How a vishing attack spoofed Microsoft to try to gain remote access

  • Technology
  • How a vishing attack spoofed Microsoft to try to gain remote access

A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer.

Image: Tero Vesalainen, Getty Images/iStockphoto

A standard phishing attack typically involves sending people an email or text message spoofing a known company, brand or product in an attempt to install malware or steal sensitive information. But a variation called vishing (voice phishing) adds another element, in which the cybercriminals speak with their victims directly by phone or leave fraudulent voice messages. A blog post published Thursday by security firm Armorblox describes a scam in which attackers tried to impersonate Microsoft Defender to coax potential victims to grant them remote access.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)  

This particular campaign started with phony order receipts for a Microsoft Defender subscription sent via two different emails. Each of the two messages included a phone number to call for any issues related to order returns. Calling one of the numbers triggered the vishing attack in which the criminal instructed the victim to install a program to give them remote access to the person’s computer.

Sent from a Gmail account, the initial emails used a sender name of “Microsoft Online Store” and a subject line of “Order Confirmation No” followed by a long invoice number. The emails borrowed the look and layout of actual emails from Microsoft and even included information on a subscription for Microsoft Defender Advanced Protection that supposedly was ordered by the recipient.

The emails asked the person to contact customer care representatives for more information about the order, including toll-free numbers to call. Since the order was fake, anyone receiving a message like this would naturally be concerned about getting charged for an item they never purchased.

Researchers from Armorblox called both numbers listed in the two emails. One number just rang with no one ever picking up. But the other number was answered by a real person who called himself Sam. Requesting the invoice number listed in the email, “Sam” said that the only way to get a refund was by filling out an information form. To assist the user in this process, Sam suggested installing AnyDesk, a program that provides access to remote PCs.

After the Armorblox folks asked one too many questions, Sam seemed to get suspicious and ended the call. But the intent was clear. The attackers wanted to get victims to install AnyDesk, through which they could then remotely access the person’s PC through Microsoft’s Remote Desktop Protocol. The goal may have been to install malware or ransomware, steal login credentials or grab confidential information.

An attack like this uses several tactics to appear convincing and bypass standard security protection. The emails tried to convey a sense of trust, as it appears to come from Microsoft. They aimed to create a sense of urgency by claiming that the recipient ordered a subscription for something that they obviously didn’t order. The emails didn’t include any links or clearly malicious content that might otherwise prevent it from getting through to someone’s inbox. Further, the emails came from a legitimate Gmail account, allowing them to pass any authentication checks.

To help protect yourself and your organization from these types of vishing scams, Armorblox offers several helpful tips:

  1. Supplement your native email security. The initial emails described by Armorblox snuck past the Google Workspace email security. For better protection, enhance your built-in email security with additional layers that use more advanced techniques. Gartner’s Market Guide for Email Security discusses new methods that vendors introduced in 2020.
  2. Look out for social engineering cues. With email overload, it’s easy to be fooled by a malicious email that appears legitimate at first glance. Instead, you need to engage with such emails in a methodical way. Inspect the sender’s name, email address and the language used within the email. Check for any inconsistencies in the message leading you to ask yourself such questions as: “Why is a Microsoft email being sent from a Gmail account?” and “Why are there no links in the email, even in the footer?”
  3. Resist sharing sensitive information over the phone. Be wary of any unsolicited caller who asks for sensitive information or tells you to download something over the phone. If you feel the phone call is a scam, simply hang up. If the person provides a call-back number, don’t call it. Instead, search the company’s website for a customer service number and call that one.
  4. Follow password best practices. To protect your online accounts, don’t reuse your passwords, avoid passwords that tie into your date of birth or other personal events, don’t use generic passwords and rely on a password manager to create and maintain complex passwords. Further, set up multi-factor authentication (MFA) on your business and personal accounts wherever possible.

How a vishing attack spoofed Microsoft to try to gain remote access

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see

Did you like this article? You can read it and many others @ Tech Republic!


Here's the latest news

WASHINGTON — The House voted on Thursday to find Stephen K. Bannon in criminal contempt of Congress for stonewalling the investigation into the Jan. 6 Capitol attack, taking action against a close ally of former President Donald J. Trump as...

House Finds Bannon in Contempt for Defying Jan. 6 Inquiry Subpoena

Engineers with entrepreneurial skills can make their own careers. Both talents work together to create a business that can go as high as you want. Image: Shutterstock/Ashalatha Must-read developer content With the rise of the DevOps movement, which in my...

How to become an entrepreneurial engineer and create your own career path

We can pump the brakes on the XOXOs when it comes to one major moment that happened between the OG Gossip Girl and Dan Humphrey's little sister, Jenny. Penn Badgley, who played Dan Humphrey and—BIG spoiler alert—the mysterious titular character herself...

Penn Badgley Reveals Dan Humphrey's Worst Moment on Gossip Girl

The wait is over. After successive changes and postponements because of the COVID-19 pandemic, the 2021 Twenty20 Cricket World Cup is here. Due to be played in Australia last year, and then moved to India before it was again relocated, the...

ICC T20 World Cup schedule 2021: Complete dates, times, TV channels, live streams to watch every cricket match in the USA

Graphic by Kayleen Dicuangco Canadian brand Nonie and Dr. Daniel Foucher from Ryerson University weigh in. By Annika Lautens Date October 21, 2021 Excuse me for stating the obvious, but the COVID-19 pandemic has changed everything. From socially distanced IKEA...

Antiviral Material: What Is It and How Does It Affect COVID-19?
Load More
Share via
Copy link
Powered by Social Snap