BazaCall Scheme Dupes Victims into Calling Hackers
According to a recent report from Microsoft Security, hackers are setting up fraudulent call centers and employing social engineering tactics to rope in victims. The entry point is somewhat similar to vishing (voice phishing) tech support and customer service scams. Hackers send spam emails from compromised accounts or email addresses that look like they’re coming from real businesses. The spam emails tell users that a free trial for a subscription service is about to expire — such as software licensing or fitness memberships — and their credit card will be charged unless they cancel. The fraudulent email directs the target to call a customer support number. If a victim dials the phony call center, there will be a real human on the other end of the line, set up by BazaCall operators. The fraudulent call center representative then guides the victim through the cancellation process, usually directing them to a malicious website that hackers have set up. Through social engineering, the fraudster tricks the victim into downloading a malicious Excel file carrying BazaLoader — a malware capable of injecting ransomware and other malware that can steal sensitive data on infected systems.
Dangers of Social Engineering
Microsoft Security researchers noted the effectiveness of the social engineering element that BazaCall employs. Traditional phishing methods are more automated, as cybercriminals simply send out a barrage of spam emails in hopes of luring victims into clicking a malicious link that downloads and installs malware. But this scam involves a dangerous human element. “We observed that even if security filters such as Microsoft Defender SmartScreen are enabled, users intentionally bypass it to download the file, which indicates that the call center agent is likely instructing the user to circumvent security protocols, with the threat that their credit cards will be charged if they don’t,” Microsoft Security Intelligence said in the report. This isn’t the first time we’ve seen this personal tactic in the spotlight. After an investigation by the state of New York, it was revealed that social engineering was how administrative systems were breached in Twitter’s July 2020’s massive hack. Cybercriminals — allegedly led by then 17-year-old Graham Ivan Clark — called employees pretending to be Twitter’s internal tech support, and tricked one with high-level access into entering login credentials into a spoofed site. Hackers then used those credentials to access Twitter’s administration login, and tricked the employee into approving multifactor authentication.
Recognizing BazaCall Phishing Attempts
Even though BazaCall is a unique and dangerous threat, it’s important to point out that like any phishing attempt, it all starts with a spam email. Spammers blast out these emails to hundreds of thousands of accounts, and since it would take so much work to personalize, there are some things that users can look out for to avoid becoming a victim. Microsoft researchers provided some sample subject lines, which are listed below:
Your demo stage is nearly ended. Your user account number VC[unique ID number]. All set to continue? Your free period is almost ended. Your member’s account number VC[unique ID number]. Ready to move forward? Soon you’ll be moved to the Premium membership, as the demo period is ending. Personal ID: KT[unique ID number] Automated premium membership renewal notice GW[unique ID number] Your subscription will be changed to the gold membership, as the trial is ending. Order: KT[unique ID number] Notification of an abandoned road accident site! Must to get hold of a manager! [body of email contains unique ID number] Thanks for deciding to become a member of BooyaFitness. Fitness program was never simpler before [body of email contains unique ID number] Thank you for getting WinRAR pro plan. Your order # is WR[unique ID number]. Many thanks for choosing WinRAR. You need to check out the information about your licenses [body of email contains unique ID number]