(MENAFN- Costa Rica News)
Facebook Instagram Twitter LinkedIn YouTube Paypal
- Travel The Charm of Roca Bruja: A Surfers Paradise Travel Costa Rica To Modify Law That Will Allow Passengers to Travel with Pets in Public Transport Travel Costa Rica, the Country Whose Essence is Wellness Travel 10 Reasons Why Going to the Beach Makes You Happier Travel Holidays in the UAE: what you need to know
- Culture & Lifestyle New Year’s Evolution! Culture & Lifestyle Ayahuasca:From the Amazon to the Global Village Culture & Lifestyle Christmas Shopping: A Tradition That Resists the Pandemic In 2021 Culture & Lifestyle Screens And Children: Beware of Christmas Gifts Culture & Lifestyle Street Artist Creates Incredible 3D Optical Illusions
- Science & Tech
- Featured Event
- Things to Do
- Top Local Destinations
- World News
Voice bots steal verification code through calls By Guillermo Agudelo December 23, 202170 ShareFacebook Twitter WhatsApp Linkedin Email Must ReadScience & Technology Guillermo Agudelo – December 23, 2021Cybercriminals Offer Voice Bots That Are Very Credible for Stealing Access to All Types of Accounts Education TCRN STAFF – December 23, 2021Job Choices with Math Degree in Costa Rica Culture & Lifestyle GUEST WRITER – December 23, 2021New Year’s Evolution! report this adGuillermo Agudelo I was born in Colombia, I come from humble parents but with good habits and love for God. I had the great opportunity to grow up with a special aunt in my life, she took me to live in Salt Lake City, Utah, USA. I grew up there, I studied at Lehi High and then I started studying at BYU. In the year 2000 I returned to my land and obtained the title of Bachelor in Education Mension integral
ESET, a leading company in proactive threat detection, warns that criminals are using bots as a tool to carry out phone scams, known as vishing . The use of this type of bots often helps to convince unsuspecting users that it is a legitimate call and they are used to obtain the one-time passwords (OTP) or the verification code, also known such as two-factor authentication (2FA) or two-step verification . In this way, they manage to access user accounts in services such as PayPal, Amazon, Coinbase or banks, among other services.
Through these bots, called OTP Bots, criminals without so many social engineering skills find a good option to persuade potential victims. In traditional telephone scams, it is the criminal himself who seeks to convince the victim on the other end of the telephone. In these cases, the risk of the victim realizing that it is a fraud depends largely on the skills of the criminal on the phone. What is also happening is that many companies today use bots to provide customer service, and the familiar sound due to the lack of personalization helps to prevent the victim from suspecting that something is happening.
TIP: Get our latest content by joining our newsletter . Don’t miss out on news that matter in Costa Rica. Click here .
In order to compromise the accounts using the verification code, the cybercriminals must first obtain the access credentials (email address and password) of the users. It must be remembered that a very precious asset in the cybercrime business is personal data, since it has a commercial value when used to carry out social engineering attacks. Theft of information
One of the most frequent consequences of cyberattacks is the theft of information. When a company or service suffers a data breach, this information is usually later put up for sale or even published for free in underground forums, and contains credentials or other personal information of users. An example of this is what happened with the Robinhood trading platform recently, which suffered an intrusion into its systems that led to the theft of the personal information of 7 million customers. A few days later it was known that in hacking forums they were selling 7 million email addresses of Robinhood users.
Once the attackers have in their possession the username and password of the account they want to compromise, they enter the phone number along with a command and the name of the chosen service or account; for example, PayPal. The bot then calls the victim posing as that service using some pretext, such as a suspicious move. At one point in the conversation, the bot asks the victim to verify their identity by entering a code that they will receive on their phone. The victim enters the password and the attacker automatically receives it through the tool.
These bots are marketed in Telegram or Discord chats and can be obtained for prices ranging from $ 100 to $ 1,000 for a subscription. Also, some offer global reach. Its use shows, once again, how criminals are looking for new ways to commit fraud and it seems that its popularity is growing. Given this scenario, it is important that users know that this type of scam exists and that they never enter personal information or passwords if they were not the ones who made the call.
Verifying is the key “The main recommendations to avoid being a victim of this type of fraud are: upon receipt of a suspicious call, verify the source of it. It is also important to distrust the origin and in case of being somewhat doubtful, end the communication as soon as possible. If the person who contacted us claimed to be from a company with which we are associated, it is advisable to communicate with the company through official communication channels.” concludes Camilo Gutiérrez Amaya, Head of the Research Laboratory of ESET Latin America
Legal Disclaimer: MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.