Customers of the cybersecurity vendor Crowdstrike are being scammed with a ‘callback phishing campaign’. Cybercriminals are impersonating the company – and other prominent security vendors – via email to trick victims into calling them to download malware, Crowdstrike has warned.
The Crowdstrike email scam claims the victim has suffered a security breach, insisting that further access is needed to rectify the issue. Reaching out individually to employees, the criminals use social engineering tactics to scare the workers into phoning the number, according to the company Crowdstrike provides security software to over 16,000 businesses around the world.
The email implores the employee to phone in by explaining that their security vendor has allegedly “already reached out directly to [their] information security department, however, to address potential compromise of local workstations they referred us to the individual operators of these workstations.” This is the reason the scam has been deemed ‘callback phishing’.
Once on the phone, the employee is put through to a campaign operator who persuades them to download a commercial Remote Access Trojan (RAT) to gain an initial foothold into the network. Crowdstrike believes it is “likely to use ransomware to monetise their operation”. This has been done before, the company says, such as in the 2021 BazarCall campaign, which saw criminals using fake cybersecurity emails to deploy Conti ransomware.
Crowdstrike email scam is not the first of its kind
This is not the first time cybercriminals have impersonated a cybersecurity company to attempt to infiltrate a system. Last year the security firm ProofPoint’s name was used to scam unsuspecting customers out of Microsoft and Google email credentials.
The email was titled RE: Payoff Request and claimed to contain a mortgage-related file sent via ProofPoint, the “RE” encouraging trust in the email as it hints at an already ongoing conversation. The link would take the victims to a login page with ProofPoint branding, which would request Google and Microsoft credentials.
Online scams such as these are skyrocketing. Employees at any institution must be on the lookout for fraudulent emails as, with both Proofpoint and Crowdstrike, the messages are well articulated and persuasive.
In 2021 the National Cyber Security Center (NCSC) removed 2.7million scams from the internet. This is nearly four times as many as there were in 2020, reads a statement by the NCSC.
Dr Ian Levy, the NCSC technical director, said his organisation was looking to work closely with private sector companies and security vendors to fight these criminals. “We strongly encourage the private sector to work even more closely with us to enhance the effectiveness of our services to take down and block malicious websites,” Dr Levy said.