- Cisco Talos warns about Callback phishing -sdone on the rise
- Phishing -e -emails come with pdf -tuned files where are phone numbers
- Threatening actors take advantage of people’s confidence in phone calls
Cisco Talos security researchers have warned of an ongoing phishing campaign where the victims are tricked into calling attackers on the phone.
In a new report, the researchers said that between the beginning of May and the beginning of June 2025, they observed threat actors who falsified large tech companies, such as Microsoft, Adobe or Docusign.
Cisco Talos calls this type of scam “callback phishing” -in phishing -e emails, they would notify the victims of a problem or inbound/pending transaction, then share a phone number they control, and invite the victim to call in and solve these problems. During the call, the striker would mask as a legitimate customer representative and explain to the victim that in order to sort their problem, they have to either reveal sensitive information or install a piece of malware on their device.
Callback phishing
“Attackers use direct voice communication to exploit the victim’s confidence in phone calls and the perception that telephone communication is a safe way to interact with an organization,” the researchers explained.
“In addition, the live interaction during a phone call attackers gives the opportunity to manipulate the victim’s feelings and answers by using social engineering tactics. Recovery is therefore a social engineering technique rather than a traditional E email threat.”
Most phone numbers used in these campaigns are VOIP number, Cisco Talos explained further, saying this is more difficult to track.
The most important information, including the attacking-controlled phone number, is shared via a .pdf file sent as an attachment. This is usually done to bypass traditional E email security mechanisms and ensure that the E -mail countries in the inbox.
As an additional layer of connection, attacks would sometimes add a QR code in the body of the PDF file, as most AV and E -Mail -protection tools cannot scan so deeply. In addition, QR codes are usually scanned via smartphone cameras, and mobile devices rarely have the same level of security as laptops or desktop computers do.
Via Hacker the news
