On “TikTok” a prank is gaining popularity where people call their friends —using an automated voicemail— to tell them that a large amount of money is about to be debited from their account.
Kaspersky experts warn that this trend is a real fraud method, called “vishing”, and is actively used by cybercriminals.
Kaspersky researchers detected an increase in the number of “vishing emails” in June (almost 100,000 in total) and collected around 350,000 “vishing emails” between March and June 2022. They also explained how “vishing” works and how to avoid falling into this trap of cybercriminals.
“Vishing” (short for “voice phishing”) is the fraudulent practice, where people are tricked into calling cybercriminals and revealing their personal information and banking details over the phone. Like most “phishing” schemes, it starts with an unusual e-mail from a large online store or payment system. For example; it could be a letter from a fake version of “PayPal” informing the victim that they have just received a request to withdraw a large amount of money from their account.
But here’s the difference: While regular “phishing” emails ask the victim to follow a link to cancel the order, email “vishing” asks them to urgently call the customer support number provided in the email.
Kaspersky experts emphasize that this method was deliberately chosen by cybercriminals, because when people look at a “phishing” site, they have time to think about their actions, or notice signs that the page is not legitimate. But, when victims talk on the phone, they are usually distracted and find it more difficult to focus. Under these conditions, attackers do everything they can to distract them: rushing them, intimidating them, and demanding that they urgently provide their credit card details, in order to cancel the allegedly fraudulent transaction. After obtaining the victim’s bank account information, cybercriminals use the information to steal their money, leaving the victim with an empty wallet.
Kaspersky experts emphasize that in the last four months (from March to June 2022) they have detected almost 350,000 “vishing emails”, which ask victims to call and cancel a transaction. In June, the number of such “emails” increased, reaching almost 100,000, leading Kaspersky researchers to predict that this trend is gaining momentum and is likely to continue to grow.
Curiously, “TikTokers” actively repeat one of the “vishing” methods, with the only difference that they do not send a fraudulent “email” in advance, nor do they steal anything from their victims; their goal is a “show”, not money. The call is made through an answering machine, whose voice is produced with an online translator. Most often, pranksters pose as representatives from the customer service department of a large online store, claiming that they have just received an order from the victim, for several thousand dollars, and asking for their confirmation. Regardless of how the victim responds, the next thing the operator says is:
“Thank you, your order has been confirmed.”
People think that the operator misheard them and that the money will be withdrawn from their account immediately, so they panic, scream and do not realize that they are being fooled.
When people are persuaded to reveal their personal data during a phone call rather than on a “phishing page”, they often have no chance to realize that they are the target of a hoax; and the large number of “TikTok” hoax videos are typical example of this.
“I often come across videos on “TikTok” of “bloggers” pranking other people, calling them and telling them their account is going to be charged thousands of dollars. Victims believe it and go crazy with it.
When you look at these videos on your phone, you think:
“How can anyone be fooled by something like that?”
But, when people encounter “scam calls” in real life, they are often affected by several circumstances at once. Such a call can put them on hold, while their head is full of other things and they cannot clearly assess who is on the other end of the line; a prankster, a fraudster, or a real bank security expert.”
comments Roman Dedenok, security expert at Kaspersky.
To protect yourself from “vishing”, Kaspersky recommends:
- Check the sender’s address. Most “spam emails” come from addresses that don’t make sense, or appear as gibberish; for example, “amazondeals@tX94002222aitx2.com”, or something similar. By hovering over the sender’s name —which may be misspelled— you can see the full “email address”. If you are not sure if an “email address” is legitimate or not, you can put it into a search engine to check.
- Consider the type of information requested. Legitimate companies do not contact you unsolicited —via “spam e-mail”— to ask for personal information; such as bank, or credit card information, your social security number, or other sensitive data. In general, “spam messages” telling you to “verify your account information”, or “update your account information” should be treated with caution.
- Be wary if the message creates a sense of urgency. “Spammers” often try to apply pressure using this tactic. For example, the subject line might contain words like “urgent”, or “immediate action required”, to compel you to act.
- Checking grammar and spelling is an effective way to spot a “scammer”. Typos and bad grammar are red flags. The same goes for odd phrasing, or unusual syntax —which may result from translators translating the email— many times.
- Install a trusted security solution and follow its recommendations. The safe solution will deal with most problems automatically and notify you if necessary.
(Συνολικές Επισκέψεις: / Total Visits: 9)
(Σημερινές Επισκέψεις: / Today's Visits: 1)