Jan 08, 2015 By Jean-Paul Bergeaux In Blog

Phishing over the phone?

The other day I got a call from a man who, in broken English, said to me, “You are being hacked right now!”

I knew right away what this was, but I thought I’d play it out a bit.  I said, “Right now?  As we’re talking?”

“Of course, yes,” he said, claiming he worked for “Microsoft Windows” and that my PC was sending him alerts about a hacker in my system.  I kept asking questions about who he worked for and he kept repeating “Windows Support,” after first having said he worked for Microsoft Windows.

When I decided I would not get a straight answer about who he really worked for, I then asked him what he wanted me to do (knowing it was all a crock).  He first asked me to open my browser, so he could tell me where to go and I refused before he told me more.   I should have pretended to go to the website or opened up a sandboxed virtual environment separated from my working network, but I wasn’t thinking quickly enough.  He then started asking me for sensitive information, and I just hung up.  I knew it was a social engineering attempt to get me to either go to a malicious site or download a “malware remover” that would instead install … malware!  It’s the same as a phishing Email that is trying to convince a person to click a link or open a malicious attachment.

I know some of you are thinking, “How can they make money at this?  Do people really fall for it?  Really?” Believe it or not, yes.

It’s a lucrative criminal venture and they “get” people all the time, making it a dangerous problem for large organizations trying to protect their infrastructure.  When your perimeter defenses are breached through a phone call or Email like this (which is actually more common than you think), it changes the game.

So what do you do?  Obviously, user training and education is important, but history is proving that this is not 100 percent effective.  You also need to be monitoring INSIDE the perimeter walls.  Watching for activities that hit certain Indicator of Compromise (IOC) marks and “score” as a breach is the key.  There is more than one way to do that, and not just one product that fits all environments.  For more information about how you can set up a system that can help your organization do this, visit our Resource Center.