Many times we sin naive against the permissions we grant to some applications, or to the information we deliver. The goes far beyond what we imagine, it is everywhere, by all means, because technology makes it easy for their work.
That is, social engineering is cyber espionage since it involves the manipulation of people influencing them to execute a certain action. That way, confidential information is delivered to third parties, without realizing that we are victims of a cyber attack.
Cyber Espionage Methods
Generally, applications ask for permission to access the microphone, but there is an alternative method in which user permission is not required. This happens on Android, as applications do not need permission to access the phone’s accelerometer. Therefore, the researchers used it as a listening device, through the vibrations emitted by the phone. They are useful for fitness applications.
This type of attack “uses a combination of signal processing and machine learning to convert vibration samples into voice. The technique works whether the phone is on a table or in the user’s hand, as long as the phone plays the sound through the speaker and not through a headset. ”
In order for this type of attack to be carried out, a cybercriminal would have to install the malicious software on the phone, which is possible if the user was currently browsing a fake or malicious page.
Obviously, one way to prevent this type of attack is to activate the controls that have to do with the permits for the accelerometer as Google has done well in GPS sensors.
Another form of cyber espionage is Vishing (a combination of the words Voice and Phishing); they are phishing scams that are made over the phone. The objective of this attack is to obtain confidential and personal information of the attacked user, especially the bank.
How does the Vishing technique work?
The scammer must be very skilled to be as credible as possible through the phone, prepare a whole plan of what to say, a very credible scheme. The technique he uses is as follows:
- Correct information: they have all the personal information of the person they are going to cheat. Therefore they are credible.
- Urgency: they make the victim believe that their money is at risk. Therefore, the person acts out of fear and without thinking.
- Telephone skills: they make believe that the telephone comes from another site.
- Business atmosphere: a lot of background noise is heard, so it seems to be a call-center
Vishing attacks are very difficult to track because they use a technology called VoIP (voice over IP), which means that the call starts and ends on a computer, which can be anywhere in the world.
How to protect yourself from this attack called Vishing?
Never call the number you have been given or the one that was registered in the caller ID. Check if the number corresponds to the real one, for example, of a bank if they were impersonated by a banking entity.
- Never give personal information to anybody.
- If you receive a suspicious call, it is better to hang up.
There are many forms of cyberattacks, increasingly sophisticated, according to the advancement of technology. If we spend many hours connected to the different devices, we must be cautious and continually inform ourselves of the possible threats to which we are exposed. Take preventive measures, and if you are victims of a cyberattack, be prepared to act. It is always better to be defensive than very confident, especially when it comes to technology since its progress is vertiginous.