In recent months, a new type of android malware called
“FakeCalls” has emerged, targeting users in South Korea. The malware is
designed to trick users into divulging sensitive financial information by
making fake calls that appear to be from a legitimate financial organization. Voice
phishing (aka vishing attacks) is a growing threat to mobile banking customers
worldwide. Vishing attacks use phone calls to trick people into divulging
sensitive information, and they often involve sophisticated social engineering
techniques to make the calls seem legitimate.
According to a detailed report by CheckPoint
Research, the creators of the malware use a variety of techniques to make the
calls seem convincing, including spoofing the bank’s phone number and using
pre-recorded messages that sound like the bank’s customer service
department.
The attack scheme begins with the FakeCalls
malware masquerading as an online banking application of a reputable South Korean
financial organization. The malicious app proposes a low-interest rate loan to
the target.
Once the target expresses interest, the malware
places a call and plays a pre-recorded message from the bank’s customer service
representative, providing instructions on getting the loan application
approved.
Simultaneously, the malware conceals the phone number of the attacker with the bank’s real number to convince the victim that the conversation is taking place with a real banking representative. The victim is eventually tricked into “confirming” the credit card information in hopes of qualifying for the fake loan. Such sophisticated voice phishing campaigns paired with malware using unique evasion techniques result in grave financial losses. According to the report on the official website of the South Korean government, voice phishing resulted in losses of roughly 600 million USD in 2020. The number of individuals affected by this crime from 2016 to 2020 was estimated to be as high as 170,000.
More than 2,500 samples of the FakeCalls malware
were discovered with varying combinations of mimicked financial organizations
and evasion techniques. In their highly technical report, CheckPoint
researchers provide an in-depth analysis of the evasion techniques used by
Malware developers behind FakeCalls.
To protect yourself from vishing attacks, it’s
important to be aware of some common tactics that attackers use. For example,
they may use a spoofed number that appears to be from your bank, or they may
claim to be calling from a government agency or other trusted organization.
Here are some tips to help you prevent vishing:
- Don’t trust caller ID: Caller
ID can be easily spoofed, so just because a call appears to be from your
bank doesn’t mean it’s legitimate. Always be suspicious of unsolicited
calls asking for personal information.
- Verify the caller: If someone
calls claiming to be from your bank or another organization, hang up and
call them back using a phone number you know to be genuine. Don’t use the
number they give you, as it may be fake.
- Don’t give out personal
information: Never give out personal information, such as passwords, PINs,
or credit card numbers, to someone who calls you, until you have confirmed
that they belong to a trusted organization.
- Keep your phone and apps up to
date: Make sure to keep your phone’s operating system and security
software up to date to protect against known vulnerabilities.