There are many services out there that cater to the specific needs of people. Whether it be food, cleaning services or childcare, the catering business is quite profitable. However, there are some services that are catered that you would never in a million years expect, like an underground calling service that caters to cyber criminals.
Researchers from Trusteer, a security vendor, have recently come across a professional calling service that caters specifically to cyber criminals. These services offer to extract sensitive information needed for bank fraud, as well as identity theft, from individuals the “customer” chooses.
Trusteer found an advertisement for making on-demand calls in English and other European languages to private individuals, banks, shops, post offices and similar organizations. At a low cost of only $10 per call, cyber criminals are offered the possibility of obtaining the missing pieces of information they need in order to pull off an attack on someone.
These fraudsters, as they’ve become known, can use malware to either steal personal and financial information or buy it from the underground market in bulk according to Amit Klein, Chief Technology Officer for Trusteer. The good news is that in some cases, this information is not sufficient enough to pull off an attack.
Cyber criminals are commonly faced with problems like this due to the fact that a large number of financial institutions have implemented advanced anti-fraud mechanisms. Some banks require one-time-use passwords in order to authenticate customers on their websites while others require unique codes sent to mobile devices in order to authorize transactions.
Call services like these have staff that are trained to impersonate bank employees, computer technicians, travel agents, recruiters and other people that targeted individuals are more likely to reveal information to. The callers receive background information on the targets from the cyber criminals and use it to establish trusting relationships with the victims.
However, illegal call services like these are nothing new. A 26-year-old Belrusian man named Dimitry M. Naskovets was extradited to the United States in September of 2010 to face charges relating to operating CallService.biz, a service that allowed cyber criminals to bypass phone verification checks enforced by U.S. banks. Unfortunately, the number of these call centers has only increased in recent years.
In order to not become a victim, users should treat all unsolicited calls from banks or computer technicians with caution, regardless of the information the caller has about you. In addition to that, you should also confirm any suspicious requests with the organization the caller is claiming to represent but should only do so by calling a publicly listed number, not ones provided by the caller.
Source: PC World – Underground Calling Services Helps Cybercriminals Extract Sensitive Info