Cybersecurity researchers have uncovered a rising trend of cybercriminals combining voice phishing (vishing) with OTP (One-Time Password) grabber services to enhance their malicious activities, according to a report from CloudSEK, a cybersecurity firm.
Vishing involves manipulating individuals into disclosing sensitive information over the phone. The human interaction in vishing attacks adds a convincing element, making victims more likely to trust the caller. Attackers employ sophisticated techniques, such as interactive voice response (IVR) systems, authentic voice recordings, or even real-time calls that appear to be from a trusted company. Victims are skillfully manipulated into revealing their one-time passwords, usually delivered via text messages.
Recently, researchers discovered an advertisement on SpoofMyAss.com (SMA) offering OTP bot escalation and SMS senders that can significantly assist cybercriminals in conducting large-scale vishing attacks. SMA features include OTP extraction, global calls in multiple languages, personalization, anonymous calls, and bot template creation, all strongly indicative of vishing attacks.
SMA offers free user signups and provides a $1 welcome balance to users. Its services are categorized into OTP Bot Spoofer and SMS Sender. The OTP Bot Spoofer is a call service capable of obtaining OTPs of any length, making international calls, retrieving multiple OTPs, and communicating in over 30 languages. The SMS Sender service employs 269 legitimate SMS gateways to send text messages to users globally, including 87 US-based and 13 India-based gateways.
ALSO READ: Gmail on Android introduces 'Select All' feature for managing emails
The consequences of such exploitation are significant. Cybercriminals gaining access to victims' online banking and sensitive accounts can perform a range of fraudulent online transactions.
Cybersecurity experts urge individuals and organizations to be cautious and employ robust security measures to guard against these evolving threats, emphasizing the need for enhanced awareness and security protocols.
ALSO READ: How to keep your IP address hidden and secure your online privacy?
Inputs from IANS
