Security firm Armorblox has discovered a new vishing (voice phishing) campaign that aims to impersonate Microsoft to gather information from unsuspecting victims. The campaign involves the threat actor sending two separate emails from a Gmail account that bypasses verification checks. These emails included copycat invoices for Microsoft Defender subscriptions that the recipient did not pay for, along with a toll-free phone number to call to take action on the invoice. The phone call is then picked up by a “representative” that guides the caller by instructing them to install the AnyDesk application to get a refund for the purchase. Instead of a refund, AnyDesk will allow the attacker remote access to the victim’s devices and make it easy for them to install malware or steal credentials. Vishing attempts have been steadily increasing throughout the year and this is just another example of the techniques that are used.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased