One of the most frustrating things about cyber crime is how rarely threat actors receive real punishment, particularly when they’re based abroad.
Spoofing a phone number is not a new concept, you probably get several calls from them a day, but with the accessibility of VoIP solutions and open source software spoofing a phone number is a breeze.
Telemarketers, robocalls, spammers, scammers, and even prank callers use it, and what once started as a simple grab and go of any available phone number has since evolved.
Over the past few years the way people interact with the Internet has changed.
In the past, the vast majority of people (over 80 percent) accessed the Internet using Windows desktop and laptop machines, with similar OSX devices taking a distant second spot.
But by the end of 2016, everything had changed. Android mobile devices overtook Windows desktops as the most common means of accessing the Internet.
Naturally, this trend hasn’t gone unnoticed.
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
It has been an eventful year in cybercrime. We hope you have been able to follow our blog for updates in the cyber security arena but in case you missed one or two, we’ve compiled the most popular posts published by PhishLabs in 2014:
Vishing is alive and well -- and impacting midsize banks
Multiple recent vishing attacks (Voice over IP phishing) have been stealing payment card data from the customers of U.S. banks. In an attack last week, customers of a midsize bank received SMS text messages claiming their debit card was deactivated and requesting they provide the card and PIN numbers to reactivate it.
PhishLabs investigated the attack and uncovered a cache of stolen payment card data belonging to customers of dozens of financial institutions. Based on analysis of the recovered cache, we estimate the vishing crew responsible for the attack has stolen the data of 250 cards per day in this vishing campaign. Further investigation also indicated that one of the phone numbers used in the campaign has likely been used in vishing attacks since October of 2013.
You’ve just been alerted to fraudulent phone calls or text messages claiming to be from your company that try to get your customers to provide their account information. What do you do? How do you respond? How do you stop them?
To answer these questions, it’s helpful to understand what a vishing or SMiShing attack entails. Sometimes referred to as phone phishing or VoIP phishing, vishing exploits the trust your customers have in your telephone communications to steal information that can be used to take over personal or business accounts.