A new threat is emerging in the digital business world, which particularly affects companies with Salesforce-systems. A criminal group, referred to by Google as UNC6040, has been targeting Voice phishing a sophisticated form of telephone fraud.

These attackers pretend to be IT support staff on the phone and convince unsuspecting employees to grant them access to sensitive data. Their aim is clear: to steal data and then blackmail the companies concerned.

According to Google's Threat Intelligence Group, the perpetrators are opportunistic, financially motivated actors. English-speaking departments of multinational companies are particularly at risk and are often chosen as primary targets.

The Telephone fraud works frighteningly effectively because it targets human weaknesses rather than technical security vulnerabilities. The fraudsters use clever conversational techniques to gain trust and bypass even the most advanced security measures.

Important findings

  • The UNC6040 group uses Voice phishing Targeted against Salesforce users
  • Attackers pretend to be IT support to gain access
  • The aim of the attacks is data theft with subsequent blackmail
  • English-speaking departments of multinational companies are particularly at risk
  • The attacks circumvent technical security measures through social manipulation
  • Google describes the perpetrators as opportunistic and financially motivated

What is voice phishing?

Voice phishing refers to a method of attack in which fraudsters build trust over the phone in order to obtain confidential data. This form of fraud is becoming increasingly sophisticated and poses a growing threat, particularly to users of business software such as Salesforce. According to an analysis by the Google Threat Intelligence Group (GTIG), the hacker group UNC6040 has developed targeted campaigns to compromise organizations' Salesforce instances.

The attackers aim to tap into data on a large scale and then blackmail the affected companies. This form of digital attack combines social manipulation with technical tricks and uses the human voice as a tool.

Definition and basic explanations

Voice phishing, also known as Vishing is a scam in which criminals contact their victims by telephone. They pose as trustworthy persons or organizations - for example as employees of the IT department, customer service or even as superiors.

The attackers use psychological tactics to put their victims under pressure and force them to make quick decisions. They often create a sense of urgency or fear in order to suppress critical thinking.

In attacks on Salesforce users, the fraudsters often pretend to be support staff and claim to need to fix a security problem with the account. The aim is to obtain access data or cause malware to be installed.

One particularly dangerous technique is the Voice spoofing. The attackers manipulate the displayed phone number so that the call appears to come from a trustworthy source. Modern Attacks on language systems can even imitate voices, which makes recognition considerably more difficult.

Difference to other phishing methods

Compared to conventional phishing methods, voice phishing offers attackers some decisive advantages. While traditional phishing is mainly carried out via emails or fake websites, voice phishing uses direct human interaction.

The human voice conveys authenticity and enables fraudsters to respond flexibly to queries. Unlike with an email, attackers can build up pressure during a phone call and adapt their approach to the victim's reactions.

Another difference lies in the accuracy of targeting. Voice phishing attacks are often more targeted and better researched than mass emails. The attackers often have prior information about their victims, which increases their credibility.

Phishing method Main channel Special features Recognizability
Voice phishing Phone Personal interaction, urgency, voice as a trust factor Heavy (especially with Voice spoofing)
E-mail phishing E-mail Mass mailing, fake links, attachments Medium (spam filter, visible URL errors)
Smishing SMS/Messaging Short messages, often with links Means (unknown sender)
Spear phishing Various Highly personalized, well researched Very heavy (looks authentic)

The combination of human interaction and technical tricks makes voice phishing particularly dangerous. While email filters can intercept suspicious messages, there are fewer automated protection measures for phone calls. In addition, attackers use social engineering tactics to manipulate their victims and persuade them to disclose sensitive information.

The risk is particularly high for Salesforce users, as the platform contains valuable customer data and business information. A successful attack can not only lead to data loss, but also cause considerable financial damage through blackmail.

Risks for Salesforce users

For companies that use Salesforce, voice phishing attacks pose specific risks that go far beyond simple data loss. The platform houses extensive and valuable business information that is particularly attractive to cybercriminals. Attackers such as the UNC6040 group have specialized in gaining access to this data through targeted phone calls.

In recent months, this group has been successful on several occasions by posing as IT support staff. Using clever social engineering, they convinced employees to grant them access or to disclose sensitive access data. It is worth noting that in all cases observed, no technical vulnerabilities in Salesforce were exploited - instead, only the end users were manipulated.

Data and information at risk

In successful voice phishing attacks on Salesforce users, criminals can access a wide range of sensitive information. Customer data is particularly at riskwhich contain detailed contact information, purchase histories and personal preferences. This data is of considerable value to cyber criminals, as it can be used for further fraud attempts or for resale on the darknet.

In addition to customer data, internal business information is also a coveted target. Sales forecasts, marketing strategies and product development plans can fall into the wrong hands and lead to competitive disadvantages. Attackers can also gain access to internal communication channels, which enables other systems to be compromised.

The Security in Salesforce is particularly jeopardized by the fact that attackers often remain undetected for months after successful infiltration. The UNC6040 group has shown that it proceeds patiently after the initial compromise and sometimes waits months before extracting data. This approach makes detection considerably more difficult and increases the potential damage.

Data at risk Value for attackers Potential consequences Difficulty of recognition
Customer contact data Very high Identity theft, spear phishing Medium
Sales data High Competitive disadvantages, market manipulation High
Trade secrets Very high Loss of competitive advantages Very high
Access data Extremely high Long-term system compromise High

Potential financial losses

The financial impact of voice phishing attacks on Salesforce users can be devastating. Direct costs are initially incurred through extortion paymentsthat attackers demand after the data theft. Depending on the size of the company and the value of the stolen data, these can run into hundreds of thousands or even millions of euros.

In addition, there are considerable costs for forensic investigations and the restoration of compromised systems. Companies have to hire specialized IT security experts to determine the scope of the attack and close security gaps. These measures not only tie up financial resources, but also valuable IT department working time.

The indirect financial damage caused by loss of reputation and customer churn is particularly serious. If it becomes known that a company has been the victim of a data breach, customer trust suffers considerably. Studies show that up to 30% of customers lose trust in a company after a data protection incident and switch to competitors.

The threat situation is further exacerbated by the use of AI-supported security risks. Modern attackers are increasingly using artificial intelligence to refine their attacks and make detection more difficult. For example, they can imitate real voices or carry out automated personalized attacks based on publicly available information about employees.

What is particularly worrying is that traditional security measures are often ineffective against this type of attack. Since voice phishing does not target technical vulnerabilities in Salesforce, but rather the manipulation of employees, traditional security systems are bypassed. Companies therefore need to take a holistic approach to security that considers both technical and human factors.

How does voice phishing work?

Behind voice phishing attacks on Salesforce users is a sophisticated methodology that abuses trust and exploits technical vulnerabilities. The attackers are highly organized and follow a multi-stage process aimed at deceiving employees and gaining access to valuable company data.

The attack usually begins with thorough research. Cyber criminals gather information about the company structure, IT systems and employees with Salesforce access rights. This preparatory work enables them to make their calls credible and target the right people.

At the heart of the attack is persuasion over the phone. The fraudsters pretend to be trustworthy people - such as IT support staff or official Salesforce specialists. Their aim is to persuade victims to authorize a malicious Connected app for the Salesforce portal.

Typical methods and tactics used by attackers

One particularly dangerous development is the Identity theft through language clones. Attackers use recordings of an executive's voice to create deceptively real voice impersonations. With this technology, they can convincingly impersonate superiors or well-known colleagues.

Advanced attackers have also developed methods to Voice recognition-systems. They manipulate audio data so skillfully that biometric security systems are fooled, while the voice sounds natural to human listeners.

In a typical vishing call, the perpetrators direct their victims to a Salesforce Connected app setup page. There, employees are asked to authorize a supposedly legitimate version of the data loader. This app often has a slightly different name or modified branding, which is hardly noticeable at first glance.

However, the installed application is an unauthorized, modified version of the official Salesforce Data Loader. As soon as this app gains access, the attackers can gain full access to the company's Salesforce data and extract it.

Examples of voice phishing calls

A common scenario begins with a supposed call from the IT department: "Hello, this is Thomas from IT security. We have detected unusual activity in your Salesforce account and urgently need to install a security patch."

In another example, the caller pretends to be a Salesforce employee: "We are carrying out an important update and need your help to ensure that your data is not lost. Could you please authorize our Data Loader?"

Attacks with Identity theft through language clonesin which the voice of a manager is imitated: "Hello, this is Managing Director Martin. I'm in an important meeting right now, but our Salesforce system has a critical problem. Please authorize the app immediately, which our IT partner will send you by email in a moment."

The attackers often create artificial time pressure and claim that data could be lost or services will fail if action is not taken immediately. This urgency is intended to suppress critical thinking and lead to quick, rash actions.

