Sophisticated Vishing Campaigns Take World by Storm

  /     /     /  
Publicated : 23/11/2024   Category : security


Sophisticated Vishing Campaigns Take World by Storm


One South Korean victim gave up $3 million to cybercriminals, thanks to convincing law-enforcement impersonation scams that combine both psychology and technology.



Voice phishing, or vishing, is having a moment right now, with numerous
active campaigns
across the world that are ensnaring even savvy victims who might seem likely to know better, defrauding them in some cases of millions of dollars.
South Korea is one of the global regions being hit hard by the attack vector; in fact, a scam in August 2022 caused the largest amount ever stolen in a single vishing case in the country. That occurred when
a doctor sent 4.1 billion won
, or $3 million, in cash, insurance, stocks, and cryptocurrencies to criminals, demonstrating just how much financial damage one vishing scam can inflict.
Sophisticated social engineering tactics of recent scams that are leading them to success include impersonating regional law-enforcement officials, giving them an authority that is highly convincing, according to Sojun Ryu, lead of the Threat Analysis Team at South Korean cybersecurity firm
S2W Inc
. Ryu is giving a session on the trend,
Voice Phishing Syndicates Unmasked: An In-Depth Investigation and Exposure,
at the upcoming Black Hat Asia 2024 conference in Singapore. Vishing campaigns in South Korea in particular take advantage of culture-specific aspects that allow even those who dont seem like they would fall for such a scam to be victimized, he says.
For example, recent scams have cybercriminals posing as the Seoul Central District Prosecutors Office, which can significantly intimidate people, Ryu says. By doing this and arming themselves with peoples personal information in advance, they are succeeding in scaring victims into making financial transfers — sometimes in the millions of dollars — by making them believe if they dont, they will face dire legal consequences.
Although their approach is not novel — employing the longstanding tactic of impersonating a prosecutor — the significant sum of money stolen in this instance can be attributed to the victims status as a relatively high-income professional, Ryu says. It is a stark reminder that anyone can fall prey to these schemes.
Indeed,
Vishing groups
operating in Korea also appear to deeply understand the culture and legal systems of the region, and skillfully mirror the current societal landscape in Korea, leveraging individuals psychology to their advantage, he says.
Ryus and his fellow speaker at Black Hat Asia, YeongJae Shin, threat analysis researcher and previously employed at S2W, will focus their presentation on vishing thats happening specifically in their own country. However, vishing scams similar to the ones occurring in Korea appear to be sweeping across the globe lately, leaving unfortunate victims in their wake.
The law-enforcement scams seem to fool even savvy Internet users, such as a New York Times financial reporter who detailed in a published report how
she lost $50,000
to a vishing scam in February. Several weeks later, the writer of this article nearly lost 5,000 euros to a sophisticated vishing scam when criminals operating in Portugal posed as both local and international enforcement authorities.
Ryu explains that the blend of social engineering and technology allows these
contemporary vishing scams
to victimize even those who are aware of the danger of vishing and how their operators work.
These groups utilize a blend of coercion and persuasion over the phone to deceive their victims effectively, he says. Moreover, malicious applications are designed to manipulate human psychology. These apps not only facilitate financial theft through remote control after installation but also exploit the call-forwarding feature.
By using call-forwarding, even victims who try to validate the veracity of scammers stories will think they are dialing the number of what seems like a legitimate financial or government institution. Thats because threat actors cunningly reroute the call to their numbers, gaining trust with victims and improving the changes of attack success, Ryu says.
Additionally, attackers are exhibiting a nuanced understanding of the local law enforcements communication style and required documentation, he says. This allows them to scale their operations globally and even maintain call centers and manage a series of burner mobile-phone accounts to do their dirty work.
Vishing operators are also using other modern cybercriminal tools to operate across different geographies, including South Korea. One of them is the use of a device known as a SIM Box, Ryu explains.
With scammers typically operating outside the geographic locations that they target, their outbound calls may initially appear to originate from an international or Internet calling number. However, through the use of a SIM Box device, they can mask their calls, making them appear as if they are being made from a local mobile phone number.
This technique can deceive unsuspecting individuals into believing the call is from a domestic source, thereby increasing the likelihood of the call being answered, he says.
Attackers also frequently employ a vishing app called SecretCalls in their attacks against Korean targets, that not only allows them to conduct their operations but also evade detection. Over the years the app has undergone significant evolution, Ryu says, which is why its one of the most actively disseminated variants of vishing malware, he says.
The malwares sophisticated features include the detection of Android emulators, alteration of ZIP file formats, and dynamic loading to impede analysis, Ryu says. SecretCalls also can overlay the screen on the phone and dynamically gather command & control (C2) server addresses, receive commands via Firebase Cloud Messaging (FCM), enable call forwarding, record audio, and stream video.
SecretCalls is just one of nine vishing apps giving cybercriminals in South Korea the tools they need to conduct campaigns, the researchers have found. This indicates that multiple vishing groups are operating globally, highlighting the importance of
remaining vigilant
even to the most convincing scams, Ryu says.
Educating
employees about the trademark characteristics of the scams and the tactics that attackers typically use to try to fool victims is also crucial to avoiding compromise.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sophisticated Vishing Campaigns Take World by Storm