The famous “uncle’s story” has adapted to the new times and is now 100% digital. Cyberattacks are becoming more and more perfect and as soon as a scam “technique” doesn’t work, there is already a new one looking for new victims.
The last one that was known is the so-called “double call” that combines two already known scams, smishing and vishing.
Smishing consists of sending an SMS posing as a legitimate entity, such as a bank, an institution or a social network, with the aim of stealing confidential information or making a financial charge. Generally, these messages include a link to a fake website or invite you to call a premium rate number.
Vishing, on the other hand, is a scam method that consists of making a call during which the scammer pretends to be a company, trusted person or organization. During the conversation, scammers try to obtain personal and sensitive information from the victim.
Now the scammers have perfected their technique and now resort to the “double call”.
How does the scam work?
Unlike other types of scams, this new technique requires two phone calls.
It is common for the victim to receive an SMS supposedly sent by their bank or a delivery company. In the message, they inform you of changes in the delivery of the package or strange movements in your account, urging you to access a link to modify the access codes for security reasons.
Minutes later, the victim receives a phone call in which they pose as the entity and ask for their online banking access codes to cancel the cards.
The victim then accesses the bank’s website from the browser, where they will see a pop-up box asking for the access codes once again. At that moment, she receives an SMS with the keys, which are really the confirmation keys for the fraudulent operation.
With this social engineering technique, they obtain sensitive data and control of their victims’ bank accounts.
When parcel companies are impersonated, which is very common, the cyberattack is carried out through an SMS in which they request to fill in the delivery address of the package. These types of messages always include a link to install apk applications that appear to be the official ones of the entities they impersonate.
When the victim accepts the download, in addition to the application, remote access software will also be installed on the device that will request to receive, read and modify SMS.
The content of the messages is usually similar to the following: “From (date) you will not be able to use your account. You have to verify yourself in the system from the following link…”, “An unauthorized computer is connected to your online account If you don’t recognize it, please check the link below” or “Your account or bank card was temporarily blocked.”
If customers access the link and enter the access codes requested by the supposed entity, they must quickly contact their bank to block all types of operations and change the password to access online banking.
In all cases of cyber-scam, a link is received – an underlined line and the text in blue – under the pretext of solving a fictitious problem. The data that cybercriminals usually request are: bank account number, name and surname, ID, home banking passwords, numbering, expiration date and CVV code of credit or debit cards.
cyber attacks on the rise
The number of cyberattacks due to data theft or ransomware grew during 2022 in Latin America. The data comes from Microsoft’s annual Digital Defense Report, prepared based on information collected between July 2021 and June 2022 around the world and released days ago.
According to the Microsoft report, the number of password attacks increased by 74% in the last year.
However, the study found that the number of cyberattacks did not spread evenly across all regions. Microsoft observed a decrease in the number of reported ransomware cases in Europe and North America compared to 2021, while reported cases during the same period in Latin America increased.
The Report also detected a steady increase in the number of email attacks, better known as phishing. In this sense, the researchers observed that the war in Ukraine became the new bait for this type of cybercrime: an alarming increase in emails posing as organizations requesting donations of cryptocurrencies in Bitcoin and Ethereum was detected to support Ukrainian citizens. /minuteone