Secure Computing Warns of New VoIP Based Phishing Scam
Secure Computing has warned that familiar phishing attacks have now evolved into phone scams, known as ‘vishing’. This new method exploits the low cost of VoIP and combines it with the social engineering aspects of phishing to extract financial information from unsuspecting credit card and banking customers.
The scam is a telephone based version of phishing, hence the name vishing. This new technique enables cybercriminals to harvest detailed ID information, expiration date and other essential ID details in addition to the customer's card and account numbers. Paul Laudanski of CastleCops suggests that the visher used a stolen identity to set up a digital voice-response system through an Internet phone company. It's also possible that the phone number listed in the vish is routing calls to another number which could be anywhere in the world.
"Like most other social engineering exploits, vishing relies upon the 'hacking' of a common procedure that fits within the victim's comfort zone. Specifically, this methodology takes advantage of what has become a normal practice for credit card users. It is a normal procedure when calling a credit card provider to be asked to enter your 16-digit credit card number before given the opportunity to speak to a credit card representative. Consumers need to be extra vigilant when giving out their information on the phone," said Paul Henry, vice president of strategic accounts for Secure Computing.
Vishing scams often follow this familiar process:
The cybercriminal configures a war dialler to call phone numbers in a given region.
When the phone is answered, an automated recording is played to alert the consumer that their credit card has had fraudulent activity and the consumer should call the following phone number immediately. The phone number could be an 800 number or a regional telephone number often with a spoofed caller ID for the financial company they are pretending to represent.
When the consumer calls the number, it is answered by a typical computer generated voice that tells the consumer they have reached account verification and instructs the consumer to enter their 16-digit credit card number on the key pad.
Once the consumer enters their credit card number, the visher has all of the information necessary to place fraudulent charges on the consumer's card -- Telephone number, Full name and address, Credit card number
The call can then be used to harvest additional details such as security PIN, expiration date, date of birth, bank account number, etc.
print
save
email
comment
Copyright @ 2004 Software & Support Media
Powered By Media Teknologi Informasi Corp.
Privacy PolicyTerms of Use
