Phishers Switched to Callback Attacks

Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number.

Cyber attackers switched tactics in Q1 to move from links in phishing messages to using callbacks instead.

Callbacks accounted for one in five phishing attempts, according to research by Vipre. Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware.

The report also revealed that link usage accounted for 75 percent of phishing attempts in Q1 2024, dropped by 42 percent in Q1 2025.

“There’s a clear shift in cyber-criminals’ preference towards low-tech, high-impact, human-centric tactics, “ said Usman Choudhary, chief product and technology officer, VIPRE Security Group. “This demands a fundamental rethink of email security – one that addresses the human element as vigilantly as the technological.

“With cyber-criminals mastering the art of human deception, and crafting phishing attacks that bypass conventional defenses, email security in turn demands an approach that weaponises cyber-criminals’ own actions and uses their patterns to create a unique, future-proofed response.”

Cyber Crime Phishing Published: 28 April