Advanced Vishing

Advanced VishingVoice Phishing, or vishing, is an attack vector we have covered in the past in which criminals use phone calls instead of emails to steal personal information, credentials, or money. However, criminals are pairing this time-tested attack vector with new technology and banking apps to steal even more information and money.

The first way criminals are using technology along with vishing is AI. Hackers are utilizing AI impersonation technology to create targeted personas to attack users with more realistic phone calls. Criminals use this technology to call vastly more individuals than they could with people behind the attack, meaning even if there is a lower return percentage, they still attack more people with AI voice impersonation.

The phishing group “Letscall” are taking vishing a step further against Android users by convincing them to download a malicious banking app and then stealing money from users while re-routing their phone calls.

The first step in this multi-tiered phishing campaign is to call Android users and convince them to download a banking app from a fake Google Play Store. After the malicious banking app is installed, it collects personal data from the phone and also re-directs phone calls back to the criminals. The users are called again and asked to log into the new malicious banking app. After the user gives the criminals their banking information, the phishing group steals money from the user’s real bank account. When the user tries to call their bank to report a problem, the calls are routed back to the criminal organization so they can further the scam for as long as possible.

The phishing group is highly organized and trained in front and back-end app development; they have a call center trained as a banking call center and are manipulating voice over IP (VOIP). They are also hacking Google servers and firewall restrictions to accomplish the attack.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright