{"id":2087,"date":"2021-06-24T08:49:11","date_gmt":"2021-06-24T08:49:11","guid":{"rendered":"https:\/\/osintme.com\/?p=2087"},"modified":"2021-06-24T11:17:17","modified_gmt":"2021-06-24T11:17:17","slug":"vishing-attacks-in-ireland-and-some-resources-to-help-investigate-them","status":"publish","type":"post","link":"https:\/\/osintme.com\/index.php\/2021\/06\/24\/vishing-attacks-in-ireland-and-some-resources-to-help-investigate-them\/","title":{"rendered":"Vishing attacks in Ireland – and some resources to help investigate them"},"content":{"rendered":"\n

In the last two weeks or so users in Ireland have been subject to vishing attacks on a large scale.<\/p>\n\n\n\n

The modus operandi is random phone calls from unknown mobiles, predominantly 087 numbers that appear to belong to Vodafone.<\/p>\n\n\n\n

It’s unclear if these are real or spoofed – but from research that I carried out into the numbers confirmed to be part of this scam, none of them belong to any identifiable real persons.<\/p>\n\n\n\n

Multiple users reported being targeted over and over, which suggests that the scammers don’t just pick random numbers to call – they actually verify that the victim’s number is valid and is in active use.<\/p>\n\n\n\n

This “due diligence” is probably done using breach data dumps like the Facebook one, which I previously discussed here<\/a>.<\/p>\n\n\n\n

The vishing callers impersonate Irish government organisations, from the Department of Social Protection to An Garda Siochana. <\/p>\n\n\n\n

The content of the message will vary, but usually it will employ some degree of urgency (“your PPS number has been invalidated” or “there is an outstanding warrant in your name”, etc.).<\/p>\n\n\n\n

In some cases, an unanswered call will result in an automated voicemail message being left – like the one below:<\/p>\n\n\n\n

I was calling from the department of social protection we have got in order to suspend your PPS number on immediate basis because your PPS number is found suspicious for illegal and criminal activities it is very time-sensitive and urgent to hear back from you before we proceed further with suspension of your assets bank accounts, so please press one.<\/em><\/p><\/blockquote>\n\n\n\n

For some unclear reason, on this occasion the scammers favour using 087 numbers belonging to Vodafone. <\/p>\n\n\n\n

Multiple users who were targeted also use 087 numbers, so perhaps this MO stems from the abuse of free calls between Vodafone numbers?<\/p>\n\n\n\n

The company itself issued a warning on this topic, containing the following advice:<\/p>\n\n\n\n

\u2022 Don’t engage with the caller
\u2022 Hang up the call, don’t return the call
\u2022 Don’t follow the automated instructions, don’t press 1 etc
\u2022 Never disclose personal\/financial information<\/p>\n\n\n\n

\n

*Public Service Announcement*

1\/3

We are aware of a phone call phishing scam currently circulating in Ireland. The calling number will look like an Irish mobile number and in many cases, the first six digits, including the 08X prefix, will be the same as your own phone number<\/p>— Vodafone Ireland (@VodafoneIreland) June 18, 2021<\/a><\/blockquote>