A call from a bot can steal our accounts
What are Robocall? This is how bots that make phone calls to scam victims are known. A report by CyberNews has shown that they are capable of obtaining one-time access codes, which are the keys we need to enter the bank account, for example, after having entered the password. We are facing a clear example of social engineering attack.
If an attacker steals the bank passwordFor example, after having infected the mobile phone or computer with a virus, by a Phishing attack or even by simple guessing (this happens if that key is very weak), the most normal thing is to find a second step. That second step is going to be a one-time code that you are going to have to enter to verify that you really are a legitimate user. It is usually a series of numbers or letters that we receive by SMS.
What these Robocall do is, once they have obtained information from the victim, call and impersonate a bank or any company. Usually it will indicate that something has happened with the account, that they need to verify the identity, that they have to protect themselves … Anything that sets the victim off alarms. They can get data from social networks or information that we make public in forums, for example.
They request a unique access code
Later it will ask that user to tell it a code that you will receive on your phone. The excuse will be what we comment, verify that it is the legitimate person of that account, etc. This way they could log into the bank, Google Pay, Apple Pay or any online shopping site. Once they have entered they could link a card, for example, and later load illegitimate purchases.
They also often use the technique that someone has entered their account and they need put the bank PIN or anything to verify identity. Logically this will stop the attackers and they will have full control of those accounts.
An important point of all this, as indicated by CyberNews, is that when using a fake caller id, that bot will appear on the phone with an identifier that pretends to be a bank or any legitimate company. This can mislead the victim.
In short, a Robocall is one more technique used to steal accounts and be able to access the bank, link cards or any online service. This means that we must be more alert than ever and, beyond always having two-step authentication activated, never trust any call or message that we receive that asks for data. We must always protect bank accounts and any other platform that we use.