Scam phone calls about the payment of arrears!

Recently The Cybersecurity Team of Masaryk University has again noticed an increase in fraudulent phone calls. The attackers usually try to lure sensitive data from their victims via these unwanted phone calls. Did you get a call from the tax office? Sharpen up and read on!

23 May 2024 Warnings

No description

What is going on?

Vishing, or voice-phishing, is a fraudulent method when attackers use phone calls to lure sensitive information from their victims. Fraudsters usually pretend to be legitimate organizations (banks, government offices, etc.) and try to instill a sense of credibility in front of their victims. The principle of the attack is to use manipulative techniques (pressure, threat, urgency), which should make the victim give the attacker the data he wants – usually sensitive data such as login names, passwords, or credit card numbers. In other cases, the attacker wants the victim to perform a particular action, for example, installing malicious software or transferring money to an unknown account.

The payment of arrears at the Tax Office – "Houston, we have a problem!"

Imagine a situation from everyday life: you get a call from an unknown number with a Czech or even a foreign area code - nothing new under the sun, you say to yourself. When you pick up the call, the caller on the other end tells you in a robotic voice that he is an employee of the tax office and is calling about the payment of arrears. We have encountered precisely this type of attack in recent days at MU when the attacker called the employee's Vodafone number from various numbers. What was alarming and striking, however, was the fact that this number was not publicly quoted anywhere by the employee.

Are you asking yourself, "How did the attackers get my number?"

Attackers use different methods to reach personal or work contacts. One option could be that the attacker tries to dial random phone numbers or targets an organization's website where the phone numbers are publicly listed (which did not happen in this case). Another possibility is using an employee account to spread phishing e-mails and extract the necessary data from internal databases.

What to do?

The golden rule is: "Approach critically the demands placed on you through virtual communication". To do this, we recommend that you stick to three principles:

  1. Do not share any information over the phone.
  2. Verify the information in relevant and official places.
  3. Immediately report the incident to the Masaryk University Cybersecurity Team.

 

BONUS

Vishing as a growing trend? See where you can encounter vishing:

You are running an old browser version. We recommend updating your browser to its latest version.

More info