4/30/2023 0 Comments Download anydesk![]() Sam then told us the only way to get our money back was by filling out an “information form”. Sam asked us for the invoice number tied to the email, which we provided. While one of the numbers led to an endless ringtone, the other number had a real human on the end of the line who identified themselves as Sam. The Armorblox threat research team called both toll-free numbers from a disposable Google Voice number. **Fig: A variant of the Microsoft vishing email with minor changes to the email body** We also observed a variant of this vishing email that made minor changes to the email title, body, invoice amount, and toll-free number, but was still essentially the same vishing email. The footer includes a toll-free number to call: the only call to action in the email. ![]() The email body invites victims to “contact customer care representatives” for more information about the order. **Fig: Email impersonating Microsoft and including a phone number to call** ![]() The email contained HTML stylings similar to genuine emails sent from Microsoft, and included information on a subscription for Microsoft Defender Advanced Protection supposedly purchased by the victim. The email was sent from a Gmail account, had “Microsoft Online Store” as the sender name, and was titled “Order Confirmation No” followed by a long and genuine looking invoice number. **Fig: Microsoft Defender vishing that uses AnyDesk in its attack flow** **Techniques used:** Social engineering, brand impersonation, replicating existing workflows, vishing (no URLs in email), using a Gmail address, omni-channel attack flow **Email security bypassed:** Google Workspace email security **Target:** A cloud collaboration software company
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |