By Derek Koretpeter
A research blog post from Armorblox is showing that vishing attacks (the term is a mashup of “voice” and “phishing”) are seeing a rise in activity. Vishing simply takes the concepts found in social engineering attacks like phishing emails and applies them to voice interactions. That shady man on the phone claiming to be an IRS agent so that he can steal your personal data? That’s a vishing attack.
Armorblox bases its research on two specific tech support scams that have affected roughly 25,000 individuals. In both cases, the attacks started as regular email phishing but escalated to vishing via data collection. In regular phishing attacks, you are redirected to a fake site or asked to respond to an email for attackers to steal your data. However, in these attacks, the emails (which impersonated Geek Squad and Norton) required the target to call a number to continue the scam. The emails were able to bypass spam filters in Microsoft Exchange Online Protection and Proofpoint.
In the Geek Squad vishing attack, Armorblox states the following about the methodology of the criminals:
The email was sent from a Gmail account and was titled “Order Confirmation,” carefully treading the line between vagueness and urgency-inducing specificity. The email contained HTML stylings similar to genuine emails sent from Geek Squad, and included a renewal confirmation for an annual protection service.
Instead of including any links, the only call to action in the email was a phone number of the “Billing Department” that the victims could call to process order returns.
As for the attack impersonating Norton, the attackers tried similar tactics:
Like the Geek Squad email, this one was also sent from a Gmail account and had the same curiosity-inducing title: Order Confirmation. This email didn’t have any HTML stylings and was more plain-text compared to the Geek Squad email.
Just like with the other vishing email, this email also did not contain any links or other conventional payloads. The only payload was a phone number included in the mail body, inviting victims to call the number if they wanted to cancel their subscription.
Armorblox called both numbers listed in each attack email and quickly discovered that they were being phished for data. These attacks prove that every individual should practice defensive measures and common sense when engaging in any correspondence. For these emails to get past spam filters of respected companies, it shows that vishing has become more complex in its methodologies.
Simply put, always be wary of anyone seeking your data. You are the best line of defense against these attacks.
Derek Kortepeter covers a wide range of InfoSec topics for TechGenix, including cybersecurity, ransomware attacks, cryptography, cyber-warfare, and governmental policy. Derek, a graduate of UCLA, is a tech journalist committed to creating an informed society with regard to information security.