A new report has highlighted that Vishing, an online scam, has grown by 625% since Q1 2021. This hybrid phishing attack uses both digital channels and human intervention to steal money from victims.
Online scams have become something like the Greek legend of Hydra, where every time one scam is exposed, a scarier one takes its place. After years of efforts in spreading awareness towards digital security, people have started to understand how phishing attacks work and some of the population is now capable of deflecting such attacks. But while the fight against phishing continues, something far more sinister and dangerous has now emerged. A new type of phishing scam called ‘Vishing’ or ‘hybrid Vishing’ has begun rising. What is it and how does it work? Read on to find out.
According to a report titled Quarterly Threat Trends & Intelligence Report by security firms Agari and PhishLabs, hybrid forms of phishing attacks that combine email and voice calls have witnessed a growth of 625% between Q1 2021 and Q2 2022. These vishing attacks use people trained in people with the knowledge of social engineering (a type of social attack where human interaction and manipulation is used to scam people) to voice call the victims and add another layer of trick to swindle the victims who are not fully convinced by the email-based phishing attack.
Vishing attacks witness massive growth
It is interesting to know that during the time vishing attacks grew by 625%, the volume of phishing attacks only grew by 6%, indicating a clear segue of scammers to the more evolved form of crime. The hybrid vishing is also known as ‘callback vishing’ and it is very crucial to know how it exactly works.
The victim usually gets an email with a fake subscription or invoice. The fraudster tries to scare them by saying that they have already charged them an exorbitant amount and it will reflect in the account in the next 48 hours. They also give a phone number to call, in case it was a mistake. The victim, concerned about losing the money, calls the number but instead of taking them to customer support, it connects to the voice engineer scammer. On the pretense of helping the victim, the scammer discloses sensitive information and eventually steals money from their account.
According to a report by BleepingComputer, these callback vishing attacks work extremely well. In fact, so well that “multiple ransomware and extortion gangs, such as Quantum, Zeon, and Silent Ransom Group, have adopted the same technique today”.