In this digital day and age, the average user is likely familiar with the techniques and avenues cybercriminals use to get ahold of personal data and money. With this knowledge, we’ve become smarter and keen to the tricks of the cybercrime trade. However, cybercriminals have become smarter too, and therefore their attacks have become more complex. Take phishing, for example. There has been a dramatic shift in phishing attacks, from simple and general to complex and personalized. What was once spoofing emails or websites has now evolved into something more devious – vishing, or voice phishing. This method involves a cybercriminal attempting to gain access to a victim’s personal or financial information by pretending to be a financial institution via phone call. And now a new vishing attack is proving to be more difficult to detect than the typical phishing scams.
In April 2018, Min-Chang Jang, a manager at Korea Financial Security Institute and Korea University, made a breakthrough in his investigation into malicious apps designed to intercept calls to users from legitimate numbers. This tactic puts a new but troubling twist on the original voice phishing cyberattack. To be successful in this venture, a hacker must first convince a user to download a fake app. To do this, a link is sent to the victim, luring them in with an amazing offer around loan refinancing or something similar, which then prompts the user to download the faulty app. If the target takes the bait, calls will start to come in from the financial institution following up on the possible loan refinancing offer. The call, however, isn’t connected to the actual financial company, rather it is intercepted and connected to the bad actor.
We know that as we adjust to the world around us and become smarter about our security, cybercriminals will do the same with their thievery. Today it’s an advanced vishing attack, tomorrow it could be a different type of phishing vector. However, users can rest assured that companies like McAfee are working tirelessly to ensure our users can thwart any cyberattack that comes their way. While this voice phishing attack is hard to detect, here are some proactive steps you can take to ensure you don’t fall victim to cybercriminals’ schemes:
- Only install apps from authorized sources. To avoid malicious apps getting ahold of your data, only download apps from authorized vendors. For Android users, use the Google Play Store. For iPhone users, use the Apple App Store. Never trust a third-party app with information that could be exploited in the wrong hands.
- Turn on caller ID or other services. Numerous carriers now offer free services that notify users of possible scam calls. And a lot of phones come with call-identifying capabilities that can give the user a quick diagnostic of whether the call is legitimate or not. With this feature, users can report scam calls to a database too.
- Always think twice. In addition to tips and apps, there’s no better judge than common sense so if an offer or deal sounds too good to be true, it most likely is.