Threat actors are giving consumers another reason why they would rather fill a cavity than contact customer service.
Last month, LastPass warned its customers about a social engineering campaign that uses fake reviews to circulate a phony customer service number operated by threat actors. The password manager application company said in the Oct. 31 blog post that the reviews follow a similar format, each encouraging users to either go online or dial the trick number to get customer service assistance.
Users who have attempted to dial the bogus number, found across multiple five-star reviews on LastPass’s Chrome Web Store app page, have been greeted by a bad actor who has attempted to direct them to a malicious website.
Not the only one. But LastPass is not the only company that has been leveraged in the fake number scheme. According to BleepingComputer, the dud number has been advertised as a customer service number on Chrome extension reviews, company forums, and Reddit for several companies, such as Roku, Paypal, Netflix, and Verizon.
Threat actors have also been using fake customer service numbers to haggle victims for their information directly. Last month, a user on social media platform Bluesky recalled a time when his partner dialed what was thought to be United Airlines’ customer service number, but was instead a number controlled by a scammer who was on the hunt for banking information. The number was allegedly retrieved from Google’s AI-generated summaries.
Users commenting on the thread resonated with the account, claiming that they experienced the same occurrence when attempting to reach companies such as Delta, Southwest, and Apple. It is unclear if these occurrences were connected.
Healthy dose of skepticism. Since disclosing the threat, LastPass has warned users that malicious actors have already altered the way they attract victims, now leveraging emojis and a different phone number in their reviews.
Roger Grimes, a data-driven defense evangelist at the security training platform KnowBe4, told IT Brew that organizations and consumers need to have “healthy skepticism” as threat actors continue to leverage fake numbers.
“If you’re going to call a vendor, always make sure that you’re calling a number that’s locatable on the legitimate website,” he said.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.