View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 11, 2022updated 12 Jul 2022 3:12pm

Fraudsters impersonate Crowdstrike and other security vendors in ‘callback’ scam

Security vendors are being targeted by scammers looking to deploy malware and launch ransomware campaigns.

By Claudia Glover

Customers of the cybersecurity vendor Crowdstrike are being scammed with a ‘callback phishing campaign’. Cybercriminals are impersonating the company – and other prominent security vendors – via email to trick victims into calling them to download malware, Crowdstrike has warned.

The Crowdstrike email scam claims the victim has suffered a security breach, insisting that further access is needed to rectify the issue. Reaching out individually to employees, the criminals use social engineering tactics to scare the workers into phoning the number, according to the company Crowdstrike provides security software to over 16,000 businesses around the world.

Scammers impersonating Crowdstrike are using an email scam to trick customers.
Crowdstrike provides security software to over 16,000 businesses around the world. (Photo by Rafael Henrique/SOPA Images/LightRocket via iStock)

The email implores the employee to phone in by explaining that their security vendor has allegedly “already reached out directly to [their] information security department, however, to address potential compromise of local workstations they referred us to the individual operators of these workstations.” This is the reason the scam has been deemed ‘callback phishing’.

Once on the phone, the employee is put through to a campaign operator who persuades them to download a commercial Remote Access Trojan (RAT) to gain an initial foothold into the network. Crowdstrike believes it is “likely to use ransomware to monetise their operation”. This has been done before, the company says, such as in the 2021 BazarCall campaign, which saw criminals using fake cybersecurity emails to deploy Conti ransomware.

Crowdstrike email scam is not the first of its kind

This is not the first time cybercriminals have impersonated a cybersecurity company to attempt to infiltrate a system. Last year the security firm ProofPoint’s name was used to scam unsuspecting customers out of Microsoft and Google email credentials. 

The email was titled RE: Payoff Request and claimed to contain a mortgage-related file sent via ProofPoint, the “RE” encouraging trust in the email as it hints at an already ongoing conversation. The link would take the victims to a login page with ProofPoint branding, which would request Google and Microsoft credentials.

Online scams such as these are skyrocketing. Employees at any institution must be on the lookout for fraudulent emails as, with both Proofpoint and Crowdstrike, the messages are well articulated and persuasive.

In 2021 the National Cyber Security Center (NCSC) removed 2.7million scams from the internet. This is nearly four times as many as there were in 2020, reads a statement by the NCSC.

Content from our partners
How the retail sector can take firm steps to counter cyberattacks
How to combat the rise in cyberattacks
Why email is still the number one threat vector

Dr Ian Levy, the NCSC technical director, said his organisation was looking to work closely with private sector companies and security vendors to fight these criminals. “We strongly encourage the private sector to work even more closely with us to enhance the effectiveness of our services to take down and block malicious websites,” Dr Levy said.

Read more: Lawyers urged to stop advising clients to pay ransomware demands

Topics in this article:
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU