The Most Vulnerable Asset

“People always make the best exploits. I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.” — Elliot Alderson

Humans are the most vulnerable asset ever existed. This is because humans are using the technology don’t even realizing its full potential. The most recent hack on human is the Twitter hack where an employee of twitter has clicked a phished link and resulted in the takeover of big accounts.

This type of attacks are called Social Engineering. This is done by manipulating a human to give up the credentials. It is very easy to do than actually hacking a system. Today we will see about a Social Engineering Attack known as Vishing

WHAT IS IT?

When your phone rings, it’s sometimes hard to know who’ll be on the other end. It might be someone vishing.Vishing, a combination of ‘voice’ and ‘phishing,’ is a phone scam designed to get you to share personal information. In 2018, phishing crimes cost victims $48 million, according to the FBI’s Internet Crime Complaint Center

During a vishing phone call, a scammer uses social engineering to get you to share personal information and financial details, such as account numbers and passwords. The scammer might say your account has been compromised, claim to represent your bank or law enforcement, or offer to help you install software. Warning: It’s probably malware.

Vishing is just one form of phishing, which is any type of message — such as an email, text, phone call or direct-chat message — that appears to be from a trusted source, but isn’t. The goal is to steal someone’s identity or money.It’s getting easier to contact more people, too. Scammers can place hundreds of calls at a time using voice over internet protocol (VoIP) technology and can spoof the caller ID to make the call appear to come from a trusted source, such as your bank.

SCAMS

Whether it’s a person or a prerecorded message on the other end, you’ll be told there’s an issue with your account or a payment you made. You may be asked for your login credentials to fix the problem or asked to make a new payment. Instead of giving out your info, hang up and call your financial institution on their publicly available number.

Scammers will call with offers that are too good to be true. They’ll say, for example, that you can earn millions of dollars on one small investment, pay off all your debt with one quick fix, or get all your student loans forgiven in one fell swoop. Typically, you must “act now” and will need to pay a small fee. Don’t fall for it. Legitimate lenders and investors won’t make these types of offers and won’t initiate contact out of the blue.

Phone calls are the №1 method scammers use to reach older adults, according to the Federal Trade Commission. Crooks pose as Medicare reps — often during Medicare open enrollment season — and try to glean financial information from the victim, such as their Medicare number or bank account details. Then the scammer will either fraudulently use the victim’s Medicare benefits or steal their money. Scammers may also claim to be from the Social Security Administration and threaten to suspend or cancel the victim’s Social Security number.

SPOTTING A VISHING

Aside from knowing how vishing works and looking for red flags, you can also:

• Join the National Do Not Call Registry. Adding your home or mobile phone number to this registry is free and tells telemarketers you don’t want their phone calls. However, certain types of organizations may still call you, such as charities and political groups, and it won’t stop people from illegally calling your number.
• Don’t pick up the phone. Although it may be tempting to answer every phone call, simply let them go to voicemail. Caller IDs can be faked, which means you might not know who’s calling. Listen to your messages and decide whether to call the person back.
• Hang up. The moment you suspect it’s a vishing phone call, don’t feel obliged to carry on a polite conversation. Simply hang up, and block the number.
• Don’t press buttons or respond to prompts. If you get an automated message that asks you to press buttons or respond to questions, don’t do it. For instance, the message might say “Press 2 to be removed from our list” or “Say ‘yes’ to talk with an operator.” Scammers often use these tricks to identify potential targets for more robocalls. They also might record your voice and later use it when navigating voice-automated phone menus tied to your accounts.
• Verify the caller’s identity. If the person provides a call-back number, it may be part of the scam — so don’t use it. Instead, search for the company’s official public phone number and call the organization in question.

DEMONSTRATION

This is a video of a DEF-CON conference where a demonstration was made of the Vishing.

Hope you guys liked it!!