Cybercriminal Collective Dupes Customer Service Reps Into Downloading Malware

By Marcos Colon

Security firm Trustwave has seen a stream of attacks aimed at the hospitality industry, where miscreants first place a call before sending through malicious attachments via email.

Who’s at the receiving end of the phone call? The business’s customer service representatives.

By duping them into believing they are clients having difficulty in accessing the company’s online registration system, the cybercriminals then follow-up via email with the representatives, including attachments infected with malware that claims to be reservation details. The goal of the attack is to swipe credit card data.

The notorious Carbanak gang, a cybercriminal collective previously responsible for stealing close to $1 billion from banks over two years, is believed to be behind the operation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.