“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone.

The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:

Data Breaches: Scammers often obtain phone numbers from data breaches where personal information is exposed and sold on the dark web.
Public Records: Phone numbers can be found in public records, such as court documents, voter registration lists, and property records, which are often accessible online.
Social Media: Many people share their contact information on social media profiles or posts, making it easy for scammers to collect phone numbers.
Online Surveys and Contests: Scammers create fake online surveys or contests that require participants to enter their phone numbers, which are then harvested for vishing.
Dumpster Diving: Physical documents thrown away without shredding, such as old phone bills or bank statements, can provide scammers with phone numbers. Once a visher has the list, he can program the numbers into his system for a more targeted attack.
Wardialing: A visher uses an automated system to target specific area codes with a phone call involving local or regional banks or credit unions. When someone answers the phone a generic or targeted recording begins, requesting that the listener enter a bank account, credit, or debit card number and PIN.

Once vishers have phone numbers, they employ various strategies to deceive their targets and obtain valuable personal information:

VoIP: Voice over Internet Protocol (VoIP) facilitates vishing by enabling vishers to easily spoof caller IDs, use automated dialing systems, and leverage AI-powered voice manipulation, all while operating from virtually anywhere with an internet connection. This combination of technologies makes it easier for scammers to appear legitimate and efficiently target numerous victims.
Caller ID Spoofing: Caller ID spoofing works by manipulating the caller ID information that appears on the recipient’s phone, making it seem as though the call is coming from a trusted or local source. Scammers use specialized software or VoIP services to alter the displayed number, which can mimic the number of a reputable institution, such as a bank or government agency.
Social Engineering: In live calls, vishers use social engineering techniques to build trust and manipulate the target into divulging personal information. They might pose as customer service representatives, tech support agents, or officials from financial institutions to convince you to hand over personal information.
Voice Manipulation Technology: Advanced AI-powered voice manipulation tools can mimic the voices of known individuals or create convincing synthetic voices, adding credibility to the call.
Urgency and Threats: Vishers often create a sense of urgency or fear, claiming immediate action is required to prevent serious consequences, such as account closure, legal action, or financial loss.

To protect yourself from vishing scams, you should:

Educate Yourself: Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents. As this crime becomes more sophisticated, you’ll want to stay up to date.
Use Call Blocking Tools: Utilize call blocking and caller ID spoofing detection tools offered by your phone service provider or third-party apps to filter out potential scam calls.
Be Skeptical of Caller ID: With phone spoofing, caller ID is no longer trustworthy. Since caller ID can be tampered with, don’t let it offer a false sense of security.
Do Not Share Personal Information: Never provide personal information, such as Social Security numbers, credit card details, or passwords, to unsolicited callers.
End the Call: If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.
Report Suspicious Activity: Call your bank and report any fraud attempts immediately, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller. Also report any suspicious calls to relevant authorities, such as the Federal Trade Commission (FTC), to help prevent others from falling victim to the same scams.

Staying vigilant and informed is your best defense against vishing scams. By verifying caller identities, being skeptical of unsolicited requests for personal information, and using call-blocking tools, you can significantly reduce your risk of falling victim to these deceptive practices. Additionally, investing in identity theft protection services can provide an extra layer of security. These services monitor your personal information for suspicious activity and offer assistance in recovering from identity theft, giving you peace of mind in an increasingly digital world. Remember, proactive measures and awareness are key to safeguarding your personal information against vishing threats.

The post How to Protect Yourself from Vishing appeared first on McAfee Blog.

Read More

A Thales report found that 44% of organizations have experienced a cloud data breach, with human error and misconfigurations the leading root causes

Read More

The framework aims to improve automated vulnerability discovery approaches

Read More

Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine.

The paper contains a good description of how the M-209 works.

Read More

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cybersecurity and threat preparedness may be at the forefront of your mind, and you may have protections in place against more common threats. Yet, as these threats continue to evolve, vigilance and adaptation are crucial for construction and manufacturing organizations.

