Latest news with #vishing
The Guardian
03-07-2025
- Business
- The Guardian
Australia's privacy watchdog warns ‘vishing' on the rise as Qantas strengthens security after cyber-attack
Qantas has said it will beef up its security and threat detection in the wake of a cyber-attack affecting up to 6 million customers, as Australia's privacy watchdog has warned attacks using social engineering to gain access to data are on the rise. In an update to customers on Thursday, the airline said more security measures would be put in place after cybercriminals were able to gain access to a third-party system used by a Qantas airline contact centre to steal customers' personal information. 'We're … putting additional security measures in place to further restrict access and strengthen system monitoring and detection,' the company said. Qantas began emailing affected customers on Wednesday evening, but had not indicated as of Thursday afternoon whether any compensation would be provided to those who had their personal information compromised. Cybersecurity analysts indicated to Guardian Australia that, as of Thursday afternoon, the data had not yet been posted on forums or dark web locations that attackers commonly frequent. The alleged culprit of the attack has yet to be identified but has similarities to a ransomware group known as Scattered Spider. The group has targeted airlines in the US in recent weeks by engaging in what are called social engineering attacks, or 'vishing'. They involve calling the IT support for large companies, often impersonating employees or contractors to deceive IT help desks into granting access and bypassing multi-factor authentication. Sign up for Guardian Australia's breaking news email An Office of the Australian Information Commissioner (OAIC) report on data breaches, released in May and covering the second half of last year, noted a rise in the number of social engineering attacks resulting in data breaches in Australia. The attacks made up 28% of all reported breaches resulting from malicious or criminal attacks. The OAIC noted at the time that the 'significant increase' was particularly significant within Australian government agencies, which reported 60 out of the 115 breaches of that kind – a 46% increase on the previous six months. Google's threat intelligence report in recent months has also warned of multiple threat actors using these methods to get into companies' systems. In a June update, Nick Guttilla, from Google's Mandiant threat intelligence, said threat actors first build up intelligence on their target, reviewing employee positions and titles, information about their networks, cloud and email providers, and searching for publicly exposed documentation. Some of this information can be found on company websites, as well as social media like LinkedIn. From there, threat actors may test the IT service desk, which would routinely deal with a high volume of calls from staff needing help on password resets. According to Guttilla, attackers will see how far they can get before a staff member requests ID verification, feigning ignorance of the process to see if the staff member will relent and forgo normal procedure. Sign up to Breaking News Australia Get the most important news as it breaks after newsletter promotion An attacker may also pretend their phone is unavailable and that they need urgent account access. In some attacks, they persuade an employee to install an application that helps exfiltrate the data from a system quickly. It is unknown at this stage if this is what happened in the Qantas breach. Guttilla said training staff to rigorously perform ID checks on all calls, particularly for privileged accounts with more systems access, was critical. The minister responsible for cybersecurity, Tony Burke, did not confirm whether the Qantas attack was associated with the Scattered Spider group, but said he had been briefed and would allow the cybersecurity agencies to make announcements on any alleged culprits. 'The reality is with these networks, they'll go where they can find vulnerability,' he said. Burke said when companies relied on third parties for their systems, it made their cybersecurity obligations 'more complex'. The Australian Signals Directorate was approached for comment.
News.com.au
03-07-2025
- News.com.au
Qantas updates customers on passwords in aftermath of cyber hack
Millions of Aussies have been impacted by the shock cyber hack on Qantas, which extracted sensitive customer data including names, emails, phone numbers, birth dates and frequent flyer numbers. But what happens now? Do you need to change your password? Qantas CEO Vanessa Hudson, in an email that started landing in the inboxes of impacted customers on Wednesday, says no. 'I want to reassure our Qantas frequent flyers that there's no requirement to reset your password or pin,' she writes. 'If you're having trouble accessing your account, reset your password or call the Qantas Frequent Flyer Service Centre.' Passwords, PIN numbers and log in details are still safe, Qantas says, because these were not accessed or compromised in the hack. The company also says the information extracted by the criminals is not enough to gain access to frequent flyer accounts. Further, all frequent flyer account by default have multi-factor authentication or two-factor authentication already enabled. A one-time password code sent to a registered mobile number of email is an example of this. All the same, you're free to update your password and login details any time you'd like. The hack happened at Qantas' Manila call centre. The criminals used a 'vishing' ploy, or voice phishing, to trick a call centre operator into helping them access to confidential information. The company has stressed there was no impact to its operations or the safety of the airline. 'We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,' Qantas said in a statement. 'An initial review has confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers. 'Importantly, credit card details, personal financial information and passport details are not held in this system. 'No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.' Ms Hudson said the company was now working with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts. So what now? You don't need to change your password or PIN numbers, but is there anything else you need to do? Yes. Be alert over the next few days and weeks. Qantas recommends customers: – Remain alert for unusual communications claiming to be from Qantas – Be cautious of emails or call asking for personal information or passwords 'Remember, Qantas will never contact you requesting passwords, booking reference details or sensitive login information,' the company said. Software security company Norton, meanwhile, says the most crucial thing you can do to help protect your personal information is to practice 'safe password use'. 'Never reuse the same password on multiple websites,' the company says. 'Even if it's just two or three sites, it's still not a good idea. Once a cybercriminal obtains a cache of user credentials, they will then attempt to try them on other, well known websites, especially ones that are e-commerce, financial and medical related. Second, the company says you should always deploy 'strong passwords'. 'A password should be a random string of letters, numbers and special characters and must contain no less than eight characters (the more the better). 'But they don't really have to be 100 per cent random, it can still be memorable to you.' Further, the company recommends changing your password if you are the victim of a data breach.
Irish Times
27-06-2025
- Business
- Irish Times
Sharp increase in reports of phone call and text message fraud this year, AIB says
There was a 'sharp increase' in reports of phone call or vishing fraud, including via text message, between January and May compared to the same period last year, AIB has said. It said attempted and successful fraudulent activity was up 297 per cent compared to the same period last year, although the figure is based on the value of payments reported as fraudulent. AIB's data also show a 6 per cent increase in customers falling victim to smishing or vishing scams. These are typically phone calls that often follow after a customer responds to a fraudulent text message based on the requirement to have new login details issued. READ MORE Meanwhile, losses associated with customers compromising their login details were up 67 per cent. The bank also outlined the five most common scams fraudsters carried out to fool people into handing over access to their money from April to June. [ More than 70 fake eFlow websites detected as 'smishing' attacks on consumers surge Opens in new window ] It said text message fraud 'continues to be a major threat' and is the crime that's most commonly perpetrated by fraudsters. 'Scammers send convincing messages that appear to be from reputable sources, such as banks, delivery companies or Government agencies, tricking recipients into providing personal information or clicking on malicious links,' AIB said. IATA Director General Willie Walsh on airline profits, air fares and why the Dublin Airport passenger cap makes Ireland a laughing stock Listen | 35:56 'Our advice is to never click a link in an unexpected text message or call the number provided. If in doubt contact the sender on a known and trusted number to verify its legitimacy. 'You should never provide log in details, security details such as one time passcodes, card reader codes or selfies.' Secondly, it warned of 'safe account scams', which involve fraudsters posing as bank officials who call and inform victims that their accounts have been compromised. They then persuade victims to transfer their funds to a 'safe' account for protection, which is often their own account, and often in other financial institutions. The funds can then be moved on to a mule account. Thirdly, AIB said investment scams 'have surged' this year, with perpetrators offering lucrative returns on fake investment opportunities. 'These scams often target individuals seeking to grow their savings quickly, using convincing pitches and professional-looking websites,' the bank said. 'Victims invest substantial amounts of money, only to realise later that the promised returns are non-existent and their funds have been stolen. Always ask yourself, is this too good to be true?' The fourth most prevalent scam is holiday fraud. Scammers create fake travel websites and offers, luring victims with attractive deals on flights and accommodation. 'Once payments are made, victims discover that their bookings are fraudulent and their dream holidays are ruined,' AIB said. 'Always book your holidays through reputable providers, research accommodation to ensure it actually exists and don't part with your money unless you are fully satisfied. These scams aren't just advertising foreign holidays, but Irish ones too.' Finally, the bank warned of 'purchase scams', which involve fraudulent websites or sellers who may take your money without delivering promised goods. 'Another threat is the potential for receiving counterfeit or substandard products, which can be disappointing and harmful,' the bank said. AIB head of financial crime Mary McHale said the banks 'deals sympathetically' with customers who fall victim to fraud 'on a case-by-case basis'.
Forbes
08-06-2025
- Forbes
Do Not Answer These Calls — Google Issues New Smartphone Warning
Beware the UNC6040 smartphone threat. Update, June 8, 2025: This story, originally published on June 6, has been updated with further warnings from the FBI regarding dangerous phone calls, as well as additional information from the Google Threat Intelligence Group report potentially linking the UNC6040 threat campaign to an infamous cybercrime collective known as The Com. Google's Threat Intelligence Group has issued a new warning about a dangerous cyberattack group known only as UNC6040, which is succeeding in stealing data, including your credentials, by getting victims to answer a call on their smartphone. There are no vulnerabilities to exploit, unless you include yourself: these attackers 'abuse end-user trust,' a Google spokesperson said, adding that the UNC6040 campaign 'began months ago and remains active.' Here's what you need to know and do. TL;DR: Don't answer that call, and if you do, don't act upon it. If you still need me to warn you about the growing threat from AI-powered cyberattacks, particularly those involving calls to your smartphone — regardless of whether it's an Android or iPhone — then you really haven't been paying attention. It's this lack of attention, on the broadest global cross-industry scale, that has left attackers emboldened and allowed the 'vishing' threat to evolve and become ever-increasingly more dangerous. If you won't listen to me, perhaps you'll take notice of the cybersecurity and hacking experts who form the Google Threat Intelligence Group. A June 4 posting by GTIG, which has a motto of providing visibility and context on the threats that matter most, has detailed how it's been tracking a threat group known only as UNC6040. This group is financially motivated and very dangerous indeed. 'UNC6040's operators impersonate IT support via phone,' the GTIG report stated, 'tricking employees into installing modified (not authorized by Salesforce) Salesforce connected apps, often Data Loader variants.' The payload? Access to sensitive data and onward lateral movement to other cloud services beyond the original intrusion for the UNC67040 hackers. Google's threat intelligence analysts have designated UNC6040 as opportunistic attackers, and the broad spectrum of that opportunity has been seen across hospitality, retail and education in the U.S. and Europe. One thought is that the original attackers are working in conjunction with a second group that acts to monetize the infiltrated networks and stolen data, as the extortion itself often doesn't start for some months following the initial intrusion itself. The Google Threat Intelligence Group report has linked the activity of the UNC640 attack group, specifically through shared infrastructure characteristics, with a cybercrime collective known as The Com. The highly respected investigative cybersecurity journalist, Brian Krebs, has described The Com as being a 'distributed cybercriminal social network that facilitates instant collaboration.' This social network exists within Telegram and Discord servers that are home to any number of financially motivated cybercrime actors. Although it is generally agreed that The Com is something of a boasting platform, where criminal hackers go to boost their exploit kudos while also devaluing the cybercrime activities of others, its own value as a resource for threat actors looking to find collaborative opportunities with like-minded individuals should not be underestimated. 'We've also observed overlapping tactics, techniques, and procedures,' Google's TIG researchers said with regard to The Com and UNC6040, 'including social engineering via IT support, the targeting of Okta credentials, and an initial focus on English-speaking users at multinational companies.' However, the GTIG report admits that it is also quite possible these overlaps are simply a matter of associated threat actors who all boast within the same online criminal communities, rather than being evidence of 'a direct operational relationship' between them. The Federal Bureau of Investigation has now also joined the chorus of security experts and agencies warning the public about the dangers of answering smartphone calls and messages from specific threat groups and campaigns. Public cybersecurity advisory I-051525-PSA has warned that the FBI has observed a threat campaign, ongoing since April 2025, that uses malicious text and voice messages impersonating senior U.S. officials, including those in federal and state government roles, to gain access to personal information and ultimately valuable online accounts. As with the latest Google Threat Intelligence Group warning, these attacks are based around the fishing tactic of using AI-generated voice messages along with carefully crafted text messages, known as smishing, as a method of engendering trust and, as the FBI described it, establishing rapport with the victim. 'Traditionally, malicious actors have leveraged smishing, vishing, and spear phishing to transition to a secondary messaging platform,' the FBI warned, 'where the actor may present malware or introduce hyperlinks that direct intended targets to an actor-controlled site that steals log-in information, like usernames and passwords.' The latest warnings regarding this scam call campaign have appeared on social media platforms such as X, formerly known as Twitter, from the likes of the FBI Cleveland and FBI Nashville, as well as on law enforcement websites, including the New York State Police. The message remains the same: the FBI won't call you demanding money or access to online accounts, and the New York State Police won't call you demanding sensitive information or threatening you with arrest over the phone. 'Malicious actors are more frequently exploiting AI-generated audio to impersonate well-known, public figures or personal relations to increase the believability of their schemes,' the FBI advisory warned. The FBI has recommended that all smartphone users, whether they iPhone or Android devices, must seek to verify the true identity of the caller or sender of a text message before responding in any way. 'Research the originating number, organization, and/or person purporting to contact you,' the FBI said, 'then independently identify a phone number for the person and call to verify their authenticity.' To mitigate the UNC6040 attack risk, GITG said that organisations should consider the following steps: And, of course, as Google has advised in previous scam warnings, don't answer those phone calls from unknown sources. If you do, and it's someone claiming to be an IT support person, follow the FBI advice to hang up and use the established methods within your organization to contact them for verification.
