There is a new service emerging on the dark web producing robocalls for stealing credit cards and PIN number information.
The operation offers cybercriminals an automated means of going about their social engineering practices.
Cybercriminals are adopting new AI technologies on the dark web for automating social engineering; this includes methods where bots conduct robocalls in order to pry information out of victims.
The dark web, or the underground internet, is well known for such exchange of information. Cybercriminals list personal information, credit card numbers and other such data through these websites.
The latest service offered by a dark website is a simple means of tricking victims into revealing their PIN numbers.
It also tricks them into revealing information that could lead cybercriminals to find out other information used to protect accounts from being broken into, such as the name of the victim’s mother.
Hackers can then guess the victim’s PIN number and gain access to bank accounts and other sensitive password-protected platforms.
How Robocalls Work
The victim is initially made into a subscriber. He/she then offers details such as their name, address, phone number, which bank they use and so on.
The service then calls up the victim and sends robocalls, or automated messages, to covertly persuade them into revealing their PIN.
Social engineering involves placing convincing calls or chat sessions with victims while luring them into giving vital information.
The use of robocalls makes this practice categorized as “social engineering-as-a-service.” In other words, it is an automated form of phishing.
The way this works is very simple. The system just asks the victim to confirm his/her PIN number connected with their ATM account. When the victim inputs the PIN number, the hacker can view the same and then cash in on it.
The new service doesn’t seem to be very sophisticated, but some consider it an extremely clever scam. It is a novel idea, so say cyber security experts monitoring dark web markets and activities.
Origins of Site
The origins of the new social engineering-as-a-service site seem to go back to July of last year.
And it has been operating since then, according to experts at Digital Shadows, an intelligence and security analyst firm that keeps an eye on the dark web.
Goldrose, a hacker, had advertised the site in AlphaBay and on other dark web marketplaces. These are sites on the darknet where hackers flock to, for getting credit card numbers.
The model of the social engineering site on the dark web is based on subscriptions. People using the site (predominantly hackers) have to make a payment of $250 a month.
They can then access the robocalls or automated calling service.
However, there is no news about the number of users on this dark web site.
The vice president of strategy at Digital Shadows told Motherboard that the hacker who runs the service is taking advantage of a market demand among dark web cybercrime operations.
Though the market offers a plethora of credit card information dumps, hackers aren’t able to get the most out of them since they don’t know victim’s PIN numbers.
That’s the gap this social engineering-as-a-service site is looking to fill, attracting and targeting hackers as customers.
Glitches in Site
On the dark web, there are many reviewers of the service who claim the site has glitches.
The execution of the social engineering-as-a-service website often was not fulfilled, and the message recording facilities failed to meet the mark.
Samples show that the sound quality is poor and the interface of the site is also unimpressive.
It is not known whether the dark web site will be able to successfully trick victims into revealing their PIN numbers.
Subscribers who pay $250 a month may only be gambling, as there is no guarantee that they can obtain this information from victims.
Latest posts by Richard (see all)
- Zerodium Offers $1M for Tor Browser Zero-Day Exploits - September 18, 2017
- WikiLeaks Website Infiltrated By OurMine - September 18, 2017
- The House of Lions Market - September 15, 2017