Security Unlocked 9.1.21
Ep 43 | 9.1.21

Battling BazaCall BuzzKill

Show Notes

It's finally Friday. You successfully made it through another week and the weekend is so close you can taste it. You pour yourself a bowl of your favorite cereal, but before you can get that first bite your phone rings. It's a random number, but for some reason you're feeling chatty and decide to answer. Unfortunately, it's a robot that somehow knows your name and is asking for your social security number, home address, and password from that first AOL account you made in 1998!  It’s easy to recognize classic scams like these, but some of the newer, creative scams can be more challenging to identify.  One of these is called BazaCall, and they don’t call you – oh, no.  BazaCall will have YOU calling THEM! 

In this episode of Security Unlocked, host Natalia Godyla is re-joined by Microsoft Threat Analysts Emily Hacker and Justin Carroll to talk about a relatively new delivery method for malware and ransomware called BazaCall campaigns. They discuss the different delivery methods used, how attackers evade detection, and where the attack chain begins.     

In This Episode You Will Learn:   

  • What makes BazaCall campaigns unique from other email/phone scams 
  • How the delivery system works 
  • About a new technique called “double extorsion”  

Some Questions We Ask:   

  • What is the flow of the attack chain? 
  • What are some new tactics used by BazaCall centers? 
  • How can organizations mitigate attacks? 


BazaCall: Phony call centers lead to exfiltration and ransomware 

View Emily on LinkedIn 

View Justin on LinkedIn 


Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked

Discover and follow other Microsoft podcasts at  

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.