In all cases, the perpetrators use psychological tricks, technical expertise and persuasive conversation techniques to manipulate their victims. The combination of a trustworthy appearance, seemingly legitimate requests and sophisticated Voice recognition-This makes voice phishing a particularly dangerous threat for Salesforce users.

Signs of a voice phishing call

Vigilance against suspicious call patterns is the first step in defending against voice phishing attacks on Salesforce users. Cybercriminals are refining their Telephone fraud-methods to appear more authentic and fool more victims. The ability to recognize these fraudulent calls can make the difference between data security and serious security breaches.

Typical characteristics of suspicious calls

Voice phishing calls often have characteristic patterns that can serve as warning signals. Particularly with Salesforce users, fraudsters target valuable customer data and access information. Recognizing these patterns is the first step in protecting sensitive company data.

To the Most common signs of a voice phishing attempt include:

  • Unexpected calls allegedly from IT support or Salesforce employees
  • Artificially created time pressure and urgency ("Your account will be blocked in 30 minutes")
  • Direct requests for access data or MFA codes
  • Requests to visit certain websites or to install software
  • Threats of consequences such as data loss or system failures

The use of technical terms to feign competence is particularly ingenious. Attackers often use technical jargon to unsettle victims and increase their credibility. They can pretend to be Salesforce employees or IT specialists and claim to have to fix urgent security problems.

Another typical feature is a request to visit a specific website. In recent attacks on Salesforce users, criminals have tricked their victims into opening an Okta phishing panel. There, access data and multi-factor authentication codes were requested directly in order to log in and add the Salesforce Data Loader app.

Behavior in the event of suspicious calls

The correct behavior in the event of a suspicious call can be decisive in preventing a Telephone fraud to prevent this. The basic rule is: stay calm and don't let yourself be put under pressure.

The following Rules of conduct should be observed in the event of suspicious calls:

  1. Never make decisions or disclose personal data under time pressure
  2. Politely end the call and announce a callback
  3. Contact the IT department or Salesforce via official channels
  4. Do not open links or install software recommended during the call
  5. Do not provide access data or MFA codes over the phone

Special care should be taken if the caller asks for multi-factor authentication codes. These codes are the last line of defense against unauthorized access and should never be disclosed. Legitimate Salesforce employees or IT support teams will never ask for this sensitive information.

If you are unsure, it is always better to end the call and dial the official number of the company or Salesforce support yourself. This way you can ensure that you are actually speaking to an authorized employee. Document suspicious calls with the date, time and information requested so that you can create a detailed report if required.

A good principle is: If a call sounds too good to be true or seems unusually urgent, healthy skepticism is advisable. Trust is good, verification is better.

If you have inadvertently disclosed data, act immediately. Change affected passwords, inform your IT security department and monitor your accounts for suspicious activity. The faster you react, the greater the chance of averting or limiting damage.

Protective measures for Salesforce users

With voice phishing attacks on the rise, Salesforce users need a multi-layered security approach to protect their data. The threat of telephone fraud attempts requires both technical and organizational measures to protect the Security in Salesforce to guarantee security. A holistic approach that combines different levels of protection and systematically closes potential vulnerabilities is particularly important.

Best practices for avoiding voice phishing

To effectively protect against voice phishing, companies should first establish clear communication protocols for IT support requests. These protocols help employees to distinguish legitimate from fraudulent requests and provide a structured process for support requests.

A fundamental safety principle is the application of the least authorizations. Employees are only given access to the data and functions required for their work. Google expressly recommends this approach as an effective countermeasure against phishing attacks.

The implementation of IP-based access barriers is another important protective measure. These restrictions prevent unauthorized access from unknown or suspicious locations and thus significantly increase the security of the Salesforce system.

It is particularly important to activate the Multi-factor authentication (MFA) for all Salesforce accounts. Ideally, companies should use hardware security keys instead of SMS codes, as these offer a higher level of security. MFA is considered one of the most effective measures against unauthorized access and should therefore be implemented consistently.

Security software and tools

Salesforce offers special security tools for additional protection. Salesforce Shield is a powerful solution that provides advanced monitoring and encryption functions. The tool enables comprehensive advanced security monitoring and policy enforcement, as recommended by Google as a protective measure.

Setting up automatic alerts for unusual activities can uncover suspicious processes at an early stage. These alerts should be configured in such a way that they immediately inform the responsible employees in the event of potential security breaches.

Regular checks of connected apps are also essential. Access to these apps should be handled restrictively, as suggested by Google, in order to minimize the risk of data leaks.

Special Phishing protection mechanisms such as call filters or verification systems for support requests can specifically detect and ward off voice phishing attacks. These tools analyze incoming calls for suspicious patterns and can automatically block potential threats.

A combination of different security levels is recommended for comprehensive protection:

  • Technical measures such as MFA and IP restrictions
  • Organizational regulations such as clear support protocols
  • Monitoring systems for detecting suspicious activities
  • Regular safety audits and inspections

The consistent implementation of these protective measures forms a robust security network that effectively protects Salesforce users against voice phishing and other forms of attack. It is particularly important that all measures are regularly reviewed and adapted to new threat scenarios.

Response to voice phishing incidents

The right response to voice phishing attacks can make the difference between a small security breach and a massive data breach. Especially for Salesforce users, who often work with sensitive customer data, a quick and coordinated approach is crucial. Experience shows that cybercriminals often take a strategic, step-by-step approach to their attacks in order to test and refine their methods.

Immediate steps if phishing is suspected

As soon as you suspect a voice phishing attack, you should act immediately. End the call immediatelywithout disclosing any further information. Even if you are unsure, it is better to be careful than to risk losing data later.

If access data has already been passed on or suspicious apps have been authorized, you must react immediately:

  • Change all affected passwords immediately
  • Deactivate suspicious applications in your Salesforce account
  • Check your access authorizations for unusual changes
  • Document the incident with all relevant details

You should be particularly careful with small, seemingly insignificant data queries. Criminals use Voice spoofing Often a test strategy: in documented cases, attackers first extracted small blocks of data to test their methods. In one Salesforce instance, they were able to access ten percent of the data before being discovered.

Another case shows an even more systematic approach: Here, the attackers first launched numerous test queries with small blocks of data before reading out entire database tables. This step-by-step approach makes Attacks on language systems particularly treacherous, as minor incidents are often not taken seriously enough.

Informing the IT department or security officer

After the initial immediate measures, the next critical step is to communicate with those responsible for security. Use a previously defined secure communication channel for this - never the potentially compromised channel.

The IT department can then initiate further important measures:

  • Checking the system logs for suspicious activities
  • Isolation of potentially affected systems
  • Carrying out a forensic analysis
  • Initiation of countermeasures in the event of a confirmed data outflow

Also check legal reporting obligations. According to the GDPR, companies must inform the responsible data protection authority within 72 hours if they suspect a data leak. Failure to report can lead to severe penalties.

Complete documentation of the incident is particularly important. This not only helps with internal processing, but can also be decisive for later legal action or insurance claims. Make a note of the time, content of the call, affected systems and all measures taken.

Experience shows: The better a company is prepared for voice phishing incidents and the faster it reacts, the less damage is caused. A predefined response plan for such security incidents should therefore be standard in every company that uses Salesforce.

Training and awareness-raising within the company

In the fight against Telephone fraud and voice phishing, raising awareness among all employees is essential. As Google reports, while vishing is neither new nor particularly innovative, the increasing focus on Salesforce environments and IT support staff is a worrying development. Attackers have realized that the human factor is often the weakest link in the security chain.

Importance of employee training

Employee training is not just a precautionary measure, but a Necessary investment in corporate security. The success of the hacker group UNC6040 clearly shows that voice phishing remains an effective attack vector.

Employees with access to sensitive systems such as Salesforce are particularly at risk. These are specifically targeted as they can serve as a gateway to valuable company data. IT support staff are also increasingly being targeted, as attackers exploit their privileged roles to gain initial network access.

"Even the best firewall is useless if employees carelessly disclose sensitive information over the phone. Regular training is therefore not a luxury, but a necessity."

Federal Office for Information Security

Effective training programs should be hands-on and simulate real-life scenarios. This is the only way for employees to learn to recognize fraud attempts in real time and react appropriately.

Example measures to raise awareness

Various measures have proven to be particularly effective in raising awareness of voice phishing in the long term:

  • Phishing simulations: Controlled but realistic voice phishing calls help employees to recognize suspicious signs.
  • Interactive workshops: Presentation of current scams and joint development of defense strategies.
  • Clear guidelines: Establishment and regular communication of protocols for dealing with unexpected support calls.
  • Regular updates: Information on new attack methods and tactics used by cyber criminals.
  • Security for voice assistants: Training on the safe use of digital voice assistants in the corporate context.

