Founder and CTO of PhishLabs John LaCour spoke with FBI Special Agent Davey Ware at the RSA Conference in San Francisco to talk about how vishing attacks work to defraud victims of their money and discuss how one group of vishing criminals was caught.
Originally published on Infosecurity Magazine.
"Vishing attacks are phishing attacks that use the telephone network," LaCour said.
He explained that in vishing attacks the lure is delivered in one of several ways, including an email message with a call-back number, SMS via a telephone provider, and robocalls from an interactive voice response system (IVR). According to data cited by LaCour, over a one-year period more than 50% of vishing attacks targeted small banks and credit unions.
Vishing attacks occur in stages involving compromising a Windows server with some form of Remote Desktop Protocol (RDP) backdoor to gain access. Attackers also compromise IVR systems and then create fake email accounts as well.
Read the full article here.