Digital Forensics Dispatch

Vishing Services in High Demand in Cybercrime Forums, Deepfakes More Credible

December 7, 2021

Recently, Soumik Ghosh at Information Security Media Group – ISMG published an article about cybercriminals that took vishing (the fraudulent practice of making phone calls pretending to be from a credible company to obtain personal information) to the next level by using audio or video technology to make impersonations appear as real as possible.

The Photon Research Team, a section of digital risk protection at the Digital Shadows firm, say threat actors can now impersonate their targets and bypass security measures like voice authentication. This could be used to authorize fraudulent transactions or even to imitate victims’ contacts to gain precious information. These techniques could pose a great risk to the banking industry, as many banks are using voice authentication to verify their customers over the phone.

Researchers say that cybercriminals choose their targets by using open-source intelligence techniques, looking through leaked databases that contain compromised information, or even engaging in active and passive scanning for open ports or vulnerable devices. Once the attacker picks their target, they might act as a buyer and ask questions to obtain a voice sample by recording the conversation.

The researchers underline a big operation in 2020 where attackers targeted new hires of companies by pretending to be IT support. They offered to troubleshoot VPN access issues. These attackers were successful in their efforts and acquired VPN credentials by phone calls, or by having the new hires enter their information into a fake VPN access portal.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics