Ransomware via Phone?

Recently, an end-user kept receiving several unsolicited commercial emails in a very short amount of time, which hindered their productivity. Shortly after, the user received a phone call from someone who claimed to be from the internal IT department. The supposed “IT technician” mentioned that they detected unusual activity with the user’s email and needed to install an urgent security update. In reality, the attacker’s plan was to trick the user into installing ransomware to lock down files or the entire system, and then demand payment to restore access. ‎‎

Why this works?

This is a layered social engineering attack. It works because it feels like a coordinated internal response to a real issue the victim can see unfolding. ‎It’s purely psychological. Those strange emails are the setup. When the attacker calls and references the unusual email activity, it makes their story seem plausible. The victim already has a reason to believe what they say. ‎‎Multiple confusing emails followed by a call may create cognitive overload. When people feel confused or anxious, they are more likely to follow instructions from an authority figure without questioning. ‎

How to prevent or mitigate this?

1. User awareness — Continuous security awareness campaign. ‎‎
2. Email filtering — Blocking spam and suspicious emails can prevent the setup. ‎‎
3. Application control policies — Only approved software or programs can run on user devices. ‎
4. Endpoint security — Real-time monitoring and detection of suspicious activities.

Leave a Comment

Your email address will not be published. Required fields are marked *

error: You are not allowed to do that please!
en_USEnglish
Scroll to Top