Widely known brands, particularly Microsoft, NortonLifeLock, PayPal, DocuSign, and Geek Squad, have been spoofed by threat actors in new callback phishing attacks involving the distribution of PDFs luring targets into communicating with adversary-controlled phone numbers, The Hacker News reports.Malicious QR code phishing emails with PDF attachments have been leveraged to trick victims into entering a phone call with the attacker purporting to be a customer service representative who coaxes sensitive information disclosures or malware installation, according to an analysis from Cisco Talos. Most of attacks using the technique have threat actors using Voice over Internet Protocol numbers to conceal illicit activity, said Cisco Talos, which emphasized the importance of a brand impersonation detection engine in combating such schemes. Such a development comes after over 70 organizations were reported by Varonis to have been subjected to a phishing attack campaign abusing the Direct Send functionality of Microsoft 365 since May.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds