![]() ![]() We learned enough from this vishing flow to posit that attackers are trying to get victims to install AnyDesk and then initiate an RDP attack. We asked a few clarifying questions at this point that made Sam suspicious, thus ending the call (maybe our French accent wasn’t up to par). They claimed installing AnyDesk would enable us to more securely access their server and fill out the form. To help fill out this form, Sam spelled out the website address for AnyDesk, a remote desktop software, and suggested that we download the free version of the software. Sam then told us the only way to get our money back was by filling out an “information form”. Sam asked us for the invoice number tied to the email, which we provided. While one of the numbers led to an endless ringtone, the other number had a real human on the end of the line who identified themselves as Sam. The Armorblox threat research team called both toll-free numbers from a disposable Google Voice number. Fig: A variant of the Microsoft vishing email with minor changes to the email body Vishing Flow We also observed a variant of this vishing email that made minor changes to the email title, body, invoice amount, and toll-free number, but was still essentially the same vishing email. The footer includes a toll-free number to call: the only call to action in the email. The email body invites victims to “contact customer care representatives” for more information about the order. The email contained HTML stylings similar to genuine emails sent from Microsoft, and included information on a subscription for Microsoft Defender Advanced Protection supposedly purchased by the victim.Ī snapshot of the email is given below: Fig: Email impersonating Microsoft and including a phone number to call The email was sent from a Gmail account, had “Microsoft Online Store” as the sender name, and was titled “Order Confirmation No” followed by a long and genuine looking invoice number. Techniques used: Social engineering, brand impersonation, replicating existing workflows, vishing (no URLs in email), using a Gmail address, omni-channel attack flow Fig: Microsoft Defender vishing that uses AnyDesk in its attack flow The Email Target: A cloud collaboration software companyĮmail security bypassed: Google Workspace email security Now let’s focus on the attack at hand: Summary Armorblox has recently covered Amazon and tech support vishing attacks. Calling the listed number led to a vishing flow where the attacker tells the victim to install AnyDesk for an attempted Remote Desktop Protocol (RDP) attack.īefore we go through the attacks in greater detail, a brief description of vishing for the uninitiated: vishing (or voice phishing) is a type of scam where malicious actors steal personal information from victims over the phone or by leaving fraudulent voice messages. ![]() The email sent fake order receipts for a Microsoft Defender subscription and included phone numbers to call for processing order returns. I’ve broken down the top antivirus protection for Mac, PC, iOS and Android devices. My top pick is TotalAV and includes real-time anti-malware protection which keeps your computers protected against the very latest threats.In today’s Blox Tale, we will look at a vishing (voice phishing) attack that impersonated Microsoft and attempted to steal victims’ credit card details. Install antivirus software on your device: The best way to protect yourself from any kind of malware is to have antivirus software installed on your device.The quality of the written comments (A telltale sign of suspicious apps often have poor grammar).The number of ratings (avoid apps with little to no ratings).The quality of the written comments (A telltale sign of suspicious apps often have poor grammar) The number of ratings (avoid apps with little to no ratings) Research apps before downloading: although Anydesk is a legitimate app, it's important for you to always research an app before downloading it so that you know what it's being used for and if it's legit.Never give your personal information over the phone: if you receive a suspicious phone call or if someone is asking you for your personal information while on the phone, don't fall for it. ![]()
0 Comments
Leave a Reply. |