Why is a TG bot that allows you to change the Caller-ID dangerous?

Today, news broke into the media about a Telegram bot for phone calls with the function of substituting a return number. On Habré, too, has already appeared. Well, since I am Alexey Drozd, I thought that you might be interested in learning a few details about the bot’s functionality and about the threats it carries.

An old song in a new way

From a technical point of view, the attack is nothing new. The novelty is rather from the functional side. The appearance of such a bot lowers the entry threshold for scammers to zero. If earlier you had to move your brain a little in order to read the instructions for setting up a virtual PBX, now you just need to move your finger. Everything is intuitive.

Reducing the cost of attacks, as well as lowering the entry threshold, contributes to the growth of popularity. The first association that came to mind was @ LukaSafonov’s long-standing post about leaked Citadel sources. Demand generates not only supply, but also service. So the TG bot also has the opportunity to smoke manuals, write to the support and see various reports of its activities. In the best traditions, an affiliate program with referrals is screwed on.

As for tariffs, everything is more or less standard. Per second billing and various packages.

Why did you suddenly take up arms against the bot?

Indeed, there are no complaints about the technology itself. It’s no secret that many people use such dialers in a peaceful way. Therefore, initially there were no questions to the bot, until it came to the function of changing the voice.

Why would a legitimate call center employee need such functionality? This is a rhetorical question. In addition, even without a test call, it can be assumed that the bot is changing pitch. And this is a reversible process if you record the voice of the caller.

What is the danger?

First of all, as I already wrote, an increase in the flow of applicants. The classic attack consists of 2 parts: call-scare-convince + withdraw money. Part 1 is now easier to organize. Part 2, in principle, worked out like that.

Second, the approaches are changing. If earlier the calls came mainly from “the bank’s security officers”, then recently I have often seen a two-way move. First, the scammers find out the real numbers of the police stations, the names of the employees. Further, they call the victim from a fake number, posing as an employee of the department, and simply warn about a recorded attempt to write off funds. No action is asked. They perform in every possible way the play “My militia protects me”. At the end of the conversation, they warn that a bank employee will contact soon and you will need to follow his instructions. Actually, for the sake of this parting words, the performance was started.

After talking with the “policeman”, some victims show common skepticism and go online to check the accuracy of the information provided. Naturally, they find both the number and the full name of the employee on whose behalf the conversation was conducted. It’s a trap! The suspicion is reduced and the caller is more likely to trust the bank employee.

PS Do not hope that once informing your relatives and friends about the fraudulent scheme, you will solve the problem forever. Alas, practice shows that in the overwhelming majority of cases, victims are sure to the last that this will not happen to them. Therefore, I highly recommend reading @iiwabor’s post. And the most desperate can find a bot and reproduce the attack on their own. Free time is enough for a few seconds. But, I hope, your “victim” will have an epiphany when you show clearly how easy it is to organize an attack “on the knee”. Let them remember once and for all no one will call them. If in doubt, hang up and contact yourself with bank police department prosecutor sports lotto.

Similar Posts

Leave a Reply