Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
It has been an eventful year in cybercrime. We hope you have been able to follow our blog for updates in the cyber security arena but in case you missed one or two, we’ve compiled the most popular posts published by PhishLabs in 2014:
Vishing is alive and well -- and impacting midsize banks
Multiple recent vishing attacks (Voice over IP phishing) have been stealing payment card data from the customers of U.S. banks. In an attack last week, customers of a midsize bank received SMS text messages claiming their debit card was deactivated and requesting they provide the card and PIN numbers to reactivate it.
PhishLabs investigated the attack and uncovered a cache of stolen payment card data belonging to customers of dozens of financial institutions. Based on analysis of the recovered cache, we estimate the vishing crew responsible for the attack has stolen the data of 250 cards per day in this vishing campaign. Further investigation also indicated that one of the phone numbers used in the campaign has likely been used in vishing attacks since October of 2013.
You’ve just been alerted to fraudulent phone calls or text messages claiming to be from your company that try to get your customers to provide their account information. What do you do? How do you respond? How do you stop them?
To answer these questions, it’s helpful to understand what a vishing or SMiShing attack entails. Sometimes referred to as phone phishing or VoIP phishing, vishing exploits the trust your customers have in your telephone communications to steal information that can be used to take over personal or business accounts.