Many individuals confidently assume they would never become victims of scams. Common suspicious messages, such as those related to outstanding tolls, parcel deliveries, and employment opportunities may appear quite transparent in their deceptive nature. However, fraudsters continuously devise new methods to deceive individuals, such as through callback phishing schemes that mimic trusted brands.

A recent report by Cisco Talos, highlighted in an article by Malwarebytes Labs, reveals that consumers are being targeted with fraudulent emails disguised as correspondence from reputable companies that prompt victims to contact customer support to rectify issues. Here’s a breakdown of how these scams operate, their underlying mechanics, and what signs to monitor for.

The Mechanics of Callback Phishing Scams

Callback phishing, or telephone-oriented attack delivery, typically initiates with an email. Scammers impersonate well-known brands in these messages. They often include information regarding an alleged purchase, account problem, or technical issue, instructing recipients to dial a specified number to resolve the supposed matter.

Once the conversation begins, individuals posing as customer service representatives or tech support personnel request personal details and might steer you toward harmful links or downloads designed to gather your information or install malware on your device.

This tactic exploits similar vulnerabilities as other phishing endeavors: it invokes emotional responses, like fear, and generates a sense of urgency, reducing the likelihood that you’ll critically assess the situation. Notably, the phishing campaign described by Cisco Talos includes elements that aid fraudsters in evading detection.

Initially, the scam emails imitate renowned brands widely utilized by consumers, including Microsoft, Adobe, Norton LifeLock, PayPal, DocuSign, and Geek Squad. When contacted about potential issues, many individuals may not raise suspicions if they are prompted to resolve problems linked to services they frequently use.

Another tactic employed by the scammers is embedding a PDF in the email that loads automatically when the message is opened. This method keeps the email body empty but displays an authentic company logo and a message about the alleged problem alongside a phone number to dial. This strategy helps such messages bypass email security protocols, which often scrutinize textual content and links. Moreover, it circumvents the need to open an attachment, an action that is commonly recognized as a sign of phishing attempts.

In certain scenarios, the loaded PDF may incorporate a scannable QR code or a hyperlink that directs you to a phishing site instead of providing a number to call.

Identifying Callback Phishing Red Flags

As with all scams, communications that generate a sense of urgency or provoke strong emotions such as fear or confusion should raise alarms. Be particularly wary of emails that include attachments, even if they load automatically without requiring any clicks—legitimate companies rarely send email attachments.

Moreover, it’s crucial to avoid clicking links or scanning QR codes found in emails, text messages, or social media posts until you have verified the sender’s authenticity. Always visit the official company website and reach out to their support team to confirm requests. Email addresses can be falsified in sophisticated manners, making it essential to exercise caution.