TikTok prank: how cybercriminals are convincing victims

News Desk -

Share

A popular hoax on TikTok involves calling friends and telling them that a sizable sum of money is about to be deducted from their account using an automated answering machine voice. Vishing is a type of fraud that is now popular and is being actively employed by hackers, according to Kaspersky specialists.

Researchers from Kaspersky discovered a rise in the number of phishing emails in June (almost 100,000 overall), and they gathered about 350,000 phishing emails between March and June 2022. Additionally, they described the operation of vishing and how to prevent entailing yourself in this cybercriminal’s trap.

The scam known as “vishing,” also known as “voice phishing,” involves persuading people to call online criminals and giving them their personal information and financial details. It begins with a strange email purporting to be from a major online retailer or a payment system, as is the case with most phishing operations. A letter purporting to be from a phony PayPal, for instance, could inform you that a request to withdraw a sizable sum of money from your account has just been made.


Fake notification from PayPal about a purchase for a large amount of money

Vishing emails ask the victim to phone the customer care number supplied in the email immediately, in contrast to typical phishing emails that ask the victim to click a link to cancel the transaction. The reason why phishing sites were deliberately chosen by hackers, according to Kaspersky specialists, is that when users visit them, they have time to reflect on their choices or hunt for warning indicators that the page is fake.

However, when victims chat on the phone, they are frequently distracted and have a harder time concentrating. Attackers rush them, intimidate them, and demand that they rapidly disclose their credit card information in order to cancel the alleged fraudulent transaction in order to further upset them under these circumstances. Cybercriminals utilize the victim’s bank account information they have obtained to steal money, leaving the victim’s wallet empty.

Kaspersky analysts point out that they have found around 350,000 phishing emails requesting victims to call in and cancel a transaction in the past four months (from March to June 2022). The surge in these emails, which in June reached around 100,000, led Kaspersky researchers to conclude that this trend is likely to continue expanding.

Number of detected emails with vishing, March — June 2022

Curiously, TikTokers actively repeat one of the vishing schemes, with the only difference being that they do not send a fraudulent email in advance nor do they steal anything from their victims – their goal is a show, not money. The call is conducted through an answering machine, whose voice is generated with an online translator. Most often, pranksters introduce themselves as a representative from the customer service department of a large online store, claiming they have just received an order from the victim for several thousand dollars and asking for their confirmation. No matter how the victim replies, the next thing the answering machine says is, “Thank you, your order has been confirmed.” People think the answering machine misheard them and that the funds are going to be withdrawn from their account immediately, so they panic, scream and don’t realize that they are being pranked.

When people are convinced to disclose their personal data during a phone call rather than on a phishing page, they often don’t have the chance to consider that they are the target of a hoax – and the large number of TikTok videos with this prank is a prominent example of this.

“I often come across videos on TikTok of bloggers pranking other people by calling them and telling them that their account is about to be debited thousands of dollars. The victims believe it and go crazy over it. When you look at these videos on your phone you think, “How can anyone fall for such a thing?” But when people encounter scam calls in real life, they are often affected by multiple circumstances

at the same time. Such a call can catch them off guard, while their head is full of other things and they can’t clearly assess who is on the other end of the call – a prankster, a fraudster or a real bank security specialist,” comments Roman Dedenok, security expert at Kaspersky.

To protect yourself from vishing, Kaspersky recommends:

· Verifying the address of the sender. The majority of spam emails are sent from addresses that are illogical or appear to be made up, such as amazondeals@tX94002222aitx2.com or something like that. You can view the complete email address by hovering over the sender’s name, which might be spelled incorrectly. You can enter an email address into a search engine to see if it is valid or not if you’re unsure.

· Taking into account the nature of the information being requested. Legitimate businesses won’t randomly email you asking for sensitive data like your Social Security number, banking or credit card information, or other personal information. In general, you should exercise caution when responding to unsolicited messages requesting that you “check account details” or “change your account information.”

· Keep an eye out for any signs of urgency in the communication. This technique is one that spammers frequently use to exert pressure. For instance, the word “urgent” or “immediate action necessary” may be present in the subject line to compel you to take action.

· Checking for grammatical and spelling errors is a good technique to spot a con artist. Grammar mistakes and typos raise red flags. Strange wording or grammar is also unacceptable, which may happen as a result of the email being translated many times by different translators.

· Setting up a reliable security program and observing its instructions. The safe solution will then automatically resolve the majority of issues and notify you when necessary.