersonate PayPal, McAfee, CrowdStrike, etc. However, any organization could be impersonated in this type of attack. Callback phishing attacks are on the rise and have grown more than 600% in Q1 of 2021
An example of Callback phishing Attack
Below is an example of callback phishing attacks:

As mentioned earlier, perpetrators of the callback phishing attack attempt to lure the recipient of the message to give them a call to resolve the presented problem by tricking the victim into disclosing sensitive information.
We have also seen situations where those cybercriminals are allowed access into their target’s computers through remote desktop, and this allows those threat actors to install further backdoors or spread to other machines.
Callback phishing attacks were first introduced by the ‘BazarCall/BazaCall’ campaigns that appeared in March 2021 to gain initial access to corporate networks for ransomware attacks.
Callback phishing attacks were so successful that multiple ransomware and extortion gangs, such as Quantum, Zeon, and Silent Ransom Group adopted the technique to gain initial network access through unsuspecting employees. This type of threat also contributed to 24.6% of the overall share of Response-Based threats,” details the Agari report.
How to Detect Callback Phishing Attacks
Callback phishing attacks are unique in the sense that they easily bypass email filters. This is because they do not include malicious links or suspicious attachments. For that reason, email filters typically won’t catch them, so it’s important for organization to train their employees to be able to spot such threats.
The following tips will help you spot callback phishing attacks:
- scrutinize the sender: Ensure that the email is from the company it is purporting to be. Even email addresses can be spoofed, so this is not foolproof, but it is a great first step in the investigation process.
- Act like a Detective: Ask yourself, what does this email want me to do? If the language in the email is trying to convince you to do something (especially if it insinuates urgency), that is a red flag! In the examples above, the attacker is attempting to convince the mail recipient to ‘callback’. In some cases, attackers may try to convince you to click a fraudulent link. Be diligent before clicking any links within emails and do not call phone numbers that you can’t identify.
- Trust your Instinct: If you are skeptical, ask for help. After the initial investigation, you are still not sure, contact your IT team to do some further digging. Remember, causing a false alarm is much better than setting off a real one!
Conclusion
One of the most important facets of effective cybersecurity awareness training is educating users beforehand on how they will or will not be contacted, and what information or actions they may be asked to take. “It is critical that users understand how they may be contacted by legitimate internal or external departments, and this goes beyond just cybersecurity.” Virtualdoers Technology team is here to help. If you have questions about ‘callback phishing’ attacks or want to discuss how we can help protect your business with cyber security services, contact us today.