Cybercriminals have gotten both more prolific and more creative. 2023 saw a record-breaking spike in cyberattacks, with well over 300 million victims falling prey to data breaches, and the average corporate data breach cost 4.45 million dollars. In an industry where reputation is everything, a single breach could sink your ship in more ways than one.

As we proceed, we’ll unpack the many ways that a cyberattack could impact your ability to turn a profit, making you aware of vulnerabilities that exist within your organization’s structure. Then we’ll provide you with practical suggestions to patch these vulnerabilities, insulating you from outside threats and keeping you on track to remain profitable.

Computer Vision and Vulnerabilities

As you use new technologies to support your existing processes, you must be aware of vulnerabilities that new systems can create. If you’ve looked into leveraging recent tech advancements in your field, you’re probably familiar with computer vision technology. Computer vision technology uses data gathered from physical images, importing them into the digital realm and unlocking a variety of potential benefits.

Takeoff software and AI-powered planning systems streamline the project liftoff process by, simplifying cost estimation, identifying and correcting blueprint errors, and even advancing sustainability goals. While these systems can be leveraged to optimize a wide variety of processes, they also shift the balance of project planning from human input to automated computing processes. This in turn puts you more at risk for being a victim of a cyberattack.

Malefactors can access automated systems through a wide variety of channels. Whether they break into your network via access to an IoT-connected device that someone misplaced in the workspace, or secret malicious code into the data sources your devices consume to function, increasing your use of technology also increases their windows of opportunity. As these systems increase in scope and importance, leaving windows like these open increases the risk of potentially profitable projects turning belly up.

Process Disruption

However, cybercriminals don’t need you to use newfangled technology solutions to cause havoc throughout your processes. Cybercriminals already have a tried-and-true playbook that they’ve been using on your competitors for years, and to great effect.

Some of the ways cyberthreats can fracture manufacturers’ processes include:

● Ransomware: If a cybercriminal gains access to mission-critical data, they can then lock that data behind a ransomware program. Ransomware holds company data and systems hostage until a certain amount of money is paid to the programmer. As with many other line items on this list, this can cause project delays, reputational damage, and heavy financial losses.

● IP Theft: Cybercriminals have methods of spying on network connections that they can leverage to get ahold of organizations’ intellectual property. Patching these vulnerabilities can help stop trade secrets from leaking out into the wider market.

● Supply chain fragmentation: Yes, cybercrime can make the problem of mitigating supply chain issues even worse. A single vendor being compromised can lead to a domino effect of missed deliveries, wasted or damaged goods, and deadline extensions.

Most cybersecurity failures, including those above, involve a combination of employee negligence and the exploitation of system vulnerabilities. Gaining a level of cybersecurity awareness is absolutely necessary, as it will allow you to pre-emptively shield pain points from being exploited.

Tools You Can Leverage To Protect Your Systems

Educating your employees on common cybercriminal tactics must be your first step. Employee negligence is, far and away, the biggest vulnerability that organizations across industries have, being unevenly responsible for data breaches. As such, robust and frequent threat awareness training is a must for employees of all levels – it only takes one email to allow malware to take root in your organization’s systems.

Antivirus software, network monitoring solutions, and data encryption solutions like VPN servers are also absolutely necessary. Each provides insulation against a specific threat; antivirus software flags and quarantines malicious code before it ingrains itself in your network, while network monitoring and VPN solutions secure your web traffic from prying eyes.

You can also practice cybersecurity awareness and implement good practices across your company structures, like device hardening protocols, end-to-end encryption, and frequent patching of your operating system. Along with the above tools, these processes protect against employee negligence by proactively reinforcing network safety protocol, encouraging authorized users to comply and keeping unauthorized agents out.

As technology continues to evolve, and your sector with it, cybercrime threatens to become even more disruptive for manufacturers. Strive to attain cybersecurity awareness throughout your organization, and you’ll be able to protect your bottom line and your reputation from unwanted consequences.

Read More

CoinStats has revealed a likely state-sponsored attack impacting over 1500 users

Read More

Levi’s reveals major credential stuffing attack impacting over 72,000 customer accounts

Read More