The email highlighted in this blog got past Google Workspace email security.
![anydesk scams amazon anydesk scams amazon](https://images-eu.ssl-images-amazon.com/images/I/11EHDN%2B%2BanL.png)
Augment native email security with additional controls
ANYDESK SCAMS AMAZON INSTALL
![anydesk scams amazon anydesk scams amazon](https://images-na.ssl-images-amazon.com/images/I/31kmboIB9EL.jpg)
![anydesk scams amazon anydesk scams amazon](https://serverok.in/wp-content/uploads/2019/05/anydesk-1024x709.png)
This email attack employed a gamut of techniques to get past native email security controls and pass the eye tests of unsuspecting end users. Once the attacker has control of a victim’s system, all bets are off. The end goal could have been installing malware/ransomware on the victims’ system, stealing their login data, extracting sensitive/confidential company information, and so on. We learned enough from this vishing flow to posit that attackers are trying to get victims to install AnyDesk and then initiate an RDP attack. We asked a few clarifying questions at this point that made Sam suspicious, thus ending the call (maybe our French accent wasn’t up to par). They claimed installing AnyDesk would enable us to more securely access their server and fill out the form.
ANYDESK SCAMS AMAZON DOWNLOAD
To help fill out this form, Sam spelled out the website address for AnyDesk, a remote desktop software, and suggested that we download the free version of the software. Sam then told us the only way to get our money back was by filling out an “information form”. Sam asked us for the invoice number tied to the email, which we provided. While one of the numbers led to an endless ringtone, the other number had a real human on the end of the line who identified themselves as Sam. The Armorblox threat research team called both toll-free numbers from a disposable Google Voice number. Techniques used: Social engineering, brand impersonation, replicating existing workflows, vishing (no URLs in email), using a Gmail address, omni-channel attack flowįig: A variant of the Microsoft vishing email with minor changes to the email body Vishing Flow
ANYDESK SCAMS AMAZON SOFTWARE
Target: A cloud collaboration software companyĮmail security bypassed: Google Workspace email security Now let’s focus on the attack at hand: Summary
![anydesk scams amazon anydesk scams amazon](https://cdn.osxdaily.com/wp-content/uploads/2020/04/how-to-share-iphone-ipad-screen-anydesk-4.jpg)
Armorblox has recently covered Amazon and tech support vishing attacks. Calling the listed number led to a vishing flow where the attacker tells the victim to install AnyDesk for an attempted Remote Desktop Protocol (RDP) attack.īefore we go through the attacks in greater detail, a brief description of vishing for the uninitiated: vishing (or voice phishing) is a type of scam where malicious actors steal personal information from victims over the phone or by leaving fraudulent voice messages. The email sent fake order receipts for a Microsoft Defender subscription and included phone numbers to call for processing order returns. In today’s Blox Tale, we will look at a vishing (voice phishing) attack that impersonated Microsoft and attempted to steal victims’ credit card details.