Tag Archive for: Vishing

What is Vishing and Is It A Threat to Your Business?

/in


What Is a Vishing Attack, and What Does It Look Like?

What is Vishing and Is It A Threat to Your Business?

Vishing attacks can take many forms, but the hallmark of vishing is unsolicited telephone calls to your employees. Usually, these phone calls pretend to be from a legitimate organization that your company may work with already. More sophisticated vishing attacks will spoof the caller ID as well. Some examples of vishing attacks include:

AppSec/API Security 2022
  • The bank scam. In this vishing attack, someone calls a representative of your company, pretending to be from the bank that processes your payroll checks. The scammer then claims that something has gone wrong with the payments: perhaps there was an error or a data breach. In this scam, the scammer’s ultimate goal is to get your company’s banking information (which can include usernames, passwords, bank account numbers, and more).
  • The IRS scam. We’ve all gotten those robocalls that claim to be from the IRS. Most of these vishing attacks aren’t very sophisticated, opting instead to contact as many people in as short a period of time as possible, but some of them do spoof legitimate IRS phone numbers on the recipient’s caller ID.
  • Tech support. Vishing attacks can also impersonate your own company. This is particularly common in spear-phishing and whaling attacks. The scammer usually claims that some work needs to be done on an employee’s computer, and then directs the recipient to a fraudulent website, where they download malware that infects their computer, potentially compromising the entire network.

Companies that maintain inbound call centers are at particular risk from vishing attacks, as they handle a high volume of calls daily, and many of them have policies that prohibit workers from being the ones to hang up. If you run an inbound call center, make sure to establish user verification and train your call center’s employees on the threat that vishing poses to your company.

Examples of Real-Life Vishing Attacks

Vishing attacks can devastate even the largest companies. Here are just a few examples of how vishing has changed the landscape of companies that do business on the Internet.

Source…

Two Charged in SIM Swapping, Vishing Scams — Krebs on Security

/in


Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information.

Prosecutors say Jordan K. Milleson, 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A. Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “vishing” attacks and “SIM swapping,” a form of fraud that involves bribing or tricking employees at mobile phone companies.

Investigators allege the duo set up phishing websites that mimicked legitimate employee portals belonging to wireless providers, and then emailed and/or called employees at these providers in a bid to trick them into logging in at these fake portals.

According to the indictment (PDF), Milleson and Bryan used their phished access to wireless company employee tools to reassign the subscriber identity module (SIM) tied to a target’s mobile device. A SIM card is a small, removable smart chip in mobile phones that links the device to the customer’s phone number, and their purloined access to employee tools meant they could reassign any customer’s phone number to a SIM card in a mobile device they controlled.

That allowed them to seize control over a target’s incoming phone calls and text messages, which were used to reset the password for email, social media and cryptocurrency accounts tied to those numbers.

Interestingly, the conspiracy appears to have unraveled over a business dispute between the two men. Prosecutors say on June 26, 2019, “Bryan called the Baltimore County Police Department and falsely reported that he, purporting to be a resident of the Milleson family residence, had shot his father at the residence.”

“During the call, Bryan, posing as the purported shooter, threatened to shoot himself and to shoot at police officers if they attempted to confront him,” reads a statement from the U.S. Attorney’s Office for the District of Maryland. “The call was a ‘swatting’ attack, a criminal harassment tactic in which a person…

Source…

Taiwan blames Chinese APTs for hacking campaign. GoldenSpy’s operators are trying to cover their tracks. Vishing attacks spike following Twitter hack. – The CyberWire

/in

Taiwan blames Chinese APTs for hacking campaign. GoldenSpy’s operators are trying to cover their tracks. Vishing attacks spike following Twitter hack.  The CyberWire
“cyber warfare news” – read more

Has Two Sisters: Vishing and Smishing

/in

While most Internet users are familiar with the term and its dangerous effects, security researchers are recording a considerable increase in two related malicious schemes, vishing and smishing. Vishing is a variant of , its name coming …
Read more