[ad_1]
the vishing It is a type of fraud that relies on social engineering techniques and in which the attacker communicates by phone or by voice message impersonate a trustworthy company or entity with the intention of misleading the victim and convince her to take action that is against her interests.
Vishing was born from the union of voice and phishing, that is, it encompasses these phishing attacks (deceptions through fraudulent sites that mimic the portals of banks and companies) What involve a voicewhether robotic or human. In these, attackers can reach the victim by phone calls Massive calls, like a corporate call center, or leaving voicemail messages.
In addition, among the favorite subjects chosen by the crooks for these communications, there are references to financial problems or security, or impersonation of an alleged parent or acquaintance, etc.
They simulate making a transfer and change the amount so that it looks like there was an error.Photo: Clarín Archive
“Although this technique can be more expensive and work on the side of cybercriminals, it is more effective than other similar forms of attack such as phishing: by more personal communication only by e-mail, the emotional manipulation it’s easier to do, ”explains the computer security researcher from the ESET laboratory, Martina Lopez a Bugle.
“In extreme cases, the attacker fakes sadness or crying over a supposed problem that arises and that only the victim can solve,” he added.
Being a type of attack similar to phishing, the use of vishing as a resource by criminals can be observed in different fraud schemes. AT Here are some of the most common cases:
1. Reimbursement of the IT department
The victim is called upon for the first time to report a alleged reimbursement for a service that the user hired years ago and the alleged company has stopped offering.
Thus, they convince the victim to first install remote access software on his computer that will allow the fraudster to access the computer and then ask him to access his bank account from his computer.
A type of vishing: they convince the victim to install software on their pc and steal the data. Photo: Clarin Archives
In parallel, simulate a transfer and they change the amount so that it looks like there was an error and a different value was entered resulting in the transfer of more money than was due. In this way, the user feels obligated to act in good faith and return the excess money allegedly transferred, and this is where a scam occurs.
2. Technical support: malware infection (“malicious program”)
They communicate with the victim explaining that they are calling a company with a generic name, supposedly specialized in computer security, and they assure you that they are providers of protection services for your computer.
Using social engineering, the attacker persuades the victim to end up granting access to their computer using remote access tools that can act even when the owner is away.
Another type of vishing: they trick the victim into believing their device is damaged and they have to pay a large sum of money to repair it.
Then, by running applications that are usually factory installed on the victim’s computer or viewing allegedly corrupted files, they discover – bogus – signs of infection to worry the victim and make believe that your device has been compromised.
Once the attackers consider that the user is sufficiently concerned, they intimidate you into buying a supposed security solution for a large sum of money to fix the problem (which doesn’t exist).
3. Financial and legal fraud and identity theft of a public body
The attackers pose as the voice of an entity such as the police, a bank or a law firm to report any fraudulent problem or movement associated with the victim.
With this excuse, they ask for the delivery of personal information and in some cases even access to the user’s computer, thus being able to enter confidential, private and sensitive information.
4. An acquaintance in difficulty
Pretending to be someone they know, attackers urgently ask for the recipient of the call need to hand over money, either physically or via a bank account which will be provided by telephone.
Many times using aggressive emotional manipulation methods, such as a false cry or the call for an accident suffered by the knowledge of the alleged victim, to add credibility to the deception.
The victim of a scam must report to the Tax Unit specializing in cybercrime. Photo: Clarín Archives
The IFE scam, still in effect
In 2020, in its entirety quarantine, a computer security firm warned of a new hoax that targeted beneficiaries of Emergency family income (IFE).
Impersonating ANSES officials, the crooks sent a WhatsApp to potential victims and convinced them they were calling them to help them recover. So, they got the credentials of the victim’s home bank, hijacked his account, and took out a loan on his behalf.
Currently, with the second hello from coronavirus and the idea of a fake monetary support on the part of the government, the crooks have returned to the ring.
“In one example we found, crooks communicate with victims by posing as lawyers at a law firm affiliated with the Ministry of Social Development. They allege that in order to supplant the failure to deliver the IFE bond During these months and the impending quarantine due to the increase in cases in our country, they were responsible for providing financial assistance. “
The message from the crooks who, in 2020, pretended to be ANSES employees. Photo: ESET.
“As they say, it would be for the value of $ 20,000 and it would target people with disabilities, the unemployed, below the poverty line, the elderly, among other groups affected by the economic crisis. To retrieve it, they say, the victim must wait for another call that will be executed on time and write down a code that they must then enter at the ATM. “
When this communication arrives, the crooks do nothing more than guide the victim step by step to set up their home bank key and enter the code they mentioned above, in addition to providing the user you are operating with on the bank’s site. Thus, the crooks get full control of the account.
Recommendations to avoid being a victim of vishing
“Upon receiving a suspicious call check the source. If it’s an acquaintance, contact them, and if it’s a suspected bank, check the reason for the call or if we have an associated service, ”says López, from ESET Latin America.
“It’s important too beware of the origin and if in doubt, end the communication as soon as possible. If the person who contacted us claims to be from a company with which we are associated, it is advisable to contact the company through the official communication channels. », He concludes.
How to report?
The victim of a scam should contact the Tax unit specializing in cybercrime (UFECI). 11) 5071-0040 / 0041 Email: [email protected]
LN
.
[ad_2]
Source link