Phishing is a form of social engineering in which an attacker sends a fake message created to trick the victim into providing personal information.
Messages sent via SMS, social media platforms, email, etc. can make it seem like the message is from a trusted company, but most often they contain malicious attachments to spread malware.
Vishing is an abbreviation for Voice Phishing, a type of phishing that combines the words “voice” and “phishing”.
In Vishing, the attacker impersonates someone from a trusted organization (a bank or a popular online service), but uses the phone as a weapon to steal personal information.
In some cases, the scammer will call the victim or leave a voicemail message. In other cases, they will send an email with a contact phone number and advise the recipient to call that number.
While attackers can send out thousands of phishing emails all at once, hoping that someone will fall for it, VoIP (Voice over Internet Protocol) technology is now allowing attackers to do the same thing while spoofing their caller ID and identity.
A report released by cybersecurity firm Armorblox analyzes two recent phishing attacks aimed at impersonating Amazon and stealing customers’ credit card information.
The first phishing attack tracked about 9,000 email inboxes and was sent from a Gmail account with the subject line “Invoice:ID”.
The email was sent from a Gmail account, with the subject line “Invoice:ID”, followed by an invoice number, which includes the colored markers used by Amazon to indicate that the victim has purchased several hundred dollars worth of TVs and game consoles. It encourages recipients to contact it using a phone number if there is any mistake.
When Armorblox called the number, it was answered by someone impersonating an Amazon customer service representative. The person who answered the phone asked for his name and credit card details, then ended the call and blocked the call.
The researchers found that by using 0 for “AMAZ “0 “N TEAM”, they were able to bypass existing spam filters such as Microsoft Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MSDO). They were able to do so. The email was assigned a spam level of “1”, which means that the message was determined not to be fake.
With the pandemic spreading the use of online shopping even at home, attackers are trying to find new ways to trick victims into stealing their personal information.
In August, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) jointly issued an advisory warning of an increase in phishing attacks targeting private companies.
Comments