Fed up with unwanted calls received on your phone allegedly alerting you to a risk of fraud on your bank account? Unfortunately, you will probably have to make do with it again this year. Because as Thomas Damonneville points out on Linkedin, this type of scam is becoming automated.
The founder of StalkPhish, a service for detecting and analyzing phishing campaigns, spotted on a Telegram channel the sale of a robot service based on “hello”, these fraudulent telephone calls intended to recover password codes. authentication by pretending to be the anti-fraud department of the victim’s bank. “It’s probably a threat that will make a lot of noise in the year 2024,” he judges.
Audio files
In a video dating from last February, the cybercriminal selling this service detailed the operation of his robot rented for 190 euros per month. Operated from a phone via the Telegram messaging application, this illegal service relies on pre-recorded audio files, relating for example to PayPal double authentication, he specified. The cybercriminal also offered to “make your own sounds for 50 euros”.
After selecting the audio file to play, the bot user must enter their victim’s number to initiate the voice phishing attempt. If the victim falls into the trap, the authentication code is immediately received on the Telegram channel. “This can be interesting for doing ‘hello’ automatically”, but “it is not something that works 100%”, warns the seller of this malicious robot service.
“I would say that this can vary between 40 and 60% with the use of a sender-id”, this sender authentication, he adds. “This improves your chances of success” after, for example, having sent an SMS on behalf of a bank, the victim then expecting to be contacted, he finally summarizes.
Main threat to individuals
If this type of phishing service abounds on Telegram, this illegal activity is also in the sights of the police and justice. At the beginning of January, the daily Le Parisien, for example, reported the arrest of two young men aged 19, from Paris and Roubaix. According to the police, their SMS phishing attacks impersonated the National Agency for Automated Crime Processing (Antai).
Phishing is the main IT threat for individuals, reported the Cybermalveillance public interest group in its latest annual report. “The development and industrialization of the cybercriminal ecosystem facilitates the accessibility of phishing techniques and tools which continue to increase in sophistication,” noted the structure.