New Attack Snaring Victims

Jigsaw Security is warning people about a new scheme that is resulting in infections at a higher than normal rate. If your like us and started seeing messages in your email made to look like voice message notifications earlier this week, you are not alone. The new 2 pronged attack has been observed and reported by several Jigsaw Security customers and appears to be an effective way to infect unsuspecting customers. Here's how this works from what our research has uncovered.

For the attack to be successful the attacker needs to have 2 pieces of information to be effective. First they need your phone number and then they need your email address. A third potentially useful piece of information would be your phone, VOIP or business phone provider which can be used to format the phishing message appropriately making it more believable.

Stage 1 - The phone call

The first part of this attack involves a call that reaches out to the person stating things such as "we see you have reached out for a job" and that the line "is being recorded". The threat actor attempts to get you to say the word yes by asking very direct questions such as "did you apply for a job?" or "can you hear me?" or in some cases they ask for you by name hoping you say yes. If you say the word yes they hang up and utilize parts of the recording to authorize other fraudulent transactions or to bill calls to your phone number (to scam other people).

Stage 2 - The Phishing Email

The next part of this scam arrives as a phishing email made to look like a legitimate voice message from several providers. This plays into the fact that the threat actor has already made a call but likely you didn't answer so the next logical step is that if it's a legitimate call they will leave a voice message, the first indication that something is not right is that you don't have any voice message on your actual phone.

Stage 3 - Infection and Theft of Information

The third stage is the infection from stage 2 which allows the threat actor to farther collect information about you to include passwords and sensitive banking information.

Background Information

We believe that this activity is a result of illegitimate job posting on job boards. Once they have your name and phone number as well as your email, they can then target the people that have applied in which they think they may be successful. Some things to look out for if your applying for jobs is common misspellings of words in the job posting and sentence structure as indicators that the poster may not be a native English speaker although many recruiters these days are also foreign.

Just be mindful of the information you give to prospective employers. With just a little bit of research they can find out everything needed to commit fraud on those unsuspecting persons that are not really paying attention to what is going on.

On 14 November, 2018 we observed exactly this transpire and have had multiple reports of similar activity from customers. We ask all customers and those reading our bulletins to be aware of this activity and protect your information.



Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.