Security firm Trusteer is warning that while both businesses and consumers are waking up to online threats, they are just as vulnerable offline.
According to the company, there has been a huge rise in bogus calls from criminals claiming to work at banks. It says that this enables them to utilise personal identification information stolen using malware to give fraudsters credibility as they collect the missing information required to pull off their scam.
“Everyone needs to be on their guard to avoid falling victim – on or offline,” said Amit Klein, chief technology officer at Trusteer. “Defending against the new wave of hybrid attacks requires both technology to detect Man-in-the-Browser (MitB) malware and vigilance from the users of online services.”
Where criminals are thwarted by security measures such as one-time password authentication credentials which expire, they are turning to professional phone calling services to obtain the missing data required to complete a successful online fraud.
A forum advertisement, discovered by Trusteer, offers a phone service with professional callers, fluent in English and European languages, who can impersonate male and female, as well as old and young voices, at just $10 (£6.20) a call to collect missing data.
“While everyone’s attention is focused on protecting themselves in the ‘virtual’ world, they’re still very much at risk back here in the ‘real’ world. Fraudsters are turning to phone call services in an endeavour to trick people into disclosing their confidential information, sourcing professional callers to impersonate representatives from financial organisations. The sad truth is that it is far easier to perpetrate social engineering over the phone than many realise,” said Klein.
To leave a comment please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact email@example.com). If you are an existing user, please log in. If you have forgotten your log-in details please email firstname.lastname@example.org to get them reset!