The attack scheme begins with the FakeCalls malware masquerading as an online banking application of a reputable South Korean financial organization, proposing a low-interest rate loan to the victim.
In recent months, a new type of Android malware called “FakeCalls” has emerged, targeting users in South Korea. The malware is designed to trick users into divulging sensitive financial information by making fake calls that appear to be from a legitimate financial organization.
Voice phishing (aka vishing attacks) is a growing threat to mobile banking customers worldwide. Vishing attacks use phone calls to trick people into divulging sensitive information, and they often involve sophisticated social engineering techniques to make the calls seem legitimate.
According to a detailed report by CheckPoint Research, the creators of the malware use a variety of techniques to make the calls seem convincing, including spoofing the bank’s phone number and using pre-recorded messages that sound like the bank’s customer service department.
The attack scheme begins with the FakeCalls malware masquerading as an online banking application of a reputable South Korean financial organization. The malicious app proposes a low-interest rate loan to the target.
Once the target expresses interest, the malware places a call and plays a pre-recorded message from the bank’s customer service representative, providing instructions on getting the loan application approved.
Simultaneously, the malware conceals the phone number of the attacker with the bank’s real number to convince the victim that the conversation is taking place with a real banking representative. The victim is eventually tricked into “confirming” the credit card information in hopes of qualifying for the fake loan.
Such sophisticated voice phishing campaigns paired with malware using unique evasion techniques result in grave financial losses. According to the report on the official website of the South Korean government, voice phishing resulted in losses of roughly 600 million USD in 2020. The number of individuals affected by this crime from 2016 to 2020 was estimated to be as high as 170,000.
More than 2,500 samples of the FakeCalls malware were discovered with varying combinations of mimicked financial organizations and evasion techniques. In their highly technical report, CheckPoint researchers provide an in-depth analysis of the evasion techniques used by the malware developers behind FakeCalls.
To protect yourself from vishing attacks, it’s important to be aware of some common tactics that attackers use. For example, they may use a spoofed number that appears to be from your bank, or they may claim to be calling from a government agency or other trusted organization.
Here are some tips to help you prevent vishing attacks:
- Don’t trust caller ID: Caller ID can be easily spoofed, so just because a call appears to be from your bank doesn’t mean it’s legitimate. Always be suspicious of unsolicited calls asking for personal information.
- Verify the caller: If someone calls claiming to be from your bank or another organization, hang up and call them back using a phone number you know to be genuine. Don’t use the number they give you, as it may be fake.
- Don’t give out personal information: Never give out personal information, such as passwords, PINs, or credit card numbers, to someone who calls you, until you have confirmed that they belong to a trusted organization.
- Keep your phone and apps up to date: Make sure to keep your phone’s operating system and security software up to date to protect against known vulnerabilities.
