Voice phishing, or vishing, is having a moment right now, with numerous active campaigns across the world that are ensnaring even savvy victims who might seem likely to know better, defrauding them in some cases of millions of dollars.
South Korea is one of the global regions being hit hard by the attack vector; in fact, a scam in August 2022 caused the largest amount ever stolen in a single vishing case in the country.
That occurred when a doctor sent 4.1 billion won, or $3 million, in cash, insurance, stocks, and cryptocurrencies to criminals, demonstrating just how much financial damage one vishing scam can inflict.
Vishing campaigns in South Korea in particular take advantage of culture-specific aspects that allow even those who don't seem like they would fall for such a scam to be victimized, he says.
By doing this and arming themselves with people's personal information in advance, they are succeeding in scaring victims into making financial transfers - sometimes in the millions of dollars - by making them believe if they don't, they will face dire legal consequences.
Vishing Engineering: A Combo of Psychology & Technology Ryu's and his fellow speaker at Black Hat Asia, YeongJae Shin, threat analysis researcher and previously employed at S2W, will focus their presentation on vishing that's happening specifically in their own country.
Vishing scams similar to the ones occurring in Korea appear to be sweeping across the globe lately, leaving unfortunate victims in their wake.
The law-enforcement scams seem to fool even savvy Internet users, such as a New York Times financial reporter who detailed in a published report how she lost $50,000 to a vishing scam in February.
Several weeks later, the writer of this article nearly lost 5,000 euros to a sophisticated vishing scam when criminals operating in Portugal posed as both local and international enforcement authorities.
Ryu explains that the blend of social engineering and technology allows these contemporary vishing scams to victimize even those who are aware of the danger of vishing and how their operators work.
By using call-forwarding, even victims who try to validate the veracity of scammers' stories will think they are dialing the number of what seems like a legitimate financial or government institution.
Updated Vishing Toolboxes Vishing operators are also using other modern cybercriminal tools to operate across different geographies, including South Korea.
One of them is the use of a device known as a SIM Box, Ryu explains.
With scammers typically operating outside the geographic locations that they target, their outbound calls may initially appear to originate from an international or Internet calling number.
Through the use of a SIM Box device, they can mask their calls, making them appear as if they are being made from a local mobile phone number.
Attackers also frequently employ a vishing app called SecretCalls in their attacks against Korean targets, that not only allows them to conduct their operations but also evade detection.
SecretCalls also can overlay the screen on the phone and dynamically gather command & control server addresses, receive commands via Firebase Cloud Messaging, enable call forwarding, record audio, and stream video.
SecretCalls is just one of nine vishing apps giving cybercriminals in South Korea the tools they need to conduct campaigns, the researchers have found.
This indicates that multiple vishing groups are operating globally, highlighting the importance of remaining vigilant even to the most convincing scams, Ryu says.
Educating employees about the trademark characteristics of the scams and the tactics that attackers typically use to try to fool victims is also crucial to avoiding compromise.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 11 Mar 2024 23:00:15 +0000