Silvana Saldisuri
05/07/2021 6:00 AM
Clarín.com
Services
Updated 05/07/2021 6:00 AM
The
vishing
is a type of fraud relies on social engineering techniques in which the attacker communicates by
phone or voice message
masquerading as a trustworthy entity company or with intent to deceive the victim
and convince her to take an action that goes against her interests.
Vishing is born from the union of
voice and phishing
, that is, it encompasses those phishing attacks (deception through
fraudulent sites
that imitate the portals of banks and companies) that
involve a voice
, either robotic or human.
In these, attackers can reach the victim through
mass
phone calls
, such as a corporate call center, or leave voicemails.
In addition, among the favorite topics chosen by scammers for these communications we find references to
financial
or security
problems
, or the identity theft of an alleged relative or acquaintance, etc.
They simulate the realization of a transfer and modify the amount so that it seems that there was a mistake.Photo: Clarín Archive
“Although this technique may represent a higher cost and work on the cybercriminals' side, it is more effective than other similar forms of attack such as phishing: a
more personal communication
is achieved through a phone call
than through an email , so
emotional manipulation
is easier to carry out ", details the Computer Security researcher at the ESET Laboratory,
Martina López
to
Clarín
.
"In extreme cases, the attacker simulates sadness or crying in the face of a supposed problem that arises and that only the victim can solve," he added.
Being a type of attack similar to phishing, the use of vishing as a resource by criminals can be observed in different fraud schemes.
Here are some of the most common cases:
1. Refund for computer service
They call the victim for the first time to report an
alleged refund of money
for a service that the user hired years ago and that the alleged company stopped offering it.
Thus they convince the victim to first install remote access software on their computer that will allow the scammer to access the computer and then request that they access their bank account from their computer.
A type of vishing: they convince the victim to install software on their pc and steal the data.
Photo: Clarin Archive
In parallel, they
simulate a transfer
and modify the amount so that it appears that there was a mistake and a different value was entered, causing more money to be transferred than was due.
In this way, the user feels pressured to act in good faith and return the allegedly transferred excess money, and this is where
the scam occurs.
2. Technical support: infection with a malware ("malicious program")
They communicate with the victim explaining that they call from
a company with a generic name
, supposedly specialized in computer security, and they assure him that they are providers of protection services for his computer.
Using social engineering, the attacker persuades the victim who ends up allowing access to their computer using remote access tools that can act even when the owner is absent.
Another type of vishing: they make the victim believe that their device is damaged and they have to pay a large sum of money to repair it.
Then, by running applications usually factory-installed on the victim's computer or by showing supposedly corrupted files, they discover - false - signs of an infection to worry the victim and
make them believe that their device has been compromised
.
Once the attackers consider that the user is sufficiently
concerned
, they intimidate him to buy a supposed security solution for a large sum of money to fix the problem (which does not exist).
3. Financial and legal fraud and identity theft of a state body
The attackers pose as
the voice of an entity such as the police
, a bank or a legal firm to report a problem or fraudulent movement associated with the victim.
With this excuse, they request the
delivery of personal information
and in some cases even access to the user's computer, thus being able to enter confidential, private and sensitive information.
4. An acquaintance in trouble
Pretending to be an acquaintance, the attackers urgently ask the recipient of the call for the
need to deliver money
, either physically or through a bank account that will be provided over the phone.
On multiple occasions,
aggressive emotional manipulation methods
are
used
, such as a false cry or the appeal to an accident suffered by the alleged victim's acquaintance, to add credibility to the deception.
The scammed person must make the report to the Specialized Cybercrime Fiscal Unit.
Photo: Clarín Archive
The scam with the IFE, again in force
During 2020, in full
quarantine
, a computer security firm warned about a new hoax that targeted the beneficiaries
of the Emergency Family Income (IFE)
.
Posing as ANSES managers, the scammers sent a WhatsApp to potential victims and convinced them that they were calling them to help them collect.
Thus they obtained the victim's home banking credentials, hijacked his account and took out a loan in his name.
Currently, with the
second wave of coronavirus
and the idea of a false
monetary support
by the government, scammers have returned to the ring.
"In an example that we detected, the scammers communicate with the victims by presenting themselves as lawyers from a study affiliated with the
Ministry of Social Development
. They allege that, to supplant the
lack of delivery of the IFE bond
in these months and the imminent quarantine due to the increase of cases in our country, they were in charge of delivering financial aid ".
The message of the scammers who, during 2020, were posing as ANSES employees.
Photo: ESET.
"As they say, it would be for the value of
$ 20,000
and it would be aimed at people with disabilities, the unemployed, below the poverty line, the elderly, among other groups hit by the economic crisis. To collect it, they say, the victim must wait another call that will be carried out at the hours and write down a code that must then be entered at the cashier ".
When this communication arrives, the scammers do nothing more than guide the victim step by step to configure their
homebanking key
and enter the code they mentioned above, in addition to providing the user with whom they operate on the bank's site.
Thus, scammers get full control of the account.
Recommendations to avoid being a victim of vishing
“Upon receipt of a suspicious call,
verify the source
.
If it is an acquaintance, contact him, and if it is a supposed bank, check the reason for the call or if we have an associated service, "says López, from ESET Latin America.
"It is also important to
mistrust the origin
and in case of being somewhat doubtful, terminate the communication as soon as possible. If the person who contacted us claimed to be from a company with which we are associated, it is advisable to contact the company through the communication channels officers. ”, he concludes.
How to report?
The scammed person should contact the
Specialized Cybercrime Fiscal Unit
(UFECI).
11) 5071-0040 / 0041 Email: denunciasufeci@mpf.gov.ar
LN
Look also
Increase in light: which are the appliances that consume the most and how to lower their impact on the bill
Bank scams: what are the most common scams and 10 strategies to avoid them