Financial fraud targeting both individuals and corporations is evolving as cybercriminals shift from simple phishing to sophisticated social engineering tactics like “wangiri” and “quishing.” According to Hobber Siccha, director at Centrum PUCP, these methods exploit human curiosity and digital trust to bypass traditional security, often resulting in unauthorized international phone charges or the theft of sensitive corporate credentials.
What is the “Wangiri” fraud and how does it work?
The term “wangiri,” which translates to “call and cut” in Japanese, describes a scheme where attackers place mass, short-duration calls to a target. The goal is to trigger a callback from the recipient, who sees a missed call and assumes it is a legitimate corporate or personal inquiry. According to Hobber Siccha, once the victim returns the call, the system routes them to an international premium-rate line. This triggers immediate, high-cost charges for the user, sometimes costing as much as $30 for a connection lasting only a few seconds.
Cybercriminals often use automated scripts to call thousands of numbers simultaneously. Even if a user blocks one number, the attackers can immediately pivot to another, making it difficult for individuals to stop the bombardment.
Why is “quishing” a growing threat to business reputations?
Quishing, a portmanteau of “QR” and “phishing,” involves placing malicious QR codes in public spaces to redirect victims to fraudulent websites. Freddy Linares, a cybersecurity expert at the Universidad del Pacífico, notes that this method is particularly dangerous for businesses like restaurants. If a customer scans a tampered QR code at a table and has their data stolen or malware installed on their phone, the business suffers a loss of public trust. This reputational damage often leads to a direct decline in customers and revenue, as the brand is perceived as failing to protect its patrons.
How do these scams impact corporate network security?
Beyond individual financial loss, these scams serve as entry points for larger network compromises. When an employee in a department like human resources or treasury interacts with a phishing email or a malicious link, they risk exposing the entire corporate infrastructure. As explained by Hobber Siccha, internal security measures—such as robust firewalls, antivirus software, and network segmentation—are designed to isolate these infections. Without strictly enforced security policies, a single instance of social engineering can lead to the compromise of critical data or the total disruption of business operations.
Pro Tips for Digital Safety
- Verify before you click: Always inspect URLs for minor typos or variations, such as “rmicrosoft.com” instead of “microsoft.com.”
- Use call-screening tools: Install apps that identify and classify spam calls to filter out known fraudulent numbers.
- Avoid public Wi-Fi for sensitive tasks: Never log into bank accounts or corporate systems while connected to unsecured public networks.
Frequently Asked Questions
- Can I get my money back after a wangiri call?
- Recovery is difficult because the charges are often legitimate according to the billing structure of the premium-rate line you called. Contact your telecommunications provider immediately to report the fraud.
- How can a company protect itself from quishing?
- Companies should implement constant digital monitoring to identify fake sites, alert customers to official channels, and train employees to recognize social engineering tactics.
- Why do hackers use phone calls instead of just emails?
- According to Freddy Linares, phone-based social engineering creates a sense of urgency and forces the victim to act on impulse, which is harder to defend against than a static email.
Are you concerned about your company’s cybersecurity posture? Subscribe to our weekly newsletter for the latest updates on emerging digital threats and expert guidance on how to protect your data.
