06.12.2022 - Last week, the NCSC once again received fewer reports than in the previous week, with 561 in total. Particularly striking were phone calls in which fraudsters attempted to obtain confidential information. In some cases, the caller claims to be an employee of a credit card provider and tries to obtain one-time passwords.
Phishing by phone
Every day, the NCSC receives dozens of reports about phishing emails. But emails are not the only communication channel for phishing. An increasing number of phishing attempts are made with text or WhatsApp messages. As some of last week's cases show, phone calls are also used to phish. However, phishing by phone, or vishing – a combination of phishing and V for "voice" – is not as widespread as the written approach. This is mainly because a fraudster has to invest more time in a phone call and also has to be able to respond in the language used by the victim. Yet the success rate for vishing is likely to be higher, as the pressure on the phone call recipient is to respond immediately and without thinking is greater than with an email.
In the current cases, the callers claimed to be employees of a credit card company. Most of the calls were in French, but we are aware of one case in which Swiss-German was used. The displayed caller ID was fake and suggested that the number did indeed belong to the Swiss financial service provider claimed by the fraudster. Caller ID spoofing is widely used in a number of different types of fraud. Unfortunately, there is currently no way of identifying or blocking spoofed phone numbers.
Apparently, the fraudsters already know the credit card details of the person they are calling, and the phone call is an attempt to obtain a text message code for 3D Secure protection. 3D Secure is an additional step to make online purchases more secure. A text message, for example, is sent to the purchaser, who has to confirm it.
In order to obtain these codes, the caller claims during the phone call that three suspicious international payments have already been intercepted. To cancel these fraudulent transactions, the call recipient is supposed to confirm three codes that are sent via text message during the phone call. For verification purposes, the victim is asked to read the codes aloud over the phone. Now that the fraudsters know the codes, they can trigger a fraudulent payment.
They also use this method to steal other one-time passwords. Such passwords are used to make payments and have them invoiced via the phone bill. Direct carrier billing, as it is called, allows online purchases in app stores to be charged directly to the user's mobile phone bill. After the phone number has been entered, these purchases have to be confirmed with a text message code. This is sent to the phone number entered, i.e. to the victim. If the victim forwards the code, the attackers can confirm the payment and the amount is debited or charged to the mobile phone bill. Buying gift cards from Google Play and iTunes is particularly popular, as they can be used to make money.
However, in this current variant, the fraudsters can take over the victim's WhatsApp account. WhatsApp also uses a one-time password to protect accounts from being taken over. If an attacker tries to register a WhatsApp account with the victim's phone number, a code is generated and sent to the original owner. If this code is passed on, the attacker can take over the account.
Recommendations:
- Do not forward any passwords or codes you receive by text message, WhatsApp or other media under any circumstances.
- As a general rule, be careful if someone phones you and pressures you to perform an action. Say that you are busy and end the telephone conversation immediately.
- Never hand over passwords or credit card details over the phone, in response to an email or messaging service or via a website.
- Install two-factor authentication whenever possible. This offers an additional layer of protection to prevent your account from being hacked.
- Bear in mind that caller IDs can easily be spoofed.
Current statistics
Last week's reports by category:
Last modification 06.12.2022
