Tag: vishing

Security, Tech

Caller ID is Inop, Please Try Again.

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Oh a new post, I guess I get to see what all this Scriptingthewhy nonsense is about.
Photo by Mike Jones, please support by following @pexel.com

Scammers are trying to get people with the old hook, line, and sinker. Phishing emails aren’t the only thing you have to be on the lookout for, well, in this case, keeping an ear out for.

Scammers have turned to fishing phone calls to lure potential victims into giving most if not all their information. We will be looking at what kind of attack this is, who used it, the functionality, and effects upon release, and what are some ways to keep safe when you’re just trying to use the phone to call Nana.

Who are these people that keep calling me fam?
Photo by Liliana Drew, please support by following @pexel.com

The Attack

What are the latest attacks on the internet coming up like gas prices and rising panic of the future? Look no further than what’s called “vishing.” This version has been named “LetsCall”. If you’re under a rock and have no clue, don’t worry, we got you.

Vishing is similar to email phishing; this is the act of posing as someone the victim may know or a reputable business in hopes they fall victim and leak sensitive information.

Vishing is done differently because this attack uses the phone instead of sending the victim a letter saying “I’m a prince with a lot of money and I need your account to hide it in.” And before you ask, yes, people still fall for that.  

Hello, it’s me. I was wondering if all these years you’d like to meet.
Photo by Tan Danh, please support by following @pexel.com

Who Can It Be Now

Since its release on the market and a lot of threat actors are using it, no one person or group has been made a name for using it but that doesn’t mean someone won’t slip up in the future.

It is believed that the group of threat actors consists of both front-and-backend developers, designers, and operators who specialize in voice social engineering.

This is a nice little mix of; down let your guard down but don’t get your hopes up.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

When it comes to the world, it’s a game of chess.
Photo by Pixabay, please support by following @pexel.com

That Sinking Feeling

LetsCall has been used to target users in South Korea but given how crafty it is, it’s believed that attacks have expanded since its release to European Union countries. This is a growing concern because LetsCall comes ready to go out of the box and this means anyone can use it.

It has been noted that there are three parts to this attack. The first step is, as with many phishing attempts where a fake site is created for the victim to interact with, in this case, it’s the Google Play Store. From there they download the first portion of the application chain attack.

Once the application is installed and run, it redirects all incoming calls to a call center controlled by the threat actors. In the call center, there are trained operators posing as bank employees, this is done with the intent to extract sensitive bank information.

To facilitate connections and bypass firewalls, threat actors make use of the Voice over Internet Protocol (VoIP)— is a technology that allows the user to make internet-based calls instead of using a standard phone, and Web Real-Time Communication (WebRTC)—which allows for audio and video to work within webpages by allowing peer-to-peer communication.

So in short, once this is on your phone, the only people you will be able to contact is the call center.

When it comes to your information, operate with top secret clearance.
Photo by Caleb Oquendo, please support by following @pexel.com

The Prevention

At this point, we’re assuming you don’t want to make friends with people from a random call center and you’re looking to protect yourself. A good form of protection is to use and do not disclose your 2MFA (Two-Multifactor Authentication), password, and any other possibly sensitive information.

Check your caller ID before answering as you could more likely tell by the number that it’s a scammer calling you. If you choose to engage with the scammers, explore how much information they are willing to give you regarding their full name, the company they’re working for, and the reason pertaining to the call, and request an extension number in case the call drops.

You should red flag anyone requesting payment via prepaid or gift cards as this will be the payment method of scammers and not a legitimate organization. Any questionable or suspicious interaction should be documented, and authorities should be involved.

Remember, the best kept secrets are the ones no one finds out about.
Photo by Ty Huynh, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on LetsCall? Script a comment below.

Security, Tech

Being able to phish is important, here’s how…

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

gentleman sitting down with breakfast at a laptop
A mail-order bride doesn’t sound like a bad idea after all.
Photo by Jack Sparrow, please show support by following @pexels.com

So you get an email from someone you don’t know, more likely they’re someone who promises you something that’s usually too good to be true, like in my case a nice comfy job that would pay six figures and all I had to do was work from home.

My start date is still pending. In other cases, it could be presenting you the opportunity to hold money for them because they claim to be a rich prince (or princess) with a lot of money, and they’ll reward you handsomely for completing such a task for them.

If you haven’t gotten any of these emails, you’re the lucky one out of the bunch because other people can attest to having their spam inboxes littered with these emails.

If you have ever been unfortunate enough to complete your interaction with any of these individuals, you’ll be sad to know, you’ve just been phished (and no, it’s not what you think it is).

Don’t know what I mean? Well, you’re in luck because I’ll be going over what, how, who, and more or less how you can be more aware when checking your DMs.

gentleman pointing a handgun
Hi, I’m Sarah69lover…and you’ve just been catfished.
Photo by cottonbro studio, please show support by following @pexel.com

Phishing with Dynamite

Phishing is not what the name states although it parallels and before you ask, no none of this happens with actual fish. Phishing is the act of contacting someone posing as a contact the victim may know or trust to extract money, and information, or to provide them with problematic malware.

Malware could be installed to either gather information without you knowing, wreak havoc on your computer, or simply a combination of the two.

There are a few various forms of phishing, all come with interesting versions of the original name. You have spear-phishing, whaling, smishing, vishing, and email-phishing.

Email phishing is the most common type of attack people fall victim to. In the other attacks, in a nutshell, an attacker is targeting you directly, an attacker is aiming for the most important individual in the company (more like CEO type person), an attacker tries contacting you via text with a link, and the last one is a voice call impersonating someone from a company like Microsoft.

There are two other types of attack which get even more interesting, there’s sextortion which is the attacker contacts you with a threat of revealing a recording from your webcam watching “adult time” material (been on the hub, I know that’s an actual brand, trust me I’m not proud) and search engine phishing (or SEO poisoning) where attackers prop themselves high up on the search engine only for you to click on their link and be redirected to emptying out your pockets or worse, releasing the hounds on your computer by downloading malware.

Criminals have many interesting ways of trying to get your money and that list continues to grow.

man looking with evil intentions
I never intended to rob people, but life insisted I do.
Photo by cottonbro studio, please show support by following @pexel.com

Emailing with Delicious Intent

Who are the people that do this and how could they do this to someone you might ask? Well, for one, it could be anybody, attackers come in all shapes and sizes.

That sweet old lady at the end of the street you live on who gives cookies to children with a smile and everyone in the neighborhood waves to could also be the same prince or princess seeking to pull money from your bank account.

And to the second part of your question, well, really, come on, the economy, might be a controversial thought but people would be less inclined to commit a crime if economic hardship wasn’t a thing.

Many people today are in the “have not” section of society and the cost of living rising each year applies pressure on people to venture into areas they wouldn’t have considered the year before, theft being one of them.

I’m not saying I condone it, but I understand it.

Woman seated in front of laptop
Can’t find me a date on tinder? Looks like it’s phishing time.
Photo by Dan Nelson, please show support by following @pexel.com

Two Times a Fool

You might be thinking to yourself, “who falls for this? I mean just how? Most of the emails I come across are poorly structured and or in bad English.” Well, just because you didn’t fall victim doesn’t mean your adolescent entrepreneur or Gam-gam won’t.

In fact, most victims are either in their 20s or in their mid-late 40s, so that’s either an “I’m still trying to figure it out, oh this link says it can make me rich” or “I’m about to hit a mid-life crisis and my Nigerian princess/wife is still not here.”

People who worked for big-name companies and even some big-name IT companies often become complacent and fall victim to these attacks.

So no matter what the target size is, the effects of phishing are felt around the world.

keyboard keys spelling the word "scam"
If you can read this, click the follow or subscribe button. It’s not a scam likely, promise.
Photo by Mikhail Nilov, please show support by following @pexel.com

Phishing Abroad

At this junction, you’re probably thinking, “I don’t want to fall victim to this, how do I protect myself or is there a career path to learn more so I can protect others?” You’re in luck, protecting yourself from phishing is possible but to quote Run-DMC, “it’s tricky”.

As mentioned earlier, attackers find interesting ways to pull money and information out of you. Some ways you could protect yourself are by double checking the email for grammar, misspelled words, and links that may seem fishy (saw what I did there) an example of this would be the word “google” spelled in the link as “go0g1e”, and finally double checking the person contacting you.

If they’re asking for information that they should have on hand and you’ve had no dealings with them or their company, swipe left because it’s a scam likely. Do you want to protect others?

There are countless entry-level cybersecurity jobs and for most of them, you don’t need a degree. An Information Security Analyst is one of the most common entry-level jobs, in which they are responsible for system and network security analysis.

You can learn the necessary skills on your own through a Bootcamp (which I wouldn’t recommend since they can get pricey) or by grabbing some online courses. I currently hold a certificate for Cybersecurity Analysis provided by IBM via Coursera.

It may be just a certificate that doesn’t hold much weight as a certification but passing the quizzes and projects wasn’t an easy ride.

It’s been over three paychecks and she’s still not here. I don’t know how much more money I can send her.
Photo by Andrea Piacquadio, please show support by following @pexels.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Think you have what it takes to enter the world of cyber security?

Script a comment below about a time when you got a suspect looking email.