Protecting yourself from Callback Phishing

Have you ever received emails pushing you to call a specific phone number?

Calling a phone number may seem safer than clicking on a link, but that's what makes this tactic so effective. In callback phishing scams, cybercriminals send you an email about something urgent, such as a fraudulent charge or a vital software update. They may imitate your banking provider, a mobile service company or even your IT provider. This is a callback phishing scam because the email includes a phone number that prompts you to call them back.

What happens when you call the number?

Cybercriminals use callback phishing scams for malicious purposes, such as stealing money, details, or even your voice. If you call the number in the email, cybercriminals will try to trick you into revealing your sensitive information. They may use an automated voice message that prompts you to enter sensitive information, such as your credit card number or security details. Cybercriminals can also try to trick you into downloading malware. To do this, they'll answer the phone and walk you through the process of downloading malicious files onto your device.

What should you do to stay safe?

Follow the tips below to stay safe from callback phishing scams:

• Think before calling unknown phone numbers. Verify that a phone number is legitimate by navigating to the organisation's official website.
• Before sharing sensitive information over the phone, ask the caller what information they have on file. If they can't prove they are legitimate, hang up.

‍

Watch out for a sense of urgency in emails. Phishing attacks rely on impulsive actions, so always think before you call.

‍