Beware Of Voice Message Phishing Attacks Called Vishing

June 11, 2021

Written by wukovits

Hacker drawing

Hackers and scammers have been experimenting with “vishing” in recent months, as a subset of phishing.

Conventional phishing tactics rely on sending emails that employ a variety of social engineering tricks to convince unsuspecting recipients to hand over sensitive information up to and including login credentials.

However, “vishing” adds a new angle: Voice, either via pre-recorded message or employing an email that contains a phone number with a live person at the other end, who will try to coax the desired information from the caller live and in person.

Worse, in the case of incorporating pre-recorded messages, scammers can take a scattershot approach, generating thousands, or even tens of thousands of emails. These emails point back to a fairly convincing-sounding pre-recorded message, and even spoof their caller IDs while doing it so they come across as legitimate operations.

Internet security firm Armorblox has been studying the issue and recently released a pair of case studies relating to the phenomenon. Both studies involve impersonating Amazon, with the goal of convincing unsuspecting users to give up their credit card details.

Armorblox’s first case study involved a campaign that targeted more than nine thousand email addresses, sent from a Gmail account with the subject line of “Invoice: ID” followed by an invoice number and content that made it appear as though the communication came from Amazon.

According to the email, an order for some piece of tech (television, computer, gaming console, etc.) was placed by the recipient, and asking that individual to contact the company at the number provided if there are any questions or problems with the details. In this case, the included phone number is the “payload,” or at least the gateway to the payload.

The second campaign the company tracked was functionally similar, but was only sent to some 4,000 inboxes. In both cases though, since there are no poisoned attachments, there’s nothing for the spam filters of email systems to flag, which is what makes “vishing” such a dangerous phenomenon. Stay vigilant out there.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Send us a message

Your message was sent.