Hello Dear TurkHackTeam Members. Today I'm going to talk about Vishing Attack and Ways to Protect you.
Have a good reading.
What Does the Vishing Word Mean?
The word origin of Vishing comes from Phising. In short, Vishing is Voice-Phising, which means deception with voice.
What is the Purpose of Vishing?
The purpose of Vishing is to aim to get information from the person being searched more easily or to social engineering such as fraud.
What can be done?
So what can be done with Vishing? The answer is in the rest of my article. With Vishing; You can successfully get everything you target from the person with this method. These could be the following. It can be account numbers, credit card information, e-mail and its contents, etc. Also, Vhising attacks can be done not only by phone but also by a very common message.For example, send free sms, sign up to earn X TL Points, etc. It can also be done by collecting your mobile phone numbers along with user information during registration, and then sending bulk sms over a rented line, just like a site operating in the same manner. However, the content of the message reaching mobile phones will be similar to the content of the e-mail sent, and attackers may aim to capture your information with similar scenarios. Let me continue my article with an Example Scenario.
How Can It Happen in Real Life?
Scenario: Mr. Mustafa , the manager of a corporate firm, receives an e-mail from the X bank, where he works and trusts on a busy day. The e-mail he received informs him that his accounts will become inactive within 2 days, and he needs to call the emergency call center and activate his accounts.
Mr. Mustafa trusts this e-mail, which seems to have come from Bank X, then calls the specified call center. Not suspicious of the fake call center voice response system, Mr. Mustafa enters his credit card information to the system to activate his accounts and terminates his transactions. He goes to lunch in a relaxed manner due to his account activation. However, he will soon learn that he has stolen his card information and the job will be too late.
Also, such sample scenarios are often experienced in real life. What should we do to avoıd being a victim of this kind of attack?
So What Should We Do? How Do We AVOlD These Attacks?
If you have been the target of this type of attack, it is up to you to be fully conscious. So How Do We Understand And Be Protected?
Such attacks often target businessmen. Because the attackers aim to obtain information or purely for a financial resource. Such an attack is very easy to understand. Let's continue with the example of the bank. Mr. Mustafa could see if it was a real bank by looking at the email address he received. Afterwards, Mustafa Bey could ask his secretary about this before calling, but he did not do that either. Later, Mr. Mustafa could investigate whether the number sent in the mail belongs to real customer service or not. Since Mister Mustafa did not do any of these, he fell victim to a scam and Vishing incident. So, Do Not Open Unknown Emails and Incoming Calls From Numbers You Do Not Know.
Let's get to the Protection Part. What Can We Do And What Should We Know To Be Protected?
-- Do not pick up calls from unfamiliar numbers. In particular, calls from consecutive private numbers are used to create a corporate image. You should pay attention to such tricks.
-- No prosecutor or police officer calls anyone and demands him to come somewhere. He can say come to the Police Department. You can go to the Police Department and investigate all the details.
-- Periodically investigate the current fraudsters made by the fraudsters, be aware of such methods.
-- Do not call the phone numbers that reach you through various means such as e-mail and sms..
-- In places where your private business would be valid, such as a bank, have authorized persons check the accuracy of the number you call.
-- Use the phone number on the back of your card when contacting places such as banks.
-- Do not make conversations that require private things in public and out loud.
-- When you think or suspect that this method is applied, inform the authorized persons. And ask to start Required Actions.
The Topic has ended.Thank You for Reading. Good forums.
Source: https://www.turkhackteam.org/sosyal-muhendislik/1935596-vishing-saldirilari-senaryolari-ve-korunma-yollari.html
Translator: Dolyetyus
Have a good reading.
What Does the Vishing Word Mean?
The word origin of Vishing comes from Phising. In short, Vishing is Voice-Phising, which means deception with voice.
What is the Purpose of Vishing?
The purpose of Vishing is to aim to get information from the person being searched more easily or to social engineering such as fraud.
What can be done?
So what can be done with Vishing? The answer is in the rest of my article. With Vishing; You can successfully get everything you target from the person with this method. These could be the following. It can be account numbers, credit card information, e-mail and its contents, etc. Also, Vhising attacks can be done not only by phone but also by a very common message.For example, send free sms, sign up to earn X TL Points, etc. It can also be done by collecting your mobile phone numbers along with user information during registration, and then sending bulk sms over a rented line, just like a site operating in the same manner. However, the content of the message reaching mobile phones will be similar to the content of the e-mail sent, and attackers may aim to capture your information with similar scenarios. Let me continue my article with an Example Scenario.
How Can It Happen in Real Life?
Scenario: Mr. Mustafa , the manager of a corporate firm, receives an e-mail from the X bank, where he works and trusts on a busy day. The e-mail he received informs him that his accounts will become inactive within 2 days, and he needs to call the emergency call center and activate his accounts.
Mr. Mustafa trusts this e-mail, which seems to have come from Bank X, then calls the specified call center. Not suspicious of the fake call center voice response system, Mr. Mustafa enters his credit card information to the system to activate his accounts and terminates his transactions. He goes to lunch in a relaxed manner due to his account activation. However, he will soon learn that he has stolen his card information and the job will be too late.
Also, such sample scenarios are often experienced in real life. What should we do to avoıd being a victim of this kind of attack?
So What Should We Do? How Do We AVOlD These Attacks?
If you have been the target of this type of attack, it is up to you to be fully conscious. So How Do We Understand And Be Protected?
Such attacks often target businessmen. Because the attackers aim to obtain information or purely for a financial resource. Such an attack is very easy to understand. Let's continue with the example of the bank. Mr. Mustafa could see if it was a real bank by looking at the email address he received. Afterwards, Mustafa Bey could ask his secretary about this before calling, but he did not do that either. Later, Mr. Mustafa could investigate whether the number sent in the mail belongs to real customer service or not. Since Mister Mustafa did not do any of these, he fell victim to a scam and Vishing incident. So, Do Not Open Unknown Emails and Incoming Calls From Numbers You Do Not Know.
Let's get to the Protection Part. What Can We Do And What Should We Know To Be Protected?
-- Do not pick up calls from unfamiliar numbers. In particular, calls from consecutive private numbers are used to create a corporate image. You should pay attention to such tricks.
-- No prosecutor or police officer calls anyone and demands him to come somewhere. He can say come to the Police Department. You can go to the Police Department and investigate all the details.
-- Periodically investigate the current fraudsters made by the fraudsters, be aware of such methods.
-- Do not call the phone numbers that reach you through various means such as e-mail and sms..
-- In places where your private business would be valid, such as a bank, have authorized persons check the accuracy of the number you call.
-- Use the phone number on the back of your card when contacting places such as banks.
-- Do not make conversations that require private things in public and out loud.
-- When you think or suspect that this method is applied, inform the authorized persons. And ask to start Required Actions.
The Topic has ended.Thank You for Reading. Good forums.
Source: https://www.turkhackteam.org/sosyal-muhendislik/1935596-vishing-saldirilari-senaryolari-ve-korunma-yollari.html
Translator: Dolyetyus
