Voice phishing, or vishing, is all the rage right now, with numerous attacks being carried out. active campaign All over the world, even the most prudent victims who might know better are being ensnared and, in some cases, defrauded out of millions of dollars.
South Korea is one of the world regions hardest hit by the attack vector. In fact, a fraud that occurred in August 2022 resulted in the highest amount ever stolen from a single fraud case in the country. It happened that Doctor sent 4.1 billion wonor $3 million worth of cash, insurance, stocks, and virtual currency was paid out to criminals, showing just how much financial damage a single vishing scam can cause.
According to Seojun Ryu, head of the threat analysis team at a South Korean cybersecurity firm, recent scams have been driven by sophisticated social engineering tactics that have led to their success, including impersonating local law enforcement officers; It is said that it involves giving them very persuasive authority. S2W Co., Ltd.. Ryu is giving a session on trends. ”Unmasking the Voice Phishing Syndicate: A Thorough Investigation and Exposure.” At the Black Hat Asia 2024 conference in Singapore. Malicious campaigns, especially in South Korea, take advantage of culturally specific aspects and can fall victim to even the most unlikely people, he said.
For example, a recent scam in which a cybercriminal posed as the Seoul Central District Prosecutors' Office “could be extremely threatening to people,” Ryu said. By doing this and obtaining people's personal information in advance, they are able to intimidate their victims into making financial transfers, telling them that if they do not do so they will face dire legal consequences. They are led to believe, sometimes amounting to millions of dollars.
“While their approach is not new, employing the long-standing tactic of impersonating prosecutors, the large sums of money stolen in this case are based on the victim's relatively well-paid professional status. “This may be due to this,” Ryu said. “This is a stark reminder that anyone can fall prey to these schemes.”
surely, vishing group Additionally, companies operating in South Korea appear to have a deep understanding of the region's culture and legal system, and are able to “use individual psychology to their advantage to skillfully reflect South Korea's current social climate.” “I'm doing it,” he says.
Vishing Engineering: Combining Psychology and Technology
Ryu and fellow Black Hat Asia speaker YeongJae Shin, a threat analysis researcher who previously worked at S2W, will give a presentation with a particular focus on vishing happening in their home countries. However, recently, vishing scams similar to the one occurring in South Korea seem to be spreading all over the world, and there is no shortage of unfortunate victims.
Law enforcement scams seem to fool even the most enlightened Internet users. The New York Times economic reporter, for example, detailed his methods in a published report. she lost $50,000 There was a vishing scam in February. A few weeks later, the author of this article nearly lost €5,000 to a sophisticated vishing scam in which criminals operating in Portugal posed as local and international enforcement authorities.
Ryu explains that these things are possible through a combination of social engineering and technology. modern vishing scams Even those who are aware of the dangers of vishing and how its operators work fall victim to it.
“These groups use a combination of coercion and persuasion over the phone to effectively deceive their victims,” he says. “Furthermore, malicious applications are designed to manipulate human psychology. These applications not only facilitate financial theft through remote control after installation, but also abuse call forwarding functionality. .”
With call forwarding, victims are fooled into thinking they are dialing a number that appears to be from a legitimate financial or government institution, even when they are attempting to verify the veracity of the scammer's story. The reason is that threat actors “cleverly reroute calls” to their own phone numbers to gain trust with victims and improve the variation in attack success rates, Liu said.
“Additionally, attackers demonstrate a nuanced understanding of local law enforcement communication styles and required documentation,” he says. This allows companies to expand their operations globally, maintain call centers, and even manage a series of “burner” cell phone accounts to do their dirty work.
Updated Vishing toolbox
Vishing operators also use other modern cybercrime tools to operate in various regions, including South Korea. One of them is his use of a device known as a SIM box, Ryu explains.
Scammers typically operate outside of their targeted geographic location, so outgoing calls may initially appear to be coming from an international or Internet phone number. However, with a SIM box device, you can mask calls to make them appear as if they are coming from a local mobile number.
“This technique can trick an unsuspecting person into believing the call is from within the country, thereby increasing the likelihood that the call will be answered,” he says.
Attackers also frequently use a malicious app called SecretCalls in attacks against targets in South Korea, which allows them to not only carry out their operations but also evade detection. Ryu said the app has undergone “significant evolution” over the years, which is why it is “one of the most actively spreading variants” of his Vishing malware. states.
Ryu said the malware's “advanced” features include detecting Android emulators, changing ZIP file formats, and dynamic loading that precludes analysis. SecretCalls overlays your phone's screen, dynamically collects command and control (C2) server addresses, receives commands via Firebase Cloud Messaging (FCM), enables call forwarding, records audio, and You can also stream videos.
Researchers have found that SecretCalls is just one of nine compelling apps that give South Korean cybercriminals the tools they need to carry out their campaigns. This indicates that multiple malicious groups are operating globally. remain vigilant Even the most convincing scams, Ryu says. educate Making sure your employees understand the trademark characteristics of fraud and the tactics attackers typically use to deceive victims is also important to avoid infringement.
