Date: July 11
Title: Brazen crooks are now posing as cybersecurity companies to trick you into installing malware
Cybercriminals are posing as cybersecurity companies in phishing messages claiming a cyberattack has hit the recipient and that they should urgently respond to a helpline. Once on the helpline, the criminal will trick victims into allowing remote access to the systems to help eliminate the threat.
The message claims to be from “your company’s outsourced data security services vendor.” It suggests that “abnormal activity” and a “potential compromise” has been discovered on the network as part of a “daily network audit.”
The person receiving the email is provided with an incident case number and is told to call a particular phone number to organize the audit.
CrowdStrike describes this as “callback phishing” because when the victim calls the number, they’re connected to an operator who’ll try to persuade them to install remote administration tools (RATs) to gain access to the network.
If the recipient does respond, they risk opening the door to hackers and could see their systems compromised with malware, ransomware and other dangerous cyber threats. The criminals could end up encrypting the network with ransomware themselves, or they could sell access to the infected network to ransomware groups.
What to do?
• Conduct training to educate personnel on cybersecurity threats.
• If you receive an email like this, forward it to your cybersecurity provider to investigate.
• Install security patches promptly
• Keeping server backups.
• Use anti-malware software on all endpoints.
What can you do when this happens to you?
• If you find your network has been compromised, immediately shut down.
• Identify the breach, any type of virus, or malware present.
• Identify any data which might have been compromised or stolen and inform appropriate parties.
• Rebuild the network from a known clean backup

Source: Danny Palmer
Brazen crooks are now posing as cybersecurity companies to trick you into installing malware | ZDNET