Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. These emails are often fake notifications that encourage you to make a call to correct an error. A recent scam impersonating the popular streaming service Disney+ is a great example of this tactic.
In this scam, cybercriminals send an email that appears to be an invoice from Disney+. The email states that you will be charged for a new subscription and directs you to call the number provided if this was an unauthorized purchase. To make the email more alarming, the amount of money shown is three times the advertised price of a monthly subscription. If you call the number in the email, a cybercriminal posing as customer services will answer. They will ask you for sensitive information, like your payment method, and may even try to gain remote access to your device.
Follow these tips to stay safe from callback phishing scams:
• Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to act impulsively.
• Consider the email’s context, timing, grammar, and other details. For example, does the invoice reference your real credit or debit card?
• Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.
Article provided by: