Wednesday, February 1, 2023
HomeTechnologyAlert for the 'double call' scam: what to do to avoid falling...

Alert for the ‘double call’ scam: what to do to avoid falling into a case of smishing and vishing


It is a social engineering technique that steals user data to get money from them.

This year it was consolidated as one of the most affected by cyberattacks. And within the attacks, scams are the order of the day: the famous uncle’s tale it became 100% digital in 2022. And every time new techniques appear. One of them is that of the “double call”, which has to do with what is called smishing Y vishing.

The smishing consists of the sending an SMS posing as a legitimate entity, such as a bank, an institution or a social network, with the aim of stealing confidential information or making a financial charge. Generally, these messages include a link to a fake website or invite you to call a premium rate number.

Vishing, on the other hand, is a scam method that consists of making a call impersonating the entity of a company, trusted person or organization. During the conversation, scammers try to obtain personal and sensitive information from the victim.

For this reason, you have to be very careful with what is known as the scam of the “double call”. Here, what it consists of and how to protect yourself.

How the double call scam works

Smishing, one of the scams to extract personal data

Something that sets this type of scam apart is that it requires two phone calls.

It is common for the victim to receive an SMS supposedly sent by their bank or a delivery company. In the message, they inform you of changes in the delivery of the package or strange movements in your account, urging you to access a link to modify the access codes for security reasons.

Minutes later, the victim receives a phone call posing as the entity and they ask for your access codes to online banking to cancel the cards.

The victim then accesses the bank’s website from the browser, where they will see a pop-up box asking for the access codes once again. At that moment she receives a SMS with the keyswhich are actually the confirmation keys for the fraudulent operation.

With this social engineering technique, they obtain sensitive data and control of users’ bank accounts.

When parcel companies are impersonated, which is very common, the cyberattack is carried out through an SMS in which they request to fill in the delivery address of the package. These types of messages always include a link to install apk applications that appear to be the official ones of the entities they impersonate.

When the victim accepts the download, in addition to the application, remote access software will also be installed on the device that will request to receive, read and modify SMS.

The content of the messages is usually similar to the following: “As of (date) you will not be able to use your account. It has to be verified in the system from the following link…”, “An unauthorized computer is connected to your online account. If you don’t recognize it, please check the following link” or “Your account or bank card was temporarily blocked”.

If customers access the link and enter the access codes requested by the supposed entity, they must quickly contact their bank to block all types of operations and change the password to access online banking.

In all cases of cyber-scam, a link is received – an underlined line and the text in blue – under the pretext of solving a fictitious problem. The data that cybercriminals usually request are: bank account number, name and surname, ID, online banking passwords, numbering, expiration date and code CVV credit or debit cards.

cybercrime grows

This year there were more than 137 billion threats according to Fortinet.  Photo Pexels

This year there were more than 137 billion threats according to Fortinet. Photo Pexels

The number of cyberattacks due to data theft or ransomware increased during 2022 in Latin American countries. The data comes from Microsoft’s annual Digital Defense Report, prepared based on information collected between July 2021 and June 2022 around the world and released this month.

According to the Microsoft report, the number of password attacks increased by 74% in the last year. In this way, an alarming upward trend in cybercrime is confirmed, at a time when digital transformation and the rapid adoption of devices with Internet access considerably increased the attack surface in the digital world.

However, the study found that the number of cyberattacks did not spread evenly across all regions. Microsoft observed a decrease in the number of reported ransomware cases in Europe and North America compared to 2021, while reported cases during the same period in Latin America increased.

The Report also detected a steady increase in the number of email attacks, better known as phishing. In this sense, the researchers observed that the war in Ukraine became the new bait for this type of cybercrime– An alarming increase in emails posing as organizations requesting cryptocurrency donations in Bitcoin and Ethereum to support Ukrainian citizens was observed.

“As we consider the severity of the threat to the digital landscape, and its translation into the physical world, it is important to remember that we all have the power to take action to protect ourselves and our organizations. against digital threatssaid Tom Burt, corporate vice president of Customer, Security and Trust at Microsoft.

For these reasons, 2022 is one of the most complex years in terms of everything that has to do with cybercrime.

personal scams, as a digital uncle’s taleThey are not the exception.


look too

Recent posts