Continuous repetition of the training content is particularly important. One-off training sessions are not enough, as attackers are constantly refining and adapting their methods.

The Security for voice assistants deserves particular attention, as these technologies are increasingly being used in companies. They can be potential gateways for voice phishing if employees are not trained accordingly.

Companies should also establish a structured process for reporting suspicious calls. Employees need to know who they can contact if they suspect possible telephone fraud.

These comprehensive measures turn employees from potential vulnerabilities into an effective first line of defense against voice phishing attacks. The investment in training and awareness-raising pays for itself many times over in the form of avoided security incidents.

Technologies for detecting voice phishing

In the digital age, advanced technologies are emerging that can identify voice phishing attacks at an early stage. These innovative solutions help companies detect suspicious calls and fend off potential threats before sensitive data is compromised. The continuous development of these technologies is crucial to keep pace with the increasingly sophisticated methods used by attackers.

Use of AI and machine learning

Artificial intelligence and machine learning are revolutionizing the detection of voice phishing attacks. Modern AI systems can identify unusual call patterns and automatically trigger alerts when suspicious activity is detected.

These intelligent systems analyze various factors such as call times, frequency of calls from unknown numbers and linguistic characteristics. AI-supported security solutions continuously learn from new attack patterns and thus improve their detection rates over time.

Particularly noteworthy is the progress made in the Voice recognition. This technology can identify synthetically generated or fake voices, which are often used in voice phishing attacks. The algorithms recognize subtle nuances and irregularities that often escape the human ear.

AI technology Function Advantages Challenges
Call pattern analysis Detects unusual call times and frequencies Early warning system for suspicious activities Requires large amounts of data for training
Voice recognition Identifies synthetic or fake voices High accuracy in the detection of deepfakes Can be fooled by advanced voice imitations
Speech pattern analysis Recognizes typical phishing formulations Identifies social manipulation techniques Linguistic variations make recognition difficult

Security systems for companies

Specialized telephony security systems are available for companies that can be seamlessly integrated into the existing communications infrastructure. These systems automatically filter suspicious calls or flag them for closer scrutiny.

A particular strength of these solutions is their ability to work with Salesforce security protocols. This integration enables a holistic approach to protectionwhich secures both the communication channels and the CRM data.

Analyzing network traffic also plays an important role in detecting voice phishing. Modern security systems continuously monitor the data flow and can identify unusual movements that could indicate an ongoing attack.

The challenge is that the same AI technologies we use for defense are also used by attackers to refine their methods. It's a technological arms race in which both sides are constantly innovating.

Dr. Andreas Müller, cyber security expert

Companies should invest in advanced detection technologies, but be aware that these are only part of the security strategy. The most effective defense against voice phishing comes from combining technological solutions with trained staff and robust security policies.

While implementing these technologies requires an initial investment, in the long term they offer significant protection against the financial and reputational damage that can result from successful voice phishing attacks. Together, these measures help to make such attacks significantly more difficult and increase the security of Salesforce users.

Outlook: The future of voice phishing

Voice phishing is constantly evolving and presenting companies with new challenges. The coming years will be characterized by a technological race between attackers and defenders.

Developments in phishing technology

Artificial intelligence and improved speech synthesis enable ever more realistic voice imitations. The Identity theft through language clones is therefore becoming a growing threat. Attackers can already imitate the voices of executives in a deceptively realistic way.

At present, the focus is mostly on employees of English-speaking branches of multinational companies. However, this target group will expand as the technology becomes cheaper and more accessible.

Future protective measures for companies

To counter the new threats, companies need to develop innovative Phishing protection mechanisms use. Biometric authentication methods will play an important role. These go beyond simple Voice recognition and use several factors to confirm their identity.

Context-based security systems that automatically recognize unusual requests will become standard. Blockchain technology could also contribute to the secure verification of communication in the future.

The combination of technical solutions and trained employees remains crucial for effective protection. Companies should develop flexible security strategies and adapt them regularly to keep pace with constantly changing threats.

FAQ

What exactly is voice phishing and how does it differ from other phishing methods?

Voice phishing (also known as vishing) is a scam in which attackers make contact by telephone and pretend to be trustworthy people. Unlike email phishing, vishing uses face-to-face communication to build trust. This method is particularly effective as the human voice conveys authenticity and can create urgency. Voice phishing is often more targeted and personalized than other phishing methods, which increases the success rate.

Which data is particularly at risk among Salesforce users?

In successful voice phishing attacks, criminals can access sensitive information such as customer contacts, sales data, trade secrets and internal company information. This data is extremely valuable to cybercriminals and can be used for various illegal purposes such as blackmail or identity theft. What is particularly worrying is that modern attackers such as the UNC6040 group are patient and sometimes wait months after the compromise before extracting data.

How does a typical voice phishing attack against Salesforce users work?

The attackers first thoroughly research their targets and then specifically contact employees with Salesforce access. They pose as IT support or Salesforce specialists and claim that there is a security issue or an urgent update is required. Victims are led through a seemingly legitimate process where they authorize a malicious connected app, often a modified version of the Salesforce Data Loader. This app then gives the attackers full access to the company's Salesforce data.

How can I recognize a voice phishing call?

Unexpected calls from alleged IT support or Salesforce employees are suspicious, especially if the caller is urgently requesting help. Typical characteristics include requests for access data or MFA codes, requests to visit certain websites or install software, and artificial time pressure. Attackers often use technical terms to appear competent and unsettle the victim. Particular caution is advised when MFA codes are requested or when the caller asks for unusual actions.

What should I do if I receive a suspicious call?

If you receive a suspicious call, you should never make decisions or disclose personal data under pressure. End the call politely and contact your IT department via official channels to verify the call. Do not open any links, install any software or disclose any access data without confirming the legitimacy of the caller. Report suspicious calls to your security officer immediately.

What protective measures can I take as a Salesforce user?

Implement clear communication protocols for IT support requests and apply the principle of least privilege. Be sure to enable multi-factor authentication (MFA) for all Salesforce accounts, ideally with hardware security keys. Use specialized security tools such as Salesforce Shield for advanced monitoring and encryption features. Set up alerts for unusual activity and regularly check the Connected Apps for suspicious entries.

What should I do if I have been the victim of a voice phishing attack?

End the call immediately and do not disclose any further information. Change all affected passwords immediately and deactivate any suspicious apps. Inform your IT department or security officer immediately via a secure communication channel. They can then initiate further steps, such as checking access rights and analyzing log files. Document the incident carefully for later analysis and possible legal action.

How can I sensitize my employees to voice phishing?

Conduct regular, hands-on training sessions that simulate real-life scenarios. It is particularly important to train employees with access to Salesforce and IT support staff. Organize regular phishing simulations and workshops on current scams. Establish clear guidelines for dealing with unexpected support calls and provide regular reminders. Through continuous training, your employees will become an effective first line of defense against voice phishing attacks.

Which technologies can help detect voice phishing?

Modern security systems rely on artificial intelligence and machine learning to detect suspicious call patterns. Advanced voice recognition can identify fake or synthesized voices. Specialized telephony security systems can be integrated into the existing communication infrastructure and filter suspicious calls. Network traffic analysis helps to detect unusual data movements. However, these technologies are only really effective in conjunction with other security measures and trained employees.

How will voice phishing develop in the future?

As AI and speech synthesis evolve, attackers will increasingly be able to create deceptively real voice impersonations, making identity theft through voice clones even more dangerous. Targets will diversify to include mid-sized companies as well as multinationals. In response, companies will need to develop more advanced protection mechanisms, such as biometric authentication and context-based security systems. The integration of blockchain technology could enable secure verification of communications in the future.

What role does the UNC6040 group play in voice phishing attacks?

The criminal group referred to by Google as UNC6040 specializes in voice phishing against Salesforce users. It causes considerable damage through targeted phone calls in which the attackers pretend to be IT support staff. Once successfully compromised, they use the stolen data to blackmail the affected companies. The group is known for its patience and sophisticated methods - it often waits months after compromise before extracting data, making detection difficult.

How can I recognize voice spoofing and protect myself against it?

Voice spoofing is a technique used by attackers to disguise their phone numbers or make them appear as known numbers. Look out for signs such as unusual delays in the conversation, robotic voices or unnatural speech patterns. If in doubt, call the person back on their known number instead of continuing the call. Use call screening services and apps that can block known spoofing numbers. Companies should invest in telephony systems that can detect voice spoofing and regularly inform their employees about this threat.
DSB buchen
en_USEnglish