• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Hacking
  • Security
  • Vishing is still alive and a malicious campaign is scaring banking

Vishing is still alive and a malicious campaign is scaring banking

Pierluigi Paganini May 02, 2014

Security Experts at PhishLabs revealed that a vishing campaign targeted banking industry to harvest credit/debit card data from customers.

The security firm PhishLabs revealed that numerous US banks are victims of a recent Vishing (VoIP-based phishing) campaign that is targeting the payment card information of up to 250 Americans per day. Assuming that the withdrawal limits on ATM cards are around $300 per day, the overall amount of money stolen each day is about $75,000.

As remarked by experts at PhishLabs in addition to financial losses and the costs of replacing cards for the victims, vishing attacks can have a serious impact on the banking operations due to the surge of inbound calls into their customer support operations.

“Small and midsize banks that do not have overflow support capacity typically see their phone lines quickly become saturated. “

Vishing (Voice over IP phishing) is the practice to trick bank users into giving up their sensitive information after receiving phone or SMS messages purporting to come from legitimate entities, in the case of the above attacks the attackers requested to the victims the payment card information.

“Multiple recent vishing attacks (Voice over IP phishing) have been stealing payment card data from the customers of U.S. banks. In an attack last week, customers of a midsize bank received SMS text messages claiming their debit card was deactivated and requesting they provide the card and PIN numbers to reactivate it. “

Despite Vishing is not as prevalent as online phishing, it is usually run by professional criminal organizations, experts at PhishLabs speculates that the current campaign is managed by an Eastern European gang. The purpose of the vishing campaign is to harvest card data, which the criminals sell on the underground black market, more than 50 medium-sized banks have been targeted over the last several years.

“The operation uses email-to-SMS gateways to spam out text messages that instruct recipients to call a phone number to reactivate their card. When called, an IVR (Interactive Voice Response) system requests that the caller enter in their card number and PIN. This data is captured by the IVR system and stored for retrieval by the vishing crew.” report the blog post.

The harvest card data are used by criminal organizations for card-not-present transactions (e.g. Shopping online) or are sold to a group that clones the legitimate card using the stolen card information.

Data on this specific vishing attack is slim, but PhishLabs researchers claim that one of the phone numbers used in the campaign has been in use for more than six months and dates back to October 2013.

Vishing Process 1

Vishing Process 2

Vishing attacks aren’t a prerogative of banking offensives, Skype was victims of a similar campaign a few years ago, in that case, the victims were informed by an unsolicited call that their machine was infected than the attackers provided a link to a bogus website used to sanitize them, but these websites were used to serve malware.

Below the suggestions provided to the Financial institutions in the blog post:

  • Make sure CVV1/CVC1 is encoded on cards and validated by your card processor.
  • When calling customers, use a caller ID telephone number that matches the number on the back of the card. Using different numbers can result in customers being more likely to trust vishing messages.
  • Proactively engage with telecoms to understand their procedures and connect with the appropriate technical and anti-fraud resources.
  • Have a response plan in place that includes customer notification via your primary communications sources.
  • Ensure front-line customer support personnel are trained to handle vishing reports. This includes collecting the vishing call-back number from customers reporting suspicious calls/messages.
  • Consider working with specialized security partners (like PhishLabs) that have significant experience mitigating vishing attacks.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Vishing)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

card data Cybercrime Hacking phishing stolen card data Vishing

you might also like

Pierluigi Paganini July 26, 2025
Law enforcement operations seized BlackSuit ransomware gang’s darknet sites
Read more
Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 27, 2025

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT