• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Vishing Campaign Targets Social Security Administration

You are here: Home / General Cyber Security News / Vishing Campaign Targets Social Security Administration
March 17, 2023

Security specialists have warned of a new hybrid phishing campaign impersonating the Social Security Administration (SSA), which tries to trick recipients into contacting a legal simply call middle.

Armorblox claimed that it blocked the scam email messages for at minimum 160,000 consumers.

The destructive messages are timed to coincide with tax year. The email matter line, “Due to erroneous and suspicious actions,” is created to generate ample anxiety and urgency for the recipient to open the message.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Other social engineering techniques include working with the recipient’s reputable email handle at the commence of the concept in buy to personalize it, and incorporating a personalized sender name: “Social Security Administration-2521.”

Browse additional on vishing attacks: Vishing Tends to make Phishing Campaigns A few-Situations Much more Productive.

The email alone informs the person their Social Security Quantity account has been suspended owing to suspicious exercise. These who open the connected PDF are presented with a letter confirming the very same data, spoofed to surface as if published on SSA letterhead.

“With a Social Security Administration emblem in the higher-still left corner as nicely as utilised at the watermark, the letter of suspension offers tiny to no clarification of the explanation behind the final decision to terminate the SSN account,” Armorblox discussed.

“The bluntness of the letter features a ‘wish you the best in your long run endeavors’ signal-off and a telephone selection for any issues recipients wished to be dealt with.”

The letter consists of a situation selection, signature of the acting commissioner, email reference ID, purchaser company speak to number and the physical address of the SSA to add additional legitimacy to the rip-off.

“The main action the bad actor aimed to facilitate by way of this email attack was for recipients to get in touch with the purchaser services range provided, in two separate mentions for protected evaluate – getting this attack away from email to phone, a legitimate vishing attack,” the security seller mentioned.

Although Armorblox did not connect with the range in question, it is possible that malicious simply call centre operatives would be waiting around to harvest more private and economic info from victims, to use in id fraud and other scams.

A PhishLabs report from August 2022 exposed that hybrid vishing attacks of this form grew by over 600% from Q1 to Q2 2022.


Some parts of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «itpro podcast: the changing face of cyber warfare ITPro Podcast: The changing face of cyber warfare
Next Post: Podcast transcript: The changing face of cyber warfare podcast transcript: the changing face of cyber warfare»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.