Vishing has reached a new level. Phone scammers collect biometric data of people using ... robocalls, that is, voice bots. Moreover, robots, as a rule, are annoying and call with enviable frequency, – reports Fingramota.kz.

Vishing (English vishing, from Voice phishing) is one of the methods of fraud using social engineering, which consists in the fact that attackers, using telephone communication and playing a certain role (bank employee, buyer, etc.), under various pretexts, lure confidential information from the payment card holder or stimulate to commit certain actions with your card account/payment card.

By means of IP telephony, attackers forge any numbers, and this allows them to present themselves as anyone: employees of banks, law enforcement agencies, various companies. Scammers use voice robots that "communicate" with their interlocutors according to certain scenarios, or audio recordings, to make them more convincing and increase the reach of people with the help of modern technologies.

Scammers create a legend, force the interlocutor to believe in it and report their personal and payment data, and then reset the bank account, or record the voice of the "victim" for use for their own selfish purposes.

What legends do scammers come up with?

Most often, attackers intimidate people with stories about a hacker attack on their accounts, hacking into a personal account of online or mobile banking. The robot can call you from your bank's short number, which can definitely confuse and thus reduce your vigilance,and inform you that outsiders have tried or have already issued a fake loan in your name, that due to various sanctions the account was blocked, that the bank was disconnected from the SWIFT international transfer system and urgently needs to be transferred money to a "reserve", secure account, etc.

Fraudulent bots can call on behalf of the police department, inform about the presence of a certain fine and ask to press, for example, "1" for detailed information. After that, another voice "assistant" is connected, warning that the information they want to disclose is super confidential, and in order to confirm their identity, it is necessary to answer a number of questions, among which there may be questions about your payment data.

Another scheme is quite common, which is used by telephone scammers through voice automation. As soon as you answer the call, a recording is turned on, on which you are informed that you or your number have won a contest, lottery, drawing. Naturally, you ask clarifying questions, but the flow of words on the other end of the wire does not stop. If you listen closely, you can understand that this is a simple audio recording, but it will take you a while to guess that your speech is also being recorded.

No matter what reasons scammers use, attracting voice robots, they try to get important confidential information from you: IIN, ID number, full card details, SMS code.It is also important for attackers to get clear phrases from you: "Yes" and "I confirm". To do this, bots can ask questions such as: "Do you live in Almaty?", "Have you made payments in the last day?", "Do you want to collect your prize?", "Do you hear me well?", "Do you confirm this information?" and so on.

How can scammers use your voice data?

Fraudsters expect that they will be able to use the audio recording of the victim's voice to perform various financial transactions in a credit institution, for example, to take a loan. However, in banks and microfinance organizations, in addition to such a component of the identity verification procedure as biometric identification, there are additional levels of verification. "Yes" alone is not enough to get a loan issued for you right away.However, if you managed to inform the robot of important personal information, then the risk that you will be left without funds in your bank account and with loans issued without your knowledge increases significantly.

What else can scammers do with your "voice cast"? Sell it to third parties or use it for extortion purposes, for example, to mount a recording compromising you and then demand money for it.

What to do?

1. It is not difficult to recognize a voice robot (spammer). Just don't trust him, end the conversation and block the number.

2. If you still decide to continue "communicating" with the bot, then be careful, when talking, for example, use "Hello" instead of the word "Yes". You can also use ambiguous words: "Uh, like", "Uh-huh", "Mhm" and so on, this knocks down the algorithm of fraudulent automations.

3. Attackers use special services that allow them to substitute almost any existing number in this world. At the same time, scammers can be located in any country in the world. Therefore, we recommend ending the conversation and independently dial the hotline number of the bank where you are served or the phone number of the organization on whose behalf the spammers called you to make sure that the information you have just been informed about is true.

4. Remember that banks and other organizations, as well as law enforcement officers will never call you to clarify your card details and other confidential information. There is no secure account! This is a legend invented by scammers.

5. Warn your parents, grandparents, as well as children who have a card to pay for goods and services, so that no one, especially by phone, is informed of the card details, including the code on the reverse side, the password to Internet banking, SMS code, and do not download questionable applications according to the instructions of the callers.

What if you have given your data to scammers?

Unfortunately, people often pass important information into the hands of scammers themselves, because they lose their vigilance and, due to various circumstances, the ability to think rationally and analyze everything.

If you inadvertently transferred personal data to third parties, then immediately contact your bank, report the incident and ask to block your accounts and all transactions. Be sure to write an application to law enforcement agencies and keep a copy of the application with the number and date of registration, – emphasize in Fingramota.kz.

Postfactum.kz

The foto from the Internet