Dialing Up Deception: The New Vishing Scam

Fraud, as a concept, is only slightly younger than the concept of a promise. The advent of monetary and electronic advances in the past hundred or so years has only encouraged the practice and evolution of fraud tactics.  Phishing is no exception.  According to RSA research, phishing represented 50% of all cyber attacks last quarter and continues to play out worldwide, combining known electronic fraud tactics and alternate forms of deployment.

Vishing, or voice phishing, is a phishing attack where fraudsters use the telephone to misrepresent their affiliation or authority in the hope that victims will reveal credentials or other personal information for further compromise. Normally, vishing actors obtain the personal information of the victim, including their phone number, and initiate an unsolicited call claiming to be from an organization the victim trusts such as a bank, government agency, or other service provider.  Victims, often unaware that fraudsters can use tactics such as caller ID spoofing to make it appear as though they are calling from a legitimate business, are more likely to be socially engineered by the personal touch of a human voice than the impersonal touch of an email.

Changing the Formula
While vishing accounts for less than one percent of total phishing-type attacks, according to RSA’s research, it remains a very real threat, as evidenced by its recent evolution.  Vishing scams, traditionally believed to originate from an inbound call, are now being deployed in reverse.  Instead of the fraudster calling (Read more...)

*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Heidi Bleau. Read the original post at: http://www.rsa.com/en-us/blog/2018-11/dialing-up-deception-the-new-vishing-scam.html