“Customer Complaint” May Get Your Attention

Customer Complaint Spear PhishingA spear phishing campaign is sending phony “customer complaints” that contain a link to a malicious website, according to Paul Ducklin at Naked Security. The phishing emails appear to come from a manager at the employee’s company, and ask the recipient about a customer complaint they received. The link in the email purports to lead to a PDF of the complaint on the employee, but leads to a page where the victim is tricked into downloading malware.

Ducklin adds that people are even more likely to click on the link if they work in a high-pressure environment.

“Worse, of course, is that junior staff in commonly outsourced jobs such as first-line support, where time pressure is always high, are the most likely to have been threatened with complaints by aggressive callers determined to get their way,” Ducklin writes. “And, let’s be perfectly honest, if you’ve ever worked in support, you’ll rarely ever have ‘reported yourself to management’ when a caller shouted at you and complained, unless the call was so aggressive or threatening that you wanted to ensure it was placed on the record for your own safety.”

Ducklin notes that in this case the sloppy appearance of the emails could tip off the recipient that the messages are fake.

“Never let yourself be pressured or threatened into acting in haste, because that’s exactly what the crooks are hoping you will do,” Ducklin says. “This scam is full of mistakes (spelling, grammar, incorrect web links, unlikely file downloads, digital signatures that simply don’t look right) that you would expect to notice on a good day, but could easily miss if you are acting in haste. But the signs are all there, even if you aren’t technical yourself, that this email simply doesn’t add up, and is fake.”

New-school security awareness training can enable your employees to recognize red flags associated with social engineering attacks.

Naked Security has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews