Intelligence Alert from AFP Cybercrime

There has been an intelligence report from the AFP Cybercrime Operations, relating to increasingly sophisticated methods employed by cybercriminals in conjunction with the Dyreza malware targeting Financial Institutions.

The report incorporates the use of ‘1800’ communications services, to insert an extra level of perceived authenticity to a Microsoft type scam.

Instead of the criminals randomly cold-calling potential victims, they have been identified and targeted through malware already present on their computer. As the report states, targets are carefully selected for the fraud opportunities of their banking profile.

Once the victim opens an Internet Banking session the criminals already have control of the PC through the malware. A pop-up alert advises of technical issues and provides a 1800 support number to call, which is operated by the criminals.

While the criminals keep the victim on the phone for as long as possible, the criminals are using the open Internet Banking session to carry out as much fraud as possible – overseas TTs, standard Internet Banking transfers, requests new or increased limits on credit cards.

The details characteristics of this new typology as as below:

  • Initial electronic campaign to facilitate malware infection
  • Web inject activation pop-up upon the victim logging into banking platform containing instructions including 1800 service support line
  • Reversal of the normal cold calling approach whereon ‘Microsoft’ cold calls potential victims
  • Calls answered by a person claiming to represent legitimate helpdesk entity
  • Prior knowledge of the victims financial accounts likely gleaned from malware used to bolster credibility of ‘helpdesk’
  • Use of anglicised Christian names of persons receiving calls used in attempt to deflect suspicion
  • Integrated use of multiple scam methodologies to attack numerous aspects of victims’ financial life
  • Delaying tactics utilised to maintain phone access with victims for long periods whilst fraudulent transactions conducted
  • Integration of phone porting of victims’ mobile service with other fraud techniques
  • Fraudulent credit card applications submitted with AFI’s including new card applications and card limit increase applications submitted after interaction phase

Scammers are shifting from automated phishing emails to the cold-calling scams – criminals realise speaking to the victims personally significantly improves their ability to trick them.

This latest version of this scam combines the sophistication of the latest banking malware with the power of person-to-person social engineering to gain the trust of the victim and distract them as the fraud occurs in real time, in front of them.

If ever in doubt of authenticity of any communications, contact our Assistance Centre directly on 131 728 or email us: