publishing date icon
February 28, 2023
read time icon
5 min. read

Buggy phishing attack accidentally reveals how cyber criminals personalize messages to elude detection by filters

Post hero image

Table of contents

share this post

Vishing, or voice phishing is a form of phishing which typically happens over the phone. In vishing, the malicious actor uses social engineering techniques to lure the victim into sharing sensitive information or to perform an action benefitting the attacker. Vishing attacks come in many shapes and sizes, some attackers pray on the old folk posing as IT-support, while others impersonate CEOs requesting large wire transactions.

This attack starts off with an email. The email informs the recipient about an order renewal being billed from their account. The recipient of course does not recognize the order and wishes to cancel it. Conveniently, the email contains a bolded phone number just for this purpose!

When called, the malicious actor will read a script requesting the caller for all sorts of personal information, often also containing financial details “required for service cancellation”.

In this case however, the malicious actors did not get it quite right. In an attempt to mix things up a bit, potentially to better elude automatic detection by spam filters, the malicious actors have configured multiple fields to contain random variables. Fortunately, something went wrong and the recipient was able to see which parts of the email were going to be personalized.

Personalized fields included information such as the product name, phone number and location, allowing the malicious actors to better cater different regions. By personalising the email to e.g. mention products recognised in a certain part of the world, the efficiency of the campaign is increased.

Off the hook – How to detect the attack and protect your organization from it

Be vigilant with unexpected emails and aware of the fact that malicious actors personalize their attacks using information that matches their victims (e.g. location, name, local phone number) to evade both your suspicion and spam filters

Also be aware of social engineering techniques such as vishing and refuse giving out financial or personal details via phone. Hang up if you suspect something is phishy.

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.