This nasty new email scam tricks victims into calling the fraudsters

Email warning
(Image credit: Shutterstock)

Experts from security firm Kaspersky have warned of new waves of vishing (voice phishing) scams making the rounds that target users with extravagant purchase demands.

The company says that as-yet-unknown criminals are impersonating well-known hardware and software manufacturers, “warning” people of their gaming laptops, Apple smartwatches, and software license purchases.

Whatever the product, the value of the purchase is usually rather quite substantial, with the goal being to scare the victim into calling the number listed in the email. Once the victim takes the bait and rings the number, the attackers will try to extract any valuable or personal information over the phone, or try to have the victim install malware.

“This particular strain of spam e-mails contain no links, but they do include a phone number that the victim is asked to call if they want to change or cancel the order. And if the victim calls, most likely the scammers will try to wangle the login credentials for some financial service or bank card details,” explains Roman Dedenok, Content Filtering Team at Kaspersky. 

“Alternatively, they might try to trick the victim into transferring money or even installing a Trojan on their computer, which has been known to happen. Hence, users should be alert when receiving unexpected mails in their inbox.”

So, if you get an email informing you of an expensive purchase you don’t remember making, and if the email also contains a phone number that you should call in order to cancel the order, don’t do it.

Defending against phishing and vishing

Instead of calling the number in the email, victims should log into their account with the service in question, but not through the email, but rather directly through the browser.

Installing a reliable antivirus solution with protection against financial attacks, phishing, and online fraud, wouldn’t hurt, as well.

Small and medium-sized businesses (SMB) are often targets of such attacks, as their employees are often understaffed, overworked and thus easy to catch off-guard.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.