Criminals have found a way to double steal money from those who are not careful about who they give their data to. National Cyber Security Administration (DNSC) – he warned on Thursday about a new type of attack where people pretending to be DNSC employees call from what appear to be legitimate numbers under the pretense that they want to help you recover lost money. In fact, the callers are criminals who want to steal your other money.
DNSC has warned on its Facebook page about a new campaign of fraud (re-victimization) through phone calls made using spoofing techniques (masking the real identity) using the identity of the Directorate.
The biggest danger is that the number displayed on the phone screen appears to be valid.
How does a scam attempt work?
The person is contacted at a phone number that is believed to be associated with DNSC. In fact, the number displayed on the recipient’s screen is not the actual number of the caller.
To lure potential victims into a trap, attackers use a technique called SPOOFING, where the attacker uses Voice over IP (VoiceIP) technology to call the victim, obtaining contact information without the consent of the institution or individual.
For this, it is enough to know the phone number or contact information.
So, such initiatives cannot be blocked at the level of the telecommunications service provider.
There are online tools that offer such spoofing services, mostly on a pay-per-minute basis. But attackers do not depend on these services and can create their own tool of this kind with relatively limited resources.
You just need to hide the original number and replace it with a fake image. Criminals use this fake image to gain the victim’s trust.
The attackers used a valid number from the DNSC website
- “The attack begins with a call from a person who claims to be an employee of the Directorate, using the name Ionescu Alexandru, and claims that he wants to help the victims recover the lost amounts.
- Then it asks for the following personal data: full name, IBAN code and the last 6 digits of the CNP.
- In fact, the calls are made by criminals posing as DNSC employees.
- Today, as part of this attack, the number published on the website in the section DNSC CONTACT – Secretariat and public relations was used,” the directorate warns.
Mihai Rotariu, DNSC: The goal of criminals is to make money
HotNews.ro talked to Mihai Rotariu, DNSC’s Communications Director, to find out how someone could steal your money knowing only your name, IBAN and the last 6 digits of your CNP.
- “This information was reported to us in 1911 by people who realized that it was a trap. Also, they definitely ask for more details, more data, including card details, etc. The last 6 digits of the CNP, to which you add the gender and date of birth, basically determine the entire CNP.
- The goal of the attackers is to make money, and they use direct calls as a quick method of social engineering.
- It basically convinces the potential victim through words, presenting them with a certain scenario, to provide sensitive data, make payments, or possibly install malicious apps or programs or remote access programs on the device.
- People should be clear that DNSC will never call you and ask you to provide such data, nor does it have the authority to recover money. This is where the bank or the police can contribute,” Mihai Rotariu told HotNews.ro.
How do criminals know who to call to promise the return of previously lost money?
- “Because they probably took their money too.” Hence the term revictimization,” said a DNSC official.
What DNSC recommends about this type of scam:
- DNSC will never call users to promise them a refund.
- DNSC will never ask users to provide sensitive information (personal information, authentication information, or bank card information) over the phone after calls made by the institution.
- Always verify the authenticity of calls from an authority or agency through a separate communication channel, especially if sensitive data is requested.
- Report such calls to the impersonated organization to quickly draw attention to the new scenarios used by criminals in such fraudulent initiatives.
- If you have provided card details, notify the bank immediately, and if you have been damaged, file a complaint with the police (in person or at [email protected]) and notify the DNSC (phone 1911 or [email protected])
- Last but not least, help spread these warnings to other users to reduce the chances of such scams succeeding!
Photo: David Burke / Dreamstime.com
Source: Hot News
Lori Barajas is an accomplished journalist, known for her insightful and thought-provoking writing on economy. She currently works as a writer at 247 news reel. With a passion for understanding the economy, Lori’s writing delves deep into the financial issues that matter most, providing readers with a unique perspective on current events.