Lessons Learned From Vishing Robocall Attacks In Mandarin

Vishing_As_A_Service Among the specialized forms of vishing are those that target specific language communities. Chinese-speaking people in the US and around the world are increasingly being targeted with phone scams, according to Scott Tong at Marketplace.

The FBI reported that 350 victims lost a combined total of more than $40 million to Chinese-language vishing scams between December 2017 and February 2019, with the average scam netting more than $164,000. Tong analyzed several of these vishing calls and identified some similarities between them.

All of the calls begin with a prerecorded message in Chinese that asks the target to press a button to speak with a live person. This allows the scammers to save time and manpower, since the people who believe the robocall are more likely to fall for the rest of the scam.

The scammers also spoof their caller ID to appear to be calling from an area code that the victim will recognize, giving more credibility to the call. Aaron Foss, founder of anti-scam company Nomorobo, told Marketplace that this is very easy to do.

“It’s as easy as putting on a mask,” Foss said. “You set that caller ID to be anything that you want. And it’s really just a couple lines of code. And boom, it looks like the guy down the street is calling.”

Another common element of the scams is the mention of a well-known multinational company, such as Bank of America, DHL, or UPS. Stacey Wood, a psychology professor at Scripps College, said this is entirely intentional.

“It’s kind of an essential principle of persuasion research,” Wood said. “When we see a familiar name, a name that we trust, we tend to find it more credible.”

The scammers also frequently ose the social engineering tactic to mention the police, which is a particularly effective fear tactic to use against people from China. Michael Lau, an attorney who nearly fell for one of these scams himself, told Marketplace that the scammers use these tactics because they know their audience.

“People in the United States might not understand the same way, simply because you are innocent until proven guilty,” said Lau. “In China, once they bring you in, essentially, you have to prove your innocence. So they will be scared.”

Scammers use a number of fundamental social engineering techniques in order to manipulate their victims. New-school security awareness training can teach people how to recognize these tactics so they can avoid falling victim to scams.

Marketplace has the story: https://www.marketplace.org/2019/10/22/what-i-learned-by-chatting-with-chinese-robocallers/

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

Here's how the Social Media Phishing Test works: