Hybrid Phishing Attacks: How Hackers Get You to Call Them

As technology evolves, so do the tactics of cybercriminals. One such tactic that has grown by over 600% since 2021 is hybrid phishing attacks. In a recent webinar hosted by HacWare and Perimeter 81, cybersecurity experts discussed this threat and how hackers are luring users into making phone calls to gain access to their systems.

What is Hybrid Phishing?

Hybrid phishing is a type of phishing attack where cybercriminals use a combination of tactics, such as emails, text messages, and phone calls to deceive users into providing their login credentials or sensitive information. Unlike traditional phishing attacks where users are lured into clicking on a link or downloading an attachment, hybrid phishing attacks involve the perpetrator asking the user to take a secondary action from the initial attack, such as making a phone call to a specific number, responding to a text message, or answering an incoming call.

The Attacker Journey

The attacker journey in hybrid phishing attacks often starts with a phishing email that tricks the user into thinking they need to call a customer service number or technical support. Once the user makes the call, they may be directed to provide their login credentials or other sensitive information to the perpetrator.

The Risk

The risk of hybrid phishing attacks is that they can result in the perpetrator gaining a foothold within an organization’s system. Once they have access to an employee’s endpoint device, they can propagate across the network to reach the most important data or systems, such as the company’s valuable private data. This can lead to devastating attacks such as ransomware or a data breaches.


One misconception about hybrid phishing attacks is that they are only successful against low-level employees or less security-savvy users. However, cybercriminals can (and will) target anyone within an organization, including executives and IT personnel. The age of susceptible users is another common misconception. While users in the 55+ demographic were previously considered most susceptible, in reality, users between the ages of 18 and 34 are most commonly scammed through this type of attack. Another misconception is that users can easily spot and avoid these attacks, but as these attacks become more sophisticated, they can be difficult to detect.

What Can You Do?

To protect against hybrid phishing attacks, it’s important to educate employees about this threat and how to identify it. Companies can also implement multi-factor authentication, security awareness training, and network segmentation to reduce the risk of a successful attack.

In conclusion, hybrid phishing attacks are a growing threat that companies need to take seriously. By understanding how these attacks work and implementing effective cybersecurity measures, organizations can protect themselves from potentially devastating attacks.

Thank you for reading and stay safe online!

View our webinar here hosted by: HacWare CEO & Founder, Tiffany Ricks and Perimeter 81 Senior Director of Product Marketing, Boaz Avigad.

You can find both HacWare and Perimeter 81 in the ConnectWise Marketplace

Looking for MSP vendors that already have a ConnectWise integration so you can sync customer information seamlessly? Then both HacWare and Perimeter 81 can support you. 

HacWare is a 100% automated security awareness training and AI-driven phishing simulation platform that helps MSPs combat phishing attacks.

Perimeter 81 is a robust, yet easy-to-use, cloud-delivered secure network, that connects and protects all business resources and users.

HacWare offers a free 14-day trial with white labeling when you use the promo code: ConnectWise. You can find them on the ConnectWise marketplace here

And Perimeter 81 offers free NFR licenses to MSP partners who join through the ConnectWise marketplace. You can find us here