In the ever-evolving landscape of cyber threats, scammers are continually refining their techniques to bypass traditional security measures, and the latest revelation from cybersecurity researchers at Abnormal Security unveils a sophisticated turn in the notorious BazarCall attack.
BazarCall, also known as Callback phishing, has long been a menace, typically initiating with a phishing email masquerading as a payment notification or subscription confirmation from well-known brands. The deceitful email urges recipients to call a provided phone number urgently, purportedly to dispute charges or cancel a service. However, the real agenda is far more sinister – tricking victims into installing malware during the phone call, thereby exposing organizations to potential cyber threats.
What sets this new BazarCall variant apart is its integration of Google Forms to amplify the deception. In a disturbingly refined process, attackers craft a Google Form, complete with details about a fictitious transaction, including an invoice number and payment information. The ingenious twist lies in activating the response receipt option, sending a seemingly authentic copy of the completed form directly to the target’s email address.
Mike Britton, Chief Information Security Officer at Abnormal Security, sheds light on the attacker’s manipulation of this process. The attacker sends the form invitation to themselves, fills it out using the target’s email address, and presents it as a payment confirmation for a product or service. Leveraging Google Forms sent from a legitimate Google address adds an extra layer of legitimacy to the attack, making it considerably more challenging to detect.
The real challenge posed by this BazarCall variant lies in its evasion of traditional email security tools. Unlike typical threats that rely on malicious links or attachments, this attack cunningly exploits Google Forms, a trusted service widely used for surveys and quizzes. The dynamic nature of Google Forms URLs, frequently changing and evading static analysis, poses a formidable challenge for signature-based detection employed by many security tools.
Legacy email security tools, including secure email gateways (SEGs), find themselves struggling to discern the malicious intent behind these emails, potentially allowing threats to slip through undetected. Mike Britton emphasizes the need for modern AI-native email security solutions armed with behavioral AI and content analysis to accurately identify and thwart such attacks by recognizing brand impersonation and phishing attempts.
As we navigate the ever-shifting threat landscape, staying informed about sophisticated attack methods like this BazarCall variant becomes crucial. The adoption of advanced email security solutions leveraging artificial intelligence is paramount to effectively protect organizations and individuals from the constantly evolving tactics employed by cybercriminals.
BazarCall attacks, known for their phishing emails posing as payment notifications, have taken a more sophisticated turn with the integration of Google Forms. The use of this legitimate service, coupled with the dynamic nature of Google Forms URLs, challenges traditional security tools, making it imperative to embrace AI-native solutions for effective cyber protection in today’s digital age.