This week, the Department of Justice for the U.S. Attorney’s Office for the Northern District of Georgia announced the final of three sentences to be carried out by cybercriminals that plead guilty to carrying out phishing campaigns involving vishing and SMiShing. I’m proud to say that the apprehension and conviction of these criminals was supported in part by intelligence PhishLabs provided in cooperation with federal law enforcement officials.
In May of 2018, we reported on three Romanian threat actors who were extradited to the U.S. for their involvement in a SMiShing and Vishing fraud scheme. At the time of reporting, the expected losses were listed around $18 million but have since risen to more than $21 million.
Tax season may be over, but that doesn't stop fraudsters from trying to convince you that your taxes could land you in jail. It's a common vishing scheme, powered by robocalls, and there are just as many email phishing schemes to go along with it.
One of the most frustrating things about cyber crime is how rarely threat actors receive real punishment, particularly when they’re based abroad.
Spoofing a phone number is not a new concept, you probably get several calls from them a day, but with the accessibility of VoIP solutions and open source software spoofing a phone number is a breeze.
Telemarketers, robocalls, spammers, scammers, and even prank callers use it, and what once started as a simple grab and go of any available phone number has since evolved.
Over the past few years the way people interact with the Internet has changed.
In the past, the vast majority of people (over 80 percent) accessed the Internet using Windows desktop and laptop machines, with similar OSX devices taking a distant second spot.
But by the end of 2016, everything had changed. Android mobile devices overtook Windows desktops as the most common means of accessing the Internet.
Naturally, this trend hasn’t gone unnoticed.
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
It has been an eventful year in cybercrime. We hope you have been able to follow our blog for updates in the cyber security arena but in case you missed one or two, we’ve compiled the most popular posts published by PhishLabs in 2014:
Vishing is alive and well -- and impacting midsize banks
Multiple recent vishing attacks (Voice over IP phishing) have been stealing payment card data from the customers of U.S. banks. In an attack last week, customers of a midsize bank received SMS text messages claiming their debit card was deactivated and requesting they provide the card and PIN numbers to reactivate it.
PhishLabs investigated the attack and uncovered a cache of stolen payment card data belonging to customers of dozens of financial institutions. Based on analysis of the recovered cache, we estimate the vishing crew responsible for the attack has stolen the data of 250 cards per day in this vishing campaign. Further investigation also indicated that one of the phone numbers used in the campaign has likely been used in vishing attacks since October of 2013.