Popular socmed pranks now used to call victims online

- Advertisement -

How cybercriminals are convincing victims to call them

PRANKING has somehow become popular on social media. It is a strange social phenomena when people enjoy seeing either the comedy or the tragedy of someone being pranked and falling for it. On TikTok, in particular, there is a prank now gaining popularity wherein people call their friends using an automated answering machine voice to tell them that a large amount of money is about to be debited from their account.

All the apps needed to create the fake voice are available and easy to procure. The prank has recently lost its humor when Kaspersky experts determined that this trend is a real fraud scheme, and is actively used by cybercriminals.

It even has a name. Vishing which is short for voice phishing.

- Advertisement -spot_img

Vishing is the fraudulent practice of making phone calls or leaving voice messages pretending to be from reputable finance or credit companies to fool individuals to reveal, bank details and credit card numbers and other important personal information

Kaspersky researchers detected an increase in the number of vishing emails in June (almost 100,000 total) and collected approximately 350,000 vishing emails between March and June 2022. Kaspersky researchers to predict that this trend is only gaining momentum and is likely to continue growing.

Like most phishing schemes, it starts with an unusual e-mail from a large online store or a payment system. For example, it could be a letter from a fake version of PayPal telling a would be victim that they have just received a request to withdraw a large amount of money from your account.

For example, it could be a letter from a fake version of PayPal telling you that they have just received a request to withdraw a large amount of money from your account.

Fake notification from PayPal about a purchase for a large amount of money

But here’s the difference: while regular phishing emails ask the victim to follow a link to cancel the order, vishing emails ask that they urgently call the customer support number provided in the email.

Kaspersky experts emphasize that this method was intentionally chosen by cybercriminals because when people look at a phishing site, they have the time to think about their actions or notice signs that the page is not legitimate. But when victims talk on the phone, they are usually distracted and find it more difficult to focus.

Under these circumstances, attackers do everything they can to further throw them off balance: rushing them, intimidating them, and demanding that they urgently provide their credit card details to cancel the supposed fraudulent transaction. After gaining the victim’s bank account details, cybercriminals use the information to steal their money, leaving the victim with an empty digital wallet.

Curiously, TikTokers actively repeat one of the vishing schemes, with the only difference being that they do not send a fraudulent email in advance, nor do they steal anything from their victims — their goal is a show, not money.

The call is conducted through an answering machine, whose voice is generated with an online translator. Most often, pranksters introduce themselves as a representative from the customer service department of a large online store, claiming they have just received an order from the victim for several thousand dollars and asking for their confirmation.

No matter how the victim replies, the next thing the answering machine says is, “Thank you, your order has been confirmed.” People think the answering machine misheard them and that the funds are going to be withdrawn from their account immediately, so they panic, scream, and don’t realize that they are being pranked.

“I often come across videos on TikTok of bloggers pranking other people by calling them and telling them that their account is about to be debited thousands of dollars. The victims believe it and go crazy over it. When you look at these videos on your phone you think, ‘How can anyone fall for such a thing?’ Roman Dedenok, security expert at Kaspersky comments.

When people panic and are convinced to disclose their personal data during this phone call rather than on a phishing page, they often don’t have the chance to consider that they are the target of a hoax — and a large number of TikTok videos with this prank are a prominent example of this.

“When people encounter scam calls in real life, they are often affected by multiple circumstances at the same time. Such a call can catch them off guard, while their head is full of other things and they can’t clearly assess who is on the other end of the call — a prankster, a fraudster or a real bank security specialist,” Dedenok says.

Read about other popular methods of email fraud in the full report on Securelist.

To protect yourself from vishing, Kaspersky recommends

  • Checking the sender’s address. Most spam emails come from addresses that don’t make sense or appear as gibberish, for example, amazondeals@tX94002222aitx2.com or something similar. By hovering over the sender’s name, which itself may be spelled incorrectly, you can see the full email address. If you’re not sure if an email address is legitimate or not, you can put it into a search engine to check.
  • Considering what kind of information is being requested. Legitimate companies don’t contact you out of the blue via unsolicited emails to ask you for personal information, such as banking or credit card details, your Social Security number or other sensitive data. In general, unsolicited messages telling you to “verify account details” or “update your account information” should be treated with caution.
  • Being wary if the message is creating a sense of urgency. Spammers often try to apply pressure by using this tactic. For example, the subject line may contain words like “urgent” or “immediate action required” to pressure you into acting.
  • Checking for grammar and spelling is an effective way to identify a scammer. Typos and bad grammar are red flags. So too are odd phrasing or unusual syntax, which might result from the email being translated back and forth through translators several times.
  • Installing a trusted security solution and following its recommendations. The secure solution will then solve most problems automatically and alert you if necessary.

Author

Share post: