There’s a prank that is gaining popularity on TikTok where people call their friends using an automated answering machine voice to tell them that a large amount of money is about to be debited from their account.
According to cybersecurity experts from Kaspersky, this Tiktok trend is based on a real fraud scheme called vishing—short for voice phishing—and is actively used by cybercriminals.
Kaspersky researchers detected an increase in the number of vishing emails in June (almost 100,000 total) and collected approximately 350,000 vishing emails between March and June 2022.
Vishing is the fraudulent practice of convincing individuals to call cybercriminals and reveal personal information and bank details over the phone. Like most phishing schemes, it starts with an unusual email from a large online store or a payment system.
For example, it could be a letter from a fake version of PayPal telling you that they have just received a request to withdraw a large amount of money from your account.
But here’s the difference: while regular phishing emails ask the victim to follow a link to cancel the order, vishing emails ask that they urgently call the customer support number provided in the email.
Experts say that cybercriminals intentionally choose this method because it’s easier to distract victims when they talk on the phone, rather than when they look at a phishing site where they have the time to think about their actions or notice signs that the page is not legitimate.
While talking to their victims on the phone, attackers do everything they can to further throw their target off balance: rushing them, intimidating them, and demanding that they urgently provide their credit card details to cancel the supposed fraudulent transaction. After gaining the victim’s bank account details, cybercriminals use the information to steal their money, leaving the victim with an empty wallet.
When people are convinced to disclose their personal data during a phone call rather than on a phishing page, they often don’t have the chance to consider that they are the target of a hoax – and a large number of TikTok videos with this prank are a prominent example of this.
“I often come across videos on TikTok of bloggers pranking other people by calling them and telling them that their account is about to be debited thousands of dollars. The victims believe it and go crazy over it,” says Roman Dedenok, security expert at Kaspersky.
“When you look at these videos on your phone you think, ‘How can anyone fall for such a thing?’ But when people encounter scam calls in real life, they are often affected by multiple circumstances at the same time. Such a call can catch them off guard, while their head is full of other things and they can’t clearly assess who is on the other end of the call—a prankster, a fraudster or a real bank security specialist,” he adds.
Protect yourself from vishing
- Check the sender’s address. Most spam emails come from addresses that don’t make sense or appear as gibberish, for example, amazondeals@tX94002222aitx2.com or something similar. By hovering over the sender’s name, which itself may be spelled incorrectly, you can see the full email address. If you’re not sure if an email address is legitimate or not, you can put it into a search engine to check.
- Consider what kind of information is being requested. Legitimate companies don’t contact you out of the blue via unsolicited emails to ask you for personal information, such as banking or credit card details, your Social Security number or other sensitive data. In general, unsolicited messages telling you to “verify account details” or “update your account information” should be treated with caution.
- Be wary if the message is creating a sense of urgency. Spammers often try to apply pressure by using this tactic. For example, the subject line may contain words like “urgent” or “immediate action required” to pressure you into acting.
- Check for grammar and spelling. Typos and bad grammar are red flags. So too are odd phrasing or unusual syntax, which might result from the email being translated back and forth through translators several times.
- Install a trusted security solution and follow its recommendations. The secure solution will then solve most problems automatically and alert you if necessary.
.jpg)
