European authorities take down ‘vishing’ racket that pocketed millions of euros

The voice phishing scheme involved sending the victims emails, supposedly from a Belgian bank, to obtain personal information, and then using that information to call the individuals, again under false pretenses, and gain special passwords to transfer money out of their accounts.

The organized crime group relied on phishing and vishing for this stunt, according to Europol. The phishing messages “informed recipients of security threats and asked them to visit a fake bank website where they were asked to enter personal information, including their login credentials and phone numbers,” Softpedia reports.

Once they had this information, the crooks called their targets and instructed them to perform a security update. “In this process, victims were asked to hand over the one-time passwords (OTPs) generated by the tokens provided by the bank” according to Softpedia.

The token devices are meant to ensure that even if criminals compromise login information, they can’t conduct transactions with that data alone.

It’s typically difficult for cybercriminals to target the customers of European banks, because the financial institutions use such two-step authentication techniques. But not always.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.