A new form of phishing is appearing and it has the ability to avoid email filtering programs.
Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to entice individuals to reveal personal information, such as passwords and credit card numbers.
Unlike traditional phishing, callback phishing does not include malicious links, attachments or phone numbers in plain text. Instead, its main feature is a phone number urging the recipient to call for an urgent matter.
The email will contain a convincing message along the lines of; incorrect charge or an overdue account. This is designed to alarm the user into calling the number provided. Calling the number will lead to a call centre where the operators are prepared to convince you to install ransomware or other malicious software.
How these phishing campaign avoid filtering is by embedding an image. The image prominently displays the message and the number to call. There are no links, no text, just the image. Most filtering software analyses text, URL links and attachments to determine the safety of the email. Having the entire scam in an image makes it very difficult to detect.
There are still ways to avoid these phishing campaigns. The best is cyber security awareness.
Having other cyber security defences in place will also assist. Technicalities’ highest recommended cyber defence software is called ‘Application Whitelisting’. This will block any attempt to install any unapproved software from your PCs and laptops. Remote desktop software, ransomware or any other malicious software will be blocked with Application Whitelisting in place.