Phishing is a type of social engineering where an attacker sends a spoofed message created to trick his victim into revealing private data.

Sent via SMS, social media platforms, or email these messages can trick you into believing they are from a trusted company although most of the time they contain malicious attachments intended to spread malware.

Vishing, short for voice phishing, is a subset of phishing procedures that combines ‘voice’ and ‘phishing’.

In a vishing attack, the scammer still impersonates someone from a trusted organization (your bank or popular online services) but uses a phone call as a weapon in order to steal your personal information.

In some situations, the fraudsters call or leave a voicemail message for the victim. In others, the attacker sends an email with a contact phone number advising the recipient to call that number.

Scammers can send thousands of phishing emails out, hoping that someone will fall for it in operations and blast out thousands of emails all at once, and now, voice over internet protocol (VoIP) technology has enabled fraudsters to do the same, all while spoofing their caller IDs and identities.

In a report published Thursday, a cybersecurity company analyzed two recent vishing campaigns that spoofed Amazon intending to steal customer credit card details.

The first example vishing endeavor tracked to approximately 9,000 email inboxes, was sent from a Gmail account and contained the subject line: “Invoice:ID,” followed by an invoice number and content containing color markers used by Amazon.

This email says that the victim just bought a TV and gaming console that cost a few hundred dollars and recommends the receiver to contact them using a phone number if any mistakes were made.

Source

When the cybersecurity company called the number, someone answered impersonating an Amazon customer service agent. The caller was asked to provide the customer’s name and credit card details before ending the call and blocking the number.

According to the researchers, the use of a zero in “AMAZ0N TEAM” helped the message avoid existing spam filters, including Microsoft Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MSDO). A spam level of “1” was allocated to the email, which means that the message was not considered bogus.

In the second situation, which reached roughly 4,000 inboxes and was also able to circumvent EOP and MSDO, attackers pretended to be Amazon via a spoofed email address — “no-reply@amzeinfo[.]com” — and used the subject line, “A shipment with goods is being delivered.”

In this case, the researchers discovered that the scam seemed to have been stopped as the phone number wasn’t available for use.

Source

In these situations, the alleged loss of money used to scare the victims and the Amazon impersonation were combined in order to persuade victims into calling the scammers. Worst-case scenario, the victims could end up being tricked into giving their personal and financial information to fraudsters, leading to identity theft or fraudulent payments made on their behalf.

Due to our need to keep shopping online as we remain at home because of the pandemic, scammers will not stop trying to find new ways to trick us into stealing our private information.

In August, the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory warning of an increase in vishing attacks against the private sector.

Heimdal Official Logo
Email communications are the first entry point into an organization’s systems.

Heimdal™ Email Fraud Prevention

Is the next-level mail protection system which secures all your incoming and outgoing comunications.
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters to protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise;
Try it for FREE today Offer valid only for companies.
cover photo for heimdal security news
2021.05.07 QUICK READ

Data of Over 200,000 People Involved in Amazon Fake Product Review Schemes Was Leaked

2019.07.24 SLOW READ

What Is Spear Phishing and How Do You Prevent It?

Detecting and Preventing Phishing
2018.07.25 SLOW READ

The ABCs of Detecting and Preventing Phishing

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP