Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes

An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft’s native email controls.

A pair of billing and tech support “vishing” attacks using Geek Squad and Norton Antivirus as cover managed to hit 25,000 mailboxes recently, questing after victims’ credit-card details.

Vishing (a contraction of “voice phishing”) generally involves stealing personal information from victims over the phone or leaving fraudulent voice messages. In this case, researchers said the gambit consisted of sending fake order receipts via email, and then including phone numbers to call “for processing order returns.”

According to researchers at Armorblox, the emails bypassed native Microsoft email security controls along with email security engines like Exchange Online Protection (EOP) and Proofpoint, landing in tens of thousands of corporate inboxes.

“Microsoft assigned a spam confidence level (SCL) of ‘-1’ to both emails,” explained researcher Abhishek Iyer, writing in a Thursday posting. “This means the emails skipped spam filtering because Microsoft determined they were from a safe sender to a safe recipient or were from an email source server on the ‘IP Allow’ list.”

Leave a Comment