- Cisco Talos warns against criminal recall phishing switches
- Phishing emails are delivered with PDF attachments, in which the phone numbers are
- Threat actors use people’s confidence in telephone calls
Cisco Talos security researchers warned against an ongoing phishing campaign in which the victims are called upon to call the attackers on the phone.
In a new report, the researchers said that between early May and early June 2025, they observed actors in the usurped threat of large technological companies, such as Microsoft, Adobe or Docusign.
Cisco Talos calls for this type of “recall phishing” scam – in phishing emails, they would inform the victims of an incoming / pending problem or transaction, then share a phone number they control and invite the victim to compose and solve these problems. During the call, the attackers pretended to be a representative of the legitimate client and would explain to the victim that to solve their problem, they must either disclose sensitive information, or install malware on their device.
Recall phishing
“The attackers use direct vocal communication to exploit the victim’s confidence in telephone calls and the perception that telephone communication is a secure means of interacting with an organization,” explained the researchers.
“In addition, live interaction during a telephone call allows attackers to manipulate the victim’s emotions and responses using social engineering tactics. Recall phishing is therefore a social engineering technique rather than a threat by traditional e-mail. ”
Most telephone numbers used in these campaigns are VOIPs, said Cisco Talos, saying that they are more difficult to trace.
Key information, including the attacker’s controlled telephone number, is shared via a .pdf file sent as an attachment. This is generally done to bypass the safety mechanisms of traditional emails and ensure that the e-mail landed in the reception box.
As an additional obscure layer, attackers sometimes added a QR code to the body of the PDF file, because most of the AV protection tools and by e-mail cannot scan so deeply. In addition, QR codes are generally scanned via smartphone cameras, and mobile devices rarely have the same level of security as laptops or desktop computers.
Via The Hacker News
