Callback phishing attacks: 3 Great Detection Tips

Written by djonon

18 August 2022

callback phishing attack

Callback phishing is a specialized type of cyber-security email threat. In a Callback phishing attack, cyber-criminals attempt to impersonate a business through an email or a phone call to a target recipient claiming that a transaction initiated by the recipient has been successfully completed. The recipient is then advised to call on the provided phone number should she/he not in agreement with the amount charged.

Clearly, the provided telephone number will not be that of the business being impersonated but rather a fictional customer support line setup by phishing actors. The aim being to attempt to lure the recipient to submit confidential information. Callback phishing attacks aim to collect specific, sensitive information from the recipient; this includes credit card numbers and bank account information.

VirtualDoers Cyber Security Team has observed callback phishing attacks that impersonate PayPal, McAfee, CrowdStrike, etc. However, any organization could be impersonated in this type of attack.  Callback phishing attacks are on the rise and have grown more than 600% in Q1 of 2021

An example of Callback phishing Attack

Below is an example of callback phishing attacks:

callback phishing attacks email
Example Callback Phishing Email

As mentioned earlier, perpetrators of the callback phishing attack attempt to lure the recipient of the message to give them a call to resolve the presented problem by tricking the victim into disclosing sensitive information.

We have also seen situations where those cybercriminals are allowed access into their target’s computers through remote desktop, and this allows those threat actors to install further backdoors or spread to other machines.

Callback phishing attacks were first introduced by the ‘BazarCall/BazaCall’ campaigns that appeared in March 2021 to gain initial access to corporate networks for ransomware attacks.

Callback phishing attacks were so successful that multiple ransomware and extortion gangs, such as Quantum, Zeon, and Silent Ransom Group adopted the technique to gain initial network access through unsuspecting employees. This type of threat also contributed to 24.6% of the overall share of Response-Based threats,” details the Agari report.

How to Detect Callback Phishing Attacks

Callback phishing attacks are unique in the sense that they easily bypass email filters. This is because they do not include malicious links or suspicious attachments. For that reason, email filters typically won’t catch them, so it’s important for organization to train their employees to be able to spot such threats.

The following tips will help you spot callback phishing attacks:

  1. scrutinize the sender: Ensure that the email is from the company it is purporting to be. Even email addresses can be spoofed, so this is not foolproof, but it is a great first step in the investigation process.
  2. Act like a Detective: Ask yourself, what does this email want me to do?  If the language in the email is trying to convince you to do something (especially if it insinuates urgency), that is a red flag! In the examples above, the attacker is attempting to convince the mail recipient to ‘callback’. In some cases, attackers may try to convince you to click a fraudulent link. Be diligent before clicking any links within emails and do not call phone numbers that you can’t identify.
  3. Trust your Instinct: If you are skeptical, ask for help. After the initial investigation, you are still not sure, contact your IT team to do some further digging. Remember, causing a false alarm is much better than setting off a real one!


One of the most important facets of effective cybersecurity awareness training is educating users beforehand on how they will or will not be contacted, and what information or actions they may be asked to take. “It is critical that users understand how they may be contacted by legitimate internal or external departments, and this goes beyond just cybersecurity.” Virtualdoers Technology team is here to help. If you have questions about ‘callback phishing’ attacks or want to discuss how we can help protect your business with cyber security services, contact us today.

Sign up – no credit card or commitment needed.

Try our videos and Employees Risk Assessment for free!

Related Articles

5 Powerful Tips to Boost your last line of defense and Security Posture

5 Powerful Tips to Boost your last line of defense and Security Posture

Companies, regardless of their size, are target to cyber-attacks, after all, you simply need to check the news to realize how serious of a problem it has become. According to Varonis, 2021 saw a near 50% increase in the number of weekly attacks compared to 2020, while...

DLL Hijacking Attack – 3 recent use cases

DLL Hijacking Attack – 3 recent use cases

DLL hijacking is a devastating attack method that takes advantage of how Dynamic Link Libraries (DLLs) are handled in Windows. It consists of creating a malicious version of a legitimate DLL required by the program and placing it early in the search order used to...

Insider Threat: 8 Warning signs

Insider Threat: 8 Warning signs

Insider threat detection and identification is the process by which persons who might present an insider threat risk due to their observable, concerning behaviors come to the attention of an organization or insider threat team. Detecting and identifying potential...

Stay Up to Date With The Latest News & Updates

Cybersecurity for  Executives

Are you a Manager or a busy Executive?

This course will equip you with the framework, vocabulary and understanding of cyber risks, and will give you the confidence to take the lead in cybersecurity initiatives

Join Our Newsletter

Subscribe to the VirtualDoers newsletter to receive our monthly publications!

You can unsubscribe at any time

Stay Connected!

Follow us in our networks