Security News

Protect your business from VoIP fraud. Learn how to recognize the most common types and harden your phone system security.

The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. "Initially, we learned of a new parked domain and immediately marked the website for monitoring should it go live and start serving a phishing site intended to imitate our login page or something similar. Once we identified that this site went active and was being used in a phishing campaign against our customers, we worked with our vendor to take down the site," LastPass intelligence analyst Mike Kosak explained.

76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT, according to Enea. 61% of enterprises still suffer significant losses to mobile fraud, with smishing and vishing being the most prevalent and costly.

Once the malicious software is installed, it redirects incoming calls to a call center under the control of the criminals. To facilitate the routing of voice traffic, "Letscall" utilizes cutting-edge technologies such as voice over IP and WebRTC. It also makes use of Session Traversal Utilities for NAT and Traversal Using Relays around NAT protocols, including Google STUN servers, to ensure high-quality phone or video calls and bypass NAT and firewall restrictions.

An Android voice phishing malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. FakeCalls was previously documented by Kaspersky in April 2022, describing the malware's capabilities to imitate phone conversations with a bank customer support agent.

Malicious actors are resorting to voice phishing tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. Telephone-oriented attack delivery, as the social engineering technique is called, involves calling the victims using previously collected information from fraudulent websites.

Vishing cases have increased almost 550 percent during 2021, and vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021. In this video for Help Net Security, Eric George, Director of Solutions Engineering, PhishLabs, talks about this constantly evolving threat.

Vishing cases have increased almost 550 percent over the last twelve months, according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs. According to the findings, vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021.

A standard phishing attack typically involves sending people an email or text message spoofing a known company, brand or product in an attempt to install malware or steal sensitive information. The emails borrowed the look and layout of actual emails from Microsoft and even included information on a subscription for Microsoft Defender Advanced Protection that supposedly was ordered by the recipient.

According to researchers at Armorblox, the emails bypassed native Microsoft email security controls along with email security engines like Exchange Online Protection and Proofpoint, landing in tens of thousands of corporate inboxes. The attackers used the same look and feel from a branding perspective as the real Geek Squad, Iyer said, and the email body language "Carefully [tread] the line between vagueness and urgency-inducing specificity."