Scam phone calls about the payment of arrears!

Vishing, or voice-phishing, is a fraudulent method when attackers use phone calls to lure sensitive information from their victims. Fraudsters usually pretend to be legitimate organizations (banks, government offices, etc.) and try to instill a sense of credibility in front of their victims. The principle of the attack is to use manipulative techniques (pressure, threat, urgency), which should make the victim give the attacker the data he wants – usually sensitive data such as login names, passwords, or credit card numbers. In other cases, the attacker wants the victim to perform a particular action, for example, installing malicious software or transferring money to an unknown account.

The payment of arrears at the Tax Office – "Houston, we have a problem!"

Imagine a situation from everyday life: you get a call from an unknown number with a Czech or even a foreign area code - nothing new under the sun, you say to yourself. When you pick up the call, the caller on the other end tells you in a robotic voice that he is an employee of the tax office and is calling about the payment of arrears. We have encountered precisely this type of attack in recent days at MU when the attacker called the employee's Vodafone number from various numbers. What was alarming and striking, however, was the fact that this number was not publicly quoted anywhere by the employee.

Are you asking yourself, "How did the attackers get my number?"

Attackers use different methods to reach personal or work contacts. One option could be that the attacker tries to dial random phone numbers or targets an organization's website where the phone numbers are publicly listed (which did not happen in this case). Another possibility is using an employee account to spread phishing e-mails and extract the necessary data from internal databases.

---

More articles

All articles