U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

On demand Calling service for cybercriminals growing

Trusteer Researchers have found a professional calling service that has been designed for cybercriminals needs. The service is organized to offer the extraction of sensitive information needed for bank fraud and identity theft from individuals. The security company Trusteer has discovered an advertisement for making targeted call calls in different languages to private individuals, banks, […]

Trusteer Researchers have found a professional calling service that has been designed for cybercriminals needs. The service is organized to offer the extraction of sensitive information needed for bank fraud and identity theft from individuals.

The security company Trusteer has discovered an advertisement for making targeted call calls in different languages to private individuals, banks, shops, post offices and similar organizations. $10 per call, this is the price for the service offered, cybercriminals were offered the possibility of obtaining the missing pieces of information they needed to pull off attacks.

Many criminals have refined the techniques for collecting the information necessary to conduct an attack against a specific target. Banks and other Financial Educational Institutions, however, have a high level of security provided for their services making it difficult to carry out fraud. The introductions of authentication mechanisms more or less complex as the one-time-use passwords (OTPS) or sending codes for authentication through mobile devices has actually increased the level of security for each transaction.

To be able to retrieve the information described and then the service offers an on-demand social engineering to convince them to provide the information necessary to the success of the offense.

What is surprising is the organizational model of the service, trained staff is able to embody all kinds of professionals such as computer technicians, computer technicians from ISPs (Internet service providers) or employees of companies that can supply all kinds of services, all to deceive the victims.

For example, if a fraudster wants to log into an account by using stolen online banking credentials, but is prompted for an OTP because he uses a different IP address than the real account holder, he can give a caller the information needed to impersonate a bank employee.  Armed with things like the victim’s name, account number, birth date and other personal information, the caller can claim that he’s performing system checks and ask the targeted individual to read back the code sent to their phone.

Illegal call services are not new and the number of rogue call centers has increased in recent years and all this services are available during American and European working hours, it might indicate that the group is operating in these regions,” said Trusteer security researcher Ayelet Heyman.

According to Heyman, the service is still operational at this time and Trusteer is not aware of any types of actions taken to shut it down.

There is also a possibility that the people behind it are routing the calls through compromised phone systems in order to decrease the costs of the operation, she said.

Users should treat all unsolicited calls with caution, regardless of what kind of information the person on the other end of the line has about them, Klein advised. They should also confirm any suspicious requests with the organization the caller is claiming to represent, but they should do so by calling its publicly listed numbers, not those provided by the caller.

The upward trend fot this kind of services is worrying. They are efficient, focused and with infinite patterns of implementation and are able to reap illustrious victims. The only way to reduce the phenomenon in question is through the information on the threat.

Calling service helps cybercriminals extract sensitive info