Call Me Maybe?

The Rise of Callback Phishing Emails

Josh Kamdjou

Email attacks have been a growing threat to cybersecurity for years, and criminals are constantly finding new ways to trick unsuspecting users into giving away sensitive information.

One of the newer tactics in their arsenal is the callback phishing email, where the attacker sends an email that appears to be from a legitimate source and asks the user to call a phone number to verify their account information or resolve an issue. Unsuspecting users are then instructed to either download and run malware or give up sensitive credentials.

In this talk, we will discuss the growing threat of callback phishing emails and how they differ from traditional phishing attacks. We will examine several real-world examples of callback phishing and explore the tactics used by criminals to make them appear legitimate. Additionally, we will discuss methods of detection and prevention by analyzing signals unique to these attacks, and discuss how organizations and individuals can protect themselves using free/open source tools and multi-factor authentication.

Attendees will come away from this talk with a better understanding of the callback phishing email threat and the tools they can use to protect themselves against it.