What is Vishing and how does it work
Estimated reading time: 7 minutes
Vishing is a particular type of phishing that uses VoIP (Voice over IP) technology to carry out attacks. Unlike traditional landline telephone services, with VoIP technology it is possible to carry out telephone conversations using the Internet connection.
Hackers often use VoIP in their vishing attacks because this allows them to spoof their caller ID with great ease. Posing as an employee of a legitimate entity, such as a bank, the police or a well-known company, Hackers try to obtain personal and financial information of their victims.
With the information obtained it is possible to access a bank account and empty it. Furthermore, it is possible to commit fraud, scams and other crimes using the identity of the victim. Identity theft is a crime that has been on the rise in recent years, which is another reason to inform yourself and stay alert.
Vishing: how to recognize the attack
Vishing attacks usually use automatic text-to-speech systems to redirect the victim to a telephone number controlled by the hacker, but this does not exclude the possibility that a hacker could engage in a real conversation with his victim. The information most commonly targeted by vishing attacks is bank account data. However, many times, hackers also try to obtain access credentials to well-known services such as Microsoft, Apple or Google.
Using social engineering, hackers carrying out vishing attacks trick their victims into extorting money. Generally, scammers attempt to create a sense of urgency or try to alter the emotional state of their victims. This is to force you to pay quickly and without thinking deeply about what is happening.
Vishing: common attack patterns
Vishing attacks can be different from each other, although they always have common goals. A scammer who uses this type of attack could disguise his Caller ID by pretending to be an authoritative person or any known person. They may also leave pre-recorded messages containing threats in their victims’ email inboxes. Not just emails, hackers could also exploit SMS to carry out their scams, as in cases of smishing.
Scammers usually approach their victims by posing as people of authority or exploit the victim’s personal relationships. Below you will find a list of the most commonly adopted scam schemes.
Most common Vishing attacks
Debt collection agency scam
The scammer pretends to be an official of a debt collection agency. The scammer threatens legal consequences or even arrest if the victim does not pay his debts, even if the victim actually has no debt.
the hacker pretends to be a love interest for his victim who he meets on a dating app or site. He or she may sometimes pose as an old flame from the past who urgently needs money for some family or medical reason.
Tech support scam
The scammer poses as a tech support employee and claims there is a serious technical problem on the victim’s computer. The scammer, in this case, uses fear and a sense of urgency to gain remote control of the victim’s computer. It will then install malware passing it off as diagnostic software. Once you gain remote control of your computer, you can access files or any personal information stored on your computer.
There are real companies that live with this type of “business” in Asian countries. Furthermore, there are known creators and white-hat hackers on YouTube who intercept these scammers and try to carry out reverse (social) engineering to trap these criminals. Some of these creators have achieved remarkable results, causing some of these scammer companies to shut down.
Business and investment scams
Scammers pose as financial experts and convince victims to pay sums of money for investments. Scams centered on cryptocurrencies have been spreading a lot lately, driven by the utopia of making a lot of money in a short time.
Scammers pose as members of charities to convince victims to donate to their cause. These fake organizations don’t actually do any charitable work and the money donated goes directly to the scammers. It is very common for them to use photos of children or people suffering from illnesses to appeal to the human sense of compassion.
Using the information they have on the cars registered to their victims, they try to offer them advantageous insurance offers. With this strategy it is possible not only to collect other personal information on one’s victims, but also to defraud them financially if the victim decides to purchase the policy proposed by the hacker.
How is it possible to defend yourself from vishing
It is often difficult for victims to recognize vishing attempts because it is not unusual for banks and other entities and organizations to request sensitive information by telephone. Vishing attacks are increasingly sophisticated and can include pre-recorded messages and other ways to increase credibility.
We at SOD suggest several ways to detect vishing attempts, below are some strategies to adopt to recognize this type of attack. The best defense against these frauds, as in the case of phishing, is to know how to identify them immediately and not to spread any personal information by telephone, especially if the request is unexpected.
You should always be careful when using poorly traceable forms of payment such as cash, gift cards and prepaid cards. Additionally, you should pay particular attention to the characteristics of the phone call, such as the tone or accent of the person making the call or the urgency of the call. These can be alarm bells that signal the possible presence of a case of vishing.
To avoid falling victim to vishing, it is advisable to never answer calls from unknown numbers. Another useful tip is to never comply with requests from a suspicious person, such as pressing buttons when asked or answering suspicious questions.
If you are not sure about a number from which calls are received, you can always do an internet search and see if the number belongs to a service we use that is perhaps contacting us with a real problem.
In many countries, social media is used to communicate with the public. Many platforms use protection systems to verify the actual authenticity of government and banking profiles, therefore you should never trust an entity without these badges.
The types and mechanisms of intrusion are increasingly sophisticated. Phishing, smishing and vishing attempts are now a constant in our lives, continually putting our personal data at risk. As we have seen in many situations, data is the most valuable commodity on the internet, so protecting it must be a priority!
To concretely defend ourselves, the use of professional tools is the only safe path to take. Our SOCaaS service protects against vishing but is also a complete tool that guarantees corporate security, identifying and blocking all kinds of threats.
