Callback phishing: How to protect your organization

Join us as we explain the basics of how a callback phishing attack works, why they are so effective, and how you can protect your organization.

Callback phishing: How to protect your organization
4:41

As security awareness increases among both businesses and individuals, the methods used by cybercriminals are evolving. One of the latest and most sophisticated phishing techniques is callback phishing, also known as Telephone-Oriented Attack Delivery (TOAD). For security specialists, this technique poses new challenges as attackers use the combination of email and phone to manipulate their victims. Here we look at the method in detail and discuss how it can be countered.

What is callback phishing?

Callback phishing is a social engineering method in which attackers send fake emails that often include an invitation to call a phone number. Unlike traditional phishing which usually relies on links or attachments, callback phishing uses direct communication by phone. The attackers on the other side of the line try to persuade the victim to share sensitive information, install malware or provide remote access to their systems.

Figure 1. Callback phishing general attack flow

Common attack process for callback phishing.


How the attack works

1. Initial contact via email

  • The attacker sends a credible but fake email that appears to come from a well-known organization. Common themes include billing issues, subscription renewals or technical support.
  • The email does not contain anything that automatically triggers a security alert, such as links or attachments. Instead, there is a phone number that the recipient is asked to call.

2. The phone call

  • When the victim calls the number provided, they are met by a scammer pretending to be a customer service representative.
  • The attacker uses credibility and psychological manipulation techniques to trick the victim into following instructions that lead to the installation of malware or the sharing of sensitive information.

3. execution of the attack

  • The goal is often to gain remote access to the victim's computer. This is done by tricking them into installing remote control tools which are then used to exfiltrate data or spread ransomware.
  • Other targets may be to collect credentials or other sensitive company information.

What makes callback phishing so effective?

  • Low detection rate: Because the method does not use malicious links or attachments, traditional email security solutions may have difficulty detecting these messages.
  • Direct contact: The phone call creates a sense of credibility and personal interaction, making the victim more likely to follow instructions.
  • Advanced social engineering: attackers are often skilled at reading their victims and using techniques based on trust and urgency to manipulate them.


How do organizations protect themselves against callback phishing?

To effectively counter this type of attack requires a combination of technical and organizational measures.

1. Awareness and training

  • Ensure that all employees are aware of callback phishing and how it works.
  • Train staff to recognize suspicious emails and to always verify the sender before calling listed numbers.

2. Advanced email security solutions

  • Implement solutions that can identify subtle phishing attempts, even when they do not contain typical indicators such as links or attachments.
  • Use solutions that allow you to label senders as external and identify anomalies in email patterns.

3. secure phone verification

Encourage employees to use only verified phone numbers from organizations' official websites when they need to contact customer service.

4. strengthen incident management

  • Create clear processes for reporting and handling suspected callback phishing attempts.
  • Simulate attacks as part of regular incident drills to test and improve preparedness.

5. monitoring of remote access tools

  • Restrict access to remote management tools and monitor their use.
  • Implement Zero Trust principles to minimize the risk of unauthorized access attempts.

The future of callback phishing

Callback phishing is a growing trend in cybersecurity and shows how threat actors are adapting to new defenses. By understanding how these attacks work and investing in prevention, security professionals can minimize risk and strengthen their organization's defenses against future threats.

Our recommendation

Keep your organization up to date and continue to invest in robust security solutions because the threat landscape is constantly evolving, and only proactive work will keep attackers at bay.

Contact us at Inuit if you want to discuss security challenges. We have extensive experience in email security and work with both Trustwave MailMarshal and WithSecure.

 

Markus Arvidsson

Markus is passionated about technology that generates business benefits. He shares interesting articles and insights from the IT industry as well as his own reflections.
Subscription Icon Illustrations

Subscribe to the blog

Stay updated with the latest news by subscribing.
We deliver the news straight to your inbox!