Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks.
Most phishing campaigns embed links to landing pages that steal login credentials or emails that include malicious attachments to install malware.
However, over the past year, threat actors have increasingly used “callback” phishing campaigns that impersonate well-known companies requesting you call a number to resolve a problem, cancel a subscription renewal, or discuss another issue.