The ESET cybersecurity company warned about a new deception that steals sensitive information through telephone calls or voice messages.This is the vishing, a dangerously effective type of attack that relies on social engineering techniques and in which cybercounts communicate telephone or via voice message making a reliable company or entity.
The word vishing is born from the union of Voice and Phishing, that is, it encompasses those phishing attacks that involve a voice, whether robotic or human.In these, the attackers can reach the victim through mass telephone calls, such as a corporate call-center, or leaving voice emails.
Among the favorite themes chosen by scammers for these communications we find references to financial or security problems, or the impersonation of identity of a family or known assumption, etc..
In addition to monetary losses, vishing attacks can have not so obvious consequences for the victim, such as the use of their identity for future deceptions to other users: “The main recommendations to avoid being a victim of this type of fraud are:before receiving a suspicious so -called verify the source of this.If it is an acquaintance, contact him, and if it is an alleged bank, check the reason for the call or if we have any associated service, ”concludes Martina Lopez, computer security researcher at the ESET Latin America Laboratory..
Types of attack using Vishing
Refund for computer service: criminals establish a first telephone communication to inform about an alleged return of money for a service hired the user years ago and that the alleged company stopped offering.Thus, the scammer persuades the victim to first install a remote access software in his team that will allow the scammer to have access to the victim's team, and then request that he access his computer from his computer to his bank account.
In parallel, they simulate the realization of a transfer and modify the amount for it to seem.In this way the user feels pressed to act in good faith and return the supposed money transferred more, and it is here where the scam occurs.
Technical Support/Infection with Malware: in this fraud model, who communicates with the victim claims to be from a company with a generic name, supposedly specialized in computer security, which assures the victim that he provides protection services in his team.Using social engineering, the attacker convinces the individual to allow access to his equipment through remote access tools, which even allow controlling the device they access at all times, even when the owner is absent.
Then, executing applications usually installed from the victim in the victim's equipment or teaching allegedly corrupt files, discover -falsos- indications of an infection to worry the victim and make him believe that his device was committed.
Once the attackers consider that the user is sufficiently concerned to intimidate the same to buy an alleged security solution for a large sum of money to solve the problems.
Financial Problems/Legal Problems/Supplantation of State Agency: Atackers are passed through the voice of an entity such as the Police, a bank or a legal firm to inform about some fraudulent problem or movement associated with the victim.With this excuse the attackers request the delivery of personal information and in some cases until access to the user's computer, being able to access in this latest scenario the sensitive credentials.
Known in problems: this attack appeals to the need for urgency or links possessed by the victim.Simulating to be an acquaintance, the attackers urgently request the receiver of the call for the need to deliver money, either physically or through a bank account that will be provided by the same communication channel.On multiple occasions aggressive emotional manipulation methods are used, such as a false crying or the appeal to an incident suffered by the victim's known assumption, to add credibility to deception.Ambit
Notas Relacionadas