The attackers leverage psychological manipulation tactics throughout the process, first creating curiosity with vague email content, then generating panic with the multimedia message, and finally applying high-pressure social engineering during the phone conversation to extract sensitive information from victims. These new attack vectors, observed in early 2025, represent an evolution in social engineering tactics where threat actors exploit commonly trusted file formats to deliver fraudulent messages prompting victims to make phone calls to fake customer support numbers. When analyzing samples like “Invoice QCFT-01031D15.mp4” (SHA256: 564474210b017fcad57c3ca3a9dd5fc130850ef01182d6dc745d5e2599354be9) and “ASIF_page-0001 (1).webp” (SHA256: fa578d184cf5f23d2fc5ef9eee45febc4e168edaeef7b1ba13c33124786e57cb), researchers discovered the files contained static images with fake payment information rather than actual multimedia content. Cybercriminals have developed sophisticated vishing techniques that leverage multimedia file formats to bypass security systems and target unsuspecting victims. Most email security solutions focus scrutiny on executable files or commonly abused document formats while giving multimedia files minimal inspection. Security experts recommend enhanced email filtering configurations that scrutinize multimedia attachments, especially when combined with financial-themed messages or when sent from free email services. The attacks typically begin with emails containing minimal content in the body, creating curiosity or urgency that compels recipients to open the attached multimedia files. This technique allows the files to retain their multimedia extension while functioning essentially as documents, creating a detection blind spot in many security systems. Threat actors specifically choose MP4 video files and WebP image formats because security systems typically consider these formats low-risk. Once opened, these files display fake invoices or payment notifications, often claiming to be from trusted financial services like PayPal, with urgent messages about unauthorized charges. Trellix researchers identified this novel campaign in January 2025, noting a significant shift from traditional vishing methods that relied on PDF attachments or direct email content. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 09 May 2025 12:10:05 +0000