New Subscription Billing Notification Could Be A Phishing Attack, and you should alert your employees right away. A growing trend in the hacking world is to use mixed media, including phone calls with live actors at the other end, posing as “customer support” representatives, and even recorded messages including instructions and attached emails luring unsuspecting recipients to download malicious files.
In this case, the attack goes as follows:
A potential victim will of the subscription billing notification will get an email informing them that they’re subscribing to a fee-based service. The email instructs them to call a given phone number and speak with a representative who will be happy to help them.
If the recipient calls, the agent, who, of course, is part of the hacker’s organization, will guide the caller to a website where they can download a file the faux agent claims is necessary to finalize the cancellation. Naturally, the file does no such thing and is instead a piece of malware of the attacker’s choosing.
The payload can vary and be just about anything. The currently identified campaign uses BazaLoader, which creates a persistent backdoor on Windows-based machines to give the attackers easy access to that device that they can exploit in various ways later on.
While this may seem like a convoluted path for the attackers to take, it can be devastatingly effective. From the attackers’ point of view, it has the key advantage of being extremely difficult to detect and prevent. Most detection routines are file-based, and since this type of email doesn’t contain an attachment of any kind, it poses tremendous challenges for IT security professionals.
As ever, the best defense is education and mindfulness, so be sure your staff is aware.
