Phishing emails continue to be sent in high volumes. Earthweb has identified approximately 3.4 billion malicious messages are sent daily around the world.

However, not all phishing emails try to trick unsuspecting targets the same way. While many phishing emails contain malicious links or downloads to try and compromise devices, other scams are more elaborate. 

Some phishing messages try to elicit an emotional response to trick recipients into turning over valuable information. Some of these messages may include a phone number cybercriminals want you to call. This can provide an air of legitimacy to their schemes. 

Malicious actors may also pose as a representative from a legitimate institution to put you at ease. However, they are still trying to get you to turn over data points, or give them control over your devices.

In this installment of the BlackCloak Thursday Threat Update, we’ll highlight a pair of phishing schemes where phone call elements are involved.

FBI issues warning over refund payment portal impersonators

What we know: The FBI issued a warning over cybercriminals impersonating financial institutions’ refund payment portals. Potential victims are sent an email where they are told to cancel a subscription within 24 hours or else they will be charged a $300 to $500 dollar penalty. The email includes a phone number where victims are told a representative can help them cancel the service and get a refund. When a target calls the number, the scammer will persuade them to give control of their devices as well as credentials for their bank accounts. Doing so can either lock the target out of their devices, or black out the screen while they conduct a wire transfer.

Recommendations: Whenever you receive a message that tries to persuade you to act quickly, it’s important to slow down and think before you take action. Remember, no legitimate organization will ever ask you for login credentials or ask to take control of your devices. Cybercriminals hope you dive forward without remembering this. Thus, you should never engage with any message that wants you to act quickly. If you have fallen victim to one of these scams, the FBI recommends filing a complaint with the Internet Crime Complaint Center as soon as possible, and to monitor your accounts for fraudulent activity.

Researchers discover image-based phishing scam 

What we know: INKY Technology researchers have recently discovered an image-based phishing scam. The researchers found scammers create phishing messages with recognizable logos and branding. Rather than creating an email from scratch, cybercriminals post the message as a screenshot, hoping that potential targets do not realize that they are looking at an image rather than a real email. Similar to the scam recognized by the FBI, the email will state that the target is about to be charged for a subscription, and that they should call a number to contact a phony representative, who ultimately will try and convince the target to give them control over their device.

Recommendations: If you are not sure whether a message is legitimate or not, take the time to read the body of the message carefully. INKY researchers cited an example of the scam where cybercriminals impersonated Geek Squad representatives. The researchers found that the email was poorly written, containing grammatical errors and factual inaccuracies. Poorly written emails are a big red flag that the message you received is malicious in nature, and a sign that you should avoid interacting with the sender any further.

Stay on top of phone-based phishing scams

Cybercriminals use every resource at their disposal to try and get your sensitive information, and that includes your phone. Staying on top of these threats will help you not only protect yourself, but your loved ones as well. The FBI found that those behind the refund payment portal scam have been targeting the older population, so learn how you can protect the senior citizens in your life from becoming scam victims. Additionally, read up on how scammers send phishing messages through SMS texts, a tactic known as “smishing.”