Additionally, SOD also organizes ethical attack campaigns to test the resilience of a company’s employees. After the attacks, the data collected is used to organize training sessions geared towards the specific characteristics of the company and the resilience shown by employees.
- Red Team, Blue Team and Purple Team: what are the differences?
- Mercedes’ Oversight Puts Company Secrets at Risk: Why Cyber Threat Intelligence is Critical
- SOC vs MDR: Complete Guide to Comparing Security Operations Center and Managed Detection and Response
- Strengthen Your Security Posture with Continuous Threat Validation
- Introduction to the Posture Guard Managed Cyber Security Service
- Zero Click Malware: The Invisible Digital Threat – How to Recognize and Defend Yourself
- Disaster Recovery Plan: Safeguarding the Future of Your Company
- Quishing: the dangerous hybrid between phishing and QR code
- Backup as a Service (18)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (23)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (198)
- Web Hosting (15)
- Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops February 21, 2024Iran has taken a page from the Russian playbook: Passing off military groups as civilians for the sake of PR and plausible deniability.
- New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe February 20, 2024Users have already downloaded droppers for the malware from Google's official Play store more than 100,000 times since last November.
- Wyze Cameras Allow Accidental User Spying February 20, 2024About 13,000 users received camera images and feeds that weren't theirs. This cyber incident takes place only five months after the company experienced a similar issue and failed to be transparent with users about the issues it was facing.
- Meta Disrupts 8 Spyware Firms, 3 Fake News Networks February 20, 2024While furiously trying to put out one fire — fake news — the social media giant is dealing with another growing threat: spies for hire.
- Joomla XSS Bugs Open Millions of Websites to RCE February 20, 2024Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.
- Google's Cloud Run Service Spreads Several Bank Trojans February 20, 2024A surging bank malware campaign abuses Google Cloud Run and targets Latin America, with indications that it's hitting other regions as well, researchers warn.
- Median Ransomware Demands Grow to $600K a Pop February 20, 2024The now-disrupted LockBit gang outpaced its competitors in volume in 2023, as ransom amounts spiked 20% year-over-year.
- 'KeyTrap' DNS Bug Threatens Widespread Internet Outages February 20, 2024Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.
- Hacked Iraqi Voter Information Found for Sale Online February 20, 2024A 21.58GB database of stolen personal voter data from Iraq's Independent High Electoral Commission (IHEC) may have been the result of a supply chain attack.
- Global Law Enforcement Disrupts LockBit Ransomware Gang February 20, 2024Operation Cronos, a collab between authorities in the US, Canada, UK, Europe, Japan, and Australia — seizes data and website associated with the prolific cybercriminal organization and its affiliates.
- SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) February 21, 2024Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20SEC Consult Vulnerability Lab Security Advisory < 20240220-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT (Frentix GmbH) vulnerable version:
- Re: Buffer Overflow in graphviz via via a crafted config6a file February 21, 2024Posted by Matthew Fernandez on Feb 20The fix for this ended up landing in Graphviz 10.0.1, available at https://graphviz.org/download/. Details of this CVE (CVE-2023-46045) are now published, but the CPEs are incomplete. For those who track such things, the affected range is [2.36.0, 10.0.1).
- CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool February 21, 2024Posted by Jeroen J.A.W. Hermans via Fulldisclosure on Feb 20CloudAware Security Advisory CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool ======================================================================== Summary ======================================================================== A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents....
- Microsoft Windows Defender / Backdoor:JS/Relvelshe.A / Detection Mitigation Bypass February 21, 2024Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/Windows_Defender_Backdoor_JS.Relvelshe.A_Detection_Mitigation_Bypass.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Detection Mitigation Bypass Backdoor:JS/Relvelshe.A [CVE Reference] N/A [Security Issue] Back in 2022 I released a...
- Microsoft Windows Defender / VBScript Detection Bypass February 21, 2024Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_VBSCRIPT_TROJAN_MITIGATION_BYPASS.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Windows Defender VBScript Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue]...
- Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3 February 21, 2024Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART_3.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Windows Defender Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue]...
- 44CON 2024 September 18th - 20th CFP February 15, 2024Posted by Florent Daigniere via Fulldisclosure on Feb 1544CON is the UK's largest combined annual Security Conference and Training event. Taking place 18,19,20 of September at the Novotel London West near Hammersmith, London. We will have a fully dedicated conference facility, including catering, private bar, amazing coffee and a daily Gin O’Clock break. _ […]
- SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS February 14, 2024Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 13SEC Consult Vulnerability Lab Security Advisory < 20240212-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: =3.4.17 CVE number: CVE-2024-24570 impact: high homepage: https://statamic.com/...
- Stored XSS and RCE - adaptcmsv3.0.3 February 14, 2024Posted by Andrey Stoykov on Feb 13# Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3 # Date: 02/2024 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Ubuntu 22.04 # Blog: http://msecureltd.blogspot.com *Description* - It was found that adaptcms v3.0.3 was vulnerable to stored cross site scripting - Also the application allowed the […]
- OXAS-ADV-2023-0007: OX App Suite Security Advisory February 14, 2024Posted by Martin Heiland via Fulldisclosure on Feb 13Dear subscribers, We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published at https://documentation.open-xchange.com/appsuite/security/advisories/html/2023/oxas-adv-2023-0007.html. […]
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF