• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Mobile   »   Vishing Attacks Increasing

Vishing Attacks Increasing

  • Posted on:June 13, 2008 at 12:58 am
  • Posted in:Mobile
  • Author:
    Carolyn Guevarra (Technical Communications)
1

In recent months, Web site compromises have become the most prevalent problem that threatens Internet users from all over. While this trend continues to dominate today’s security issues, let’s not forget about other threats that, although may be not as massive as these attacks, have equally serious ramifications against the victims.

Remember vishing? Well, here’s a refresher.

Vishing is a type of phishing attack that involves Voice over Internet Protocol (VoIP) technology in stealing user’s sensitive information, usually financial in nature. Like certain types of phishing attacks, it usually persuades users into divulging personal data by sending them legitimate-looking messages (via email, text message or sometimes even via telephone call), warning them that their account is supposedly to be suspended or has expired and instructing them to contact the number provided to prevent the suspension or to renew their accounts. Upon calling the number, users are directed to an automated voice mail system that prompts them to dial in their credit card numbers and PINs.

Earlier sightings of vishing attacks has been reported in 2006 and has been slowly and silently increasing its momentum since then. Last January, FBI’s Internet Crime Complaint Center (IC3) announced that the number of vishing-related complaints it received is rising at a considerably “alarming rate.” Trend Micro also noticed this movement as a couple of vishing attacks has been reported, among others, earlier this year (see A Growing Sophishtication and Phishers Raise their Voices).

And speaking of “growing sophishtication,” vishing attacks have seemingly followed the footsteps of Web site compromises and advanced phishing techniques by using toolkits in sending vishing-related SMS. Donald Smith of Sans Internet Storm Center came across SmssmtpSender, an automated toolkit that can be used for SMS spamming and vishing.

“SmssmtpSender consisted of several individual tools cobbled together to create a single toolkit to compromise, manage and control a set of systems for sending SMS spam via compromised popaccounts that had weak passwords.”

It is bad enough that these vishing attacks are difficult to trace due to the nature of VoIP (which makes it easily to spoof the Caller ID), now attackers are employing more sophisticated techniques in launching them at a large scale.

Certainly, more rigid security measures should be implemented, not just within targeted financial institutions or businesses, but within individuals as well. Refer to this issue of Trend Micro First Line of Defense for best practices against phishing and vishing, and learn how you can avoid becoming a victim of these threats.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: SMS spamvishingVoIP

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.