Forbes
22-05-2025
- Business
- Forbes
Five AI-Powered Threats Senior Leaders Should Be Aware Of
Perry Carpenter is Chief Human Risk Management Strategist for KnowBe4, a cybersecurity platform that addresses human risk management. We're all too familiar with warnings about phishing scams, and they're still a security issue we need to be aware of. But there are a wide range of other concerns, beyond phishing, that should have your attention—and that you should be sharing with colleagues so they can collaborate with you to protect your company and assets. We're moving into what I call the 'Exploitation Zone'—a widening gap between technological advancement and human adaptability. It is, admittedly, tough to keep up unless, like me, you're singularly focused on data security and staying on top of increasingly sophisticated ploys by bad actors to exploit your human nature. Here are five AI-powered threats you need to understand and take steps to respond to. It's not just emails we have to be worried about these days. Today's hackers can spoof more than email addresses. One of the quickly emerging scams is voice phishing, or vishing. Just last year, we saw a 442% increase in vishing attacks between the first and second half of 2024, according to CrowdStrike. Using publicly available voice snippets they can access via earnings calls, podcasts, video calls or media interviews, cybercriminals are able to create hard-to-detect voice clones. This can take the form of a frantic call from a 'grandchild' to a grandparent asking for money to help get them out of a jam. It can also take the form of a demanding call from a 'CEO' to release funds through a bank transfer. Suggestion: Put steps in place to verify any requests for financial transactions, especially those received via calls or voice messages; consider using authentication questions that only legitimate business representatives would know. Since the pandemic, it's not unusual for many types of meetings to take place in a virtual environment. That includes board meetings. When your board members are participating virtually, there's a chance for manipulation by bad actors. That's not just the stuff of science fiction. Deepfakes have already been used to influence critical business decisions or access sensitive information. A U.S. judicial panel has even considered how deepfakes could disrupt legal trials. Chances are that images and video clips of your board members and senior leaders exist. All cybercriminals need to do is get access to a few seconds of a voice recording, video, or sometimes even a single image and use generative AI tools to create audio and video that most people won't be able to discern from the real. Think I'm exaggerating? You can see me demoing the tools and tactics here. Suggestion: Make sure you're using authentication to protect the security of any video calls. Implement multifactor authentication and establish verification procedures that involve different communication channels. And also, similar to the suggestion for No. 1, consider creating safe words or a verbal challenge/response procedure. In 2023, a fake, likely AI-generated photo of an alleged explosion near the Pentagon briefly caused the S&P 500 to drop. Suggestion: Develop crisis response plans to address the potential for synthetic media attacks, including rapid verification channels that can be used with targeted news outlets and financial partners. Imagine a disgruntled employee using AI voice cloning to generate a fake audio recording of their CEO making discriminatory remarks. Or, picture an AI-generated video showing a senior-level official involved in questionable activities. It's all too possible with the rise of AI-generated content that is now literally at the fingertips of anyone with an axe to grind. Even when these attempts are proven to be false, the damage remains. It used to be true that 'seeing is believing.' That's still true, but what we're seeing may not be actually believable. Suggestion: Be aggressive in monitoring digital channels for synthetic content related to your organization and your key executives, board members and other representatives. Have rapid response plans in place to address any incidents that occur, and be prepared to provide evidence of manipulation. Large language models (LLMs) are the foundational technology behind many generative AI tools. While LLMs themselves don't access real-time information, threat actors can leverage these tools—often in combination with publicly available data about your organization—to craft hyper-personalized phishing campaigns and social engineering attacks. These messages can closely mimic the tone and style of internal communications, making it increasingly difficult for recipients to distinguish between legitimate and malicious content. In a now widely reported incident, what was likely a combination of voice cloning and video deepfakes were used to convince an employee at a multinational firm in Hong Kong to pay out $25 million. After participating in what turned out to be a fake, multi-person video conference call, and despite some initial misgivings, the employee did as requested. Suggestion: Train staff members to recognize the warning signs of AI-enabled impersonation, such as limited interaction or refusal to answer unexpected questions. And encourage them to trust their gut. If something feels off, it probably is, and they should pursue additional verification options. Repeated exposure to information and examples of the many ways bad actors are attempting to infiltrate and influence organizations and employees can help keep the threats top-of-mind and help minimize the chances of falling prey to these attacks. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
