The latest wave of attempted data theft from companies and institutions with millions of customers, such as Ticketmaster or the Spanish energy company Iberdrola or the General Directorate of Traffic, is not only aimed at extorting these large entities. The real mine is in the information of thousands of users, who are the victims of 84% of internet scams. From now on you may receive hundreds of fake emails, incredible offers and suspicious calls. Don’t answer with the word “yes.” Cybercriminals can record you and use it to usurp your voice when purchasing goods over the phone or contracting financial products. The security forces and the National Cybersecurity Institute (Incibe) have been warning of these scams for a year. From now on, respond “hello” and, if the conversation leads to questions that seek a “yes” response, avoid the word, hang up and report it.
“Phone calls are still a common form of communication and, regardless of who is calling us (friends, family or strangers), it is common to respond with a simple Yeah. However, few of us are aware of the hidden risks that can arise when giving such a seemingly harmless response,” he warns. Incibe on his blog and the police replicate on their networks.
This is how the “yes” scam works:
They call. Cybercriminals call the potential victim claiming to be from their bank or a sales or customer service company, or even from their computer or phone company. You can make the number on your screen match that of these entities and, since you already have access to their stolen data, you try to build trust in the victim by providing information that the entity has. If you answered “yes” only when you picked up, the cybercriminals already have what they wanted and hang up. If you respond “hello,” “tell me,” or any other expression, they will try to continue the conversation.
They ask. In this case, the scammer will establish a dialogue that seeks your affirmative and unequivocal response. They want a “yes.” It could be: “Do you want this product at an incredible price for being a customer?” or “Are you married?” or “Do you plan to go on vacation this summer?” The cybercriminal needs to record the answer unequivocally, so he will try several times if he doesn’t get it the first time and will space the time between question and answer to obtain the recording.
They usurp. Once the victim’s voice is obtained, the scammer will try to use it to register for a telephone banking service in the victim’s name or purchase a product in their name via mobile phone.
– YESSSS???? 📞📞
❌NO❌ Do not answer with Yes
👉The #scammers They ask questions for you to answer with a Yes and record your voice to use it later to register for a service.
➡Hang up quickly if you don’t trust
⚠️Be careful with the #yesscam pic.twitter.com/qrVdYJFZhD
— National Police (@policia) October 30, 2023
To do
One of the first measures is to change the response habit and not answer with a “yes.”
But if you have done so and suspect a scam attempt, hang up without providing any further personal information. Do not encourage communication or follow their instructions regarding personal information or to click on any message or email sent to you during or after the call.
If your phone shows the name of a trusted entity as the caller, contact them to verify that they are behind the call.
Change the passwords to access your commercial or financial accounts with unique ones for each service and complex ones (numbers, upper and lower case letters and graphic symbols). Also keep track of that day and the following days. If you detect any suspicious movement, inform the entity.
Check if your username and password details have been compromised. There are free tools like haveibeenpwned.com or the password checking service Google.
If you detect suspicious activity, save any files related to the scam such as caller numbers, emails or messages that may be related to the crime to inform the authorities and have proof of the scam in case of a claim.
Report if the scam occurs to the State Security Forces and Bodies and provide all the details and evidence.
This fraud technique is known as vishing (deception through the use of voice) and uses social engineering to impersonate a trusted entity in the call and information technologies to impersonate you in the contracting or purchase of goods and services.
Cybercriminals don’t just usurp the identity of private companies. They can also be made by agents who demand payment for an infraction, by the postal service for a false package received and even by the Tax Agency to report a non-existent return.
Increased incidence of deception
The report Phishing [engaño] 2024 from security company Zscaler reveals a “year-on-year increase of almost 60% in hacking attacks phishing globally promoted, in part, by the proliferation of generative artificial intelligence” to impersonate emails, SMS, voice or even images through hyper-realistic fake videos.
“He phishing remains a persistent and often underappreciated threat within the cybersecurity landscape, even as it becomes increasingly sophisticated as threat actors take advantage of cutting-edge advances in generative AI and manipulate trusted platforms to intensify attacks. attacks,” highlights Deepen Desai, head of security research at Zscaler.
Jurgen Kutscher, vice president of Mandiant Consulting at Google Cloud agrees: “From time to time, attackers update the tactics and procedures they use to achieve their objectives, which poses new challenges for security teams.”
According to The report annual report of this company on Europe, the Middle East and Asia (EMEA), the exploits [programas que aprovechan un error o una vulnerabilidad de una aplicación o sistema para provocar un comportamiento involuntario o imprevisto] and the phishing They remain key threats, with an incidence of between 16% and 36%.
The company Check Point warns that one of the common tactics for deception It is supplanting an authority. “For example,” the company explains, “the attacker can pretend to be calling to collect unpaid taxes. Fear of consequences can cause victims to do what the attacker tells them. These types of attacks cost to the victims 124 million dollars in 2020, only in the United States.
In this sense, Marc Rivero, head of security research at Kaspersky warns: “He phishing remains a constant threat in the digital landscape that constantly evolves to deceive unsuspecting users. Our best defense is vigilance and skepticism. But we also recognize that the fight is a joint effort that requires the collaboration of users, companies and authorities. It is essential to be cautious, verify before accessing the links and protect our digital identity to guarantee everyone’s safety.”
You can follow EL PAÍS Technology in Facebook and x or sign up here to receive our weekly newsletter.
#Dont #Answer #Phone #Data #Thefts #Fuel #Massive #Fraud #Campaigns