A Network of phishing websites has been identified by a Dutch mobile security company targeting Italian Online-banking users to get hold of their contact details.

Attackers are resorting to Voice Phishing, also called as Vishing to convince victims into installing malware on their android device. Telephone-oriented attack delivery (TOAD) is a social engineering attack wherein previously collected personal information is used to call and dupe the victim

The caller, also called as Threat Actor (TA) pretends to be calling as a Bank support agent and convinces the victim to install a security app which in fact is a malware.. Here is a visualization of how it works:

How to stay protected:

1. Ask questions to caller : calling location, branch, agent id, supervisor name. Ask if you can contact the said branch to communicate with him/her?

2. Understand the urgency : Is the caller suggesting to install the app urgently because….. In such cases DO NOT install the app. Say - I got your point. I will install it later when I have spare time.

3. Understand Bank's approach : Banks DO NOT call you and asks to install an app, or to provide sensitive information.

4. Secure Sensitive Information : Your date of birth, Mother's name, place of birth, answers to security questions, username, customer id, password are sensitive information. Banks and their agents, the legitimate ones, do NOT ask for such information. Be alert and extra cautious if someone from Bank asks you this info.

More conversation and questions are annoying to the TAs and if it triggers unfriendly or non-customer-centric response from the caller then it is clear sign that the call is not from a reputed bank.

Credit: ThehackerNews

#phishing #vishing #CyberSecurity #BankingFraud