InfoSec Magazine: How the FBI Caught Voice Phishing (Vishing) Scammers

Posted on January 4, 2024

Founder and CTO of PhishLabs John LaCour spoke with FBI Special Agent Davey Ware at the RSA Conference in San Francisco to talk about how vishing attacks work to defraud victims of their money and discuss how one group of vishing criminals was caught.

Originally published on Infosecurity Magazine.

"Vishing attacks are phishing attacks that use the telephone network," LaCour said.

He explained that in vishing attacks the lure is delivered in one of several ways, including an email message with a call-back number, SMS via a telephone provider, and robocalls from an interactive voice response system (IVR). According to data cited by LaCour, over a one-year period more than 50% of vishing attacks targeted small banks and credit unions.

Vishing attacks occur in stages involving compromising a Windows server with some form of Remote Desktop Protocol (RDP) backdoor to gain access. Attackers also compromise IVR systems and then create fake email accounts as well.

 

Read the full article here.

Recent News

A PhishLabs report by security writer Brian Krebs was featured in a CNET article warning web users about HTTPS security fraud on the Internet.

Half of all phishing sites now have padlocks, but are anything but secure

Originally published in BLEEPINGCOMPUTER

Excerpt:

Charleston-based cybersecurity company is named a top employer in South Carolina.

Quarterly Threat Trends and Intelligence Report Finds Increase in Phishing Attacks Year-to-Date Over the First Six Months of 2020;