One of the famous pranks is on TikTok, where people call their friends using automated answering system phrases to make them believe that a large amount of money is about to be deducted from their bank account. Kaspersky experts have warned that this “polish” is merely the personification of an actual fraud scheme called phishing, which is actively used by cybercriminals.
The researcher discovered an increase in the number of voicemail messages in June alone, which saw about 100,000 messages, while between March and June 2022 they were able to monitor about 350,000 phishing emails. They also explained how Vishing works and how to prevent you from falling into the trap of cybercriminals.
Voice phishing is a fraudulent practice to persuade targeted individuals to call cybercriminals and disclose their personal information and bank account details. Voice phishing, like most phishing schemes, starts with an unexpected email, from a large online store or digital wallet system. It could be a message from a fake PayPal telling the recipient that they have received a request to withdraw a large amount from their account.
Fake PayPal Notice of Big Money Purchase
The difference between voice wiping and regular wiping is that voice wiping emails ask a potential victim to urgently call an alleged customer service number found in the message, rather than clicking on a link in the message as usual.
Experts have confirmed that cybercriminals deliberately resort to this method to avoid giving their victims the opportunity to think about what they will do when they look at a phishing site that leads them to a link in a message, where they may signs that the page is fake; Talking on the phone, on the other hand, will be distracting and difficult to focus on, with the attackers doing everything in their power to bring the victims out of balance by rushing, intimidating and demanding quick account details. or provide bank cards, claiming that they are trying to cancel the alleged fraud, but they are stealing quickly. They do not steal money from those accounts as soon as they get their details.
Experts announced that in the past four months, between March and June, they had discovered about 350,000 incoming phishing emails asking potential victims to dial a number to cancel an impending bank transaction. Experts have found that there were nearly 100,000 fishing messages in June alone, leading them to expect this trend to grow in the future.
Number of voice erasure messages detected between March and June 2022
Oddly enough, TikTok users are actively repeating this audio phishing scheme, except that they do not send an email and do not steal any of the victims, their goal is to “polish” someone they know. The call is made in such a way that the recipient sees that it is from the automated answering system of the bank or the digital wallet that comes with their trade, by issuing the voice through a special reader with an online translator.
Mostly, the scammers in this scam present themselves as representatives of the customer service department of a large online store, claiming that they have just received an order from the victim to complete a large purchase amount, and request confirmation of the transaction. Regardless of the target’s response, the next thing the alleged answering machine says is “Thank you, your request has been confirmed”, thinking that the answering machine heard him wrong and that his money will be taken out immediately, so he panics and starts screaming, unconscious of that he was formed.
Experts stressed that talking to the targeted victims over the phone makes it easier to persuade them to disclose their personal data, as they often do not have the opportunity to think that they are being targeted by a joke. The experts proved the validity of this conclusion by the large number of “Tik Tok” videos showing the success of the scam, which are similar to the actual fishing efforts.
Roman Didnock, a security expert at Kaspersky, said in a comment on the “Tik Tok” clips that the victims “believe and go crazy as a result.” He added: “When you watch these videos on your phone, you wonder, ‘How can anyone fall for something like that?’ “But when people actually face fraudulent calls, they are often affected by various circumstances at the same time, as this call surprises them with a lot of concern about them, and they are unable to assess and know the caller,” whether he is a joker, a fraud or a real bank employee. ”
The report recommends that users take the following measures to protect themselves from fishing:
• Verify the sender’s address; Most unsolicited emails come from addresses that do not make sense, such as [email protected] or something like that. You can see the sender’s email address by scrolling over their name. The address can be placed in a search engine for verification.
• think about the type of information needed; Organizations do not suddenly reach out by email to request personal information, such as bank details, credit card details, a social security number, or other sensitive data. Therefore, spam messages asking for “verify account details” or “update bank account information” should be handled with care.
• be careful if the message contains some kind of urgency; Since spammers often try to apply pressure using these tactics, the subject line may contain words such as “urgent” or “require immediate action” to force the recipient to respond.
• Checking grammar and spelling remains an effective way to identify fraud attempts; Typos are indications of suspicion. So does the strange wording or structure of the message, which can result from the “translation” of the email, especially machine translation.
• Install a reliable security solution and follow its recommendations, which will automatically resolve most issues and alert the user if necessary.