Vishing aka ‘Voice Phishing Attack’ is a new cyber threat that offers cyber criminals the privilege to get money fraudulently. It works the same like email phishing, except because cyber criminals gain hold of private details using a phone.
In a joint advisory issued by FBI in association with CISA of Department of Homeland Security, hackers reportedly gained vast amounts of money by launching vishing attacks against companies in mid-July 2020 by launching those attacks in the following way-
a.) First, they set up fake website pages that duplicate an original website such of a retailer, banking firm or a payment gateway platform.
b.) Then they call the victims by pretending to be employees of a bank and somehow try their best to gain the car details or 2FA or else the onetime password.
c.) Sometimes, an email disguising a company email is sent to an employee of a company and then the attack is launched.
d.) Using mass scrapping and data harvesting schemes from social media platforms like LinkedIn, cyber crooks often create public profiles and then they call the victims to know their home addresses or personal phone numbers and in rare cases their designation in a company to launch email phishing attacks.
“In such cyber scams, the hackers divert the victim over phone to a malicious Webpage where they are asked to login sensitive credentials like bank account details such as usernames and passwords”, said Daniel Smith, head of Security Research at Radware.
Vishing always attains 86% success rate as the victims are targeted after an extensive research is conducted before calling them added smith.