A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware.
Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the companies, among other security firms, being impersonated, they said in a recent blog post.
The campaign employs a typical phishing email aiming to fool a victim into replying with urgency—in this case, implying that the recipient’s company has been breached and insisting that they call a phone number included in the message, researchers wrote. If a person targeted calls the number, they reach someone who directs them to a website with malicious intent, they said.
