News

Vishing: Rise in VoIP phishing attacks

Cybercriminals are always leveraging new strategies to try to trick unsuspecting users into giving up their personal information. From man-in-the-middle to distributed-denial-of-service malware, hackers' end goal is the same - gain access to as much sensitive data as possible and use it to their advantage.

However, by remaining aware of new attack techniques, including signs of infection and ways to prevent them, users can better safeguard their information and avoid having it fall into the hands of a hacker.

Recently, cyberthieves have been using a new approach to try to dupe individuals into sharing personal data. SC Magazine reporter Danielle Walker stated that cybercriminals have been utilizing "vishing" attacks to compromising an increasing number of payment cards. Banks have been seeing these instances in both U.S. and Eastern European financial institutions for the past few years and have been warning customers of the scheme.

What are vishing attacks?
According to Tech Target contributor Margaret Rouse, vishing attacks are similar to traditional phishing attacks, where victims are tricked into sharing personal information with a person or organization that appears legitimate, but is actually the creation of a hacker.

"Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology," Rouse wrote. "A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone."

Most often, targeted individuals will receive a voice message alerting them of suspicious activity flagged on their financial account. The message, which usually comes in the form of speech synthesis, includes a number for victims to call where they can verify their identity. However, when the return the call, they are actually freely providing personal information to cybercriminals.

Recent vishing instances
In the most recent attacks, Walker reported that many individuals received email-to-SMS messages from hackers posing as financial institutions. Targets get a legitimate-looking text from their bank which asks that they call a number to reactivate a compromised payment card. Callers must verify their connection to the account by providing the card number and PIN, which is then used by cybercriminals to make online or phone purchases, or to withdraw cash from the account.

Security expert John LaCour said oftentimes, thieves will attack one bank's customers for several days, then move on to target another institution.

"We believe that these attackers have been at this for several years," LaCour said. "It's still ongoing, and they've changed banks in the past 24 hours. The previous bank may have fixed the security issue, or [attackers] may feel like they've gotten all the cards they can."

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!