PC: dnaindia
Cyber security researchers have discovered that cybercriminals are increasingly merging 'vishing' techniques (voice phishing) with new OTP grabber services to increase their malicious activities, a new report on Monday said.
According to cybersecurity company CloudSEK, vishing involves manipulating individuals into revealing sensitive information over the phone.
The human touch in vishing adds a tangible element to these attacks, making victims more likely to trust the caller. Researchers reported that they deploy sophisticated interactive voice response (IVR) systems, authentic voice recordings of real individuals, or even real-time calling methods that appear to originate from a trusted company.
Using such tactics, users are skillfully manipulated into revealing their one-time passwords, which are usually given via text messages.
"Employing vishing as their method of choice, cybercriminals successfully obtained employee credentials, gained global administrator privileges within the Azure tenant, exfiltrated data, and "Held several ESXi hypervisors hostage for ransom."
Researchers have recently discovered a SpoofMyAss.com (SMA) advertising offering OTP bot and enhancement of SMS senders which can significantly assist cyber criminals in carrying out large-scale vishing attacks.
Features provided by SMA include OTP extraction, global calls in multiple languages, personalization, anonymous calls, and bot template creation, which researchers believe is strongly suggestive of carrying out phishing attacks.
“Highly reliable wishing calls can be leveraged using service features such as Fast SMA, Stream SMA, and Transfer SMA wishers,” said Bablu Kumar, Cyber Intelligence Analyst at CloudSEEK.
SMA has free user signup and also offers $1 as a welcome balance to the user's account.
The report states that its services are divided into two main categories – OTP bot spoofer and SMS sender.
PC: PurpleSec
As per the advertisement, OTP Bot Spoofer is a call service that can be used to receive OTPs of any length.
The bot can make international calls, receive multiple OTPs, and communicate in over 30 languages, while the SMS Sender service allows the use of 269 valid SMS gateways to send text messages to unknown users in different regions around the world. Claims.
Of these, 87 are US-based and 13 are India-based SMS gateways.
Furthermore, researchers claimed that the consequences of such exploitation are much deeper.
Once they gain access to a victim's online banking and other sensitive accounts, cybercriminals are ready to carry out a wide range of fraudulent online transactions.