July 10, 2006 2:48 PM PDT

Phishers come calling on VoIP

Cheaply available voice over Internet Protocol numbers and Net calling are helping crooks launch new data-thieving scams, a security company has warned.

In a twist on phishing, fraudsters are now calling their intended victims instead of e-mailing them. The caller hears an automated message that warns of a problem with a bank account, Secure Computing, a maker of security appliances, said in a statement on Monday.

The message includes instructions to call a phone number to resolve the issues. That number connects the caller to a voice response system asking the consumer to enter their 16-digit credit card number, Secure Computing said.

The fraudsters likely use stolen identities to set up a voice-response system and acquire local VoIP phone numbers, according to Secure Computing, which dubbed the new way of scamming "vishing."

Phishers have already been sending out e-mails that attempt to trick people into sharing personal information over the phone, instead of via a Web site, the traditional scam.

Cybercrooks are also using cell phones as a way to bait victims. In the U.K. and Iceland, SMS (short message service) text messages were used to lure people to a malicious Web site that installed a backdoor, according to F-Secure, a Finnish antivirus company.

Criminals are organizing better and moving to more sophisticated tactics to get their hands on confidential data and turn PCs of unwitting users into bots, or compromised PCs commandeered by remote attackers, law enforcement officials said recently.

Phishing is one of the most common threats. In May, just over 20,000 phishing Web sites--a new record--were reported to the Anti-Phishing Working Group. Phishing is aimed at tricking a computer user into giving up sensitive information such as a credit card or Social Security number.

"Consumers need to be extra-vigilant when giving out their information on the phone," Paul Henry, vice president of strategic accounts for Secure Computing, said in the statement about vishing. "Common sense is the first line of protection."

To avoid falling for a vishing scheme or any scam that involves calling a supposed bank number: Never call a number provided in a phone call or an e-mail. Only call the number on the back of your card or on a bank statement.

See more CNET content tagged:
Secure Computing Corp., phishing, VoIP, bank, credit card

4 comments

Join the conversation!
Add your comment
Hackers moving past email
This is a very difficult issue to avoid because people are not accustomed to worrying about identity theft over the phone. We have somewhat learned to deal with fake emails from large banks, however when it comes to the phones, it can even catch the most prepared security experts off guard. This is just another scam that we are going to have to work with.

An easy solution to all of this would be to never give away bank/credit card information unless it is face to face. Knowing how to correctly protect your personal financial information could be the key to losing or retaining your identity.
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article16.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article16.htm</a>
Posted by Nkully86 (59 comments )
Reply Link Flag
Hackers moving past email
This is a very difficult issue to avoid because people are not accustomed to worrying about identity theft over the phone. We have somewhat learned to deal with fake emails from large banks, however when it comes to the phones, it can even catch the most prepared security experts off guard. This is just another scam that we are going to have to work with.

An easy solution to all of this would be to never give away bank/credit card information unless it is face to face. Knowing how to correctly protect your personal financial information could be the key to losing or retaining your identity.
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article16.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article16.htm</a>
Posted by Nkully86 (59 comments )
Reply Link Flag
Are They Using Toll-Free Numbers?
Are any of these phishers using toll-free numbers? I know that Skype does not offer toll-free SkypeIn numbers at this time.
Posted by maxwis (141 comments )
Reply Link Flag
Are They Using Toll-Free Numbers?
Are any of these phishers using toll-free numbers? I know that Skype does not offer toll-free SkypeIn numbers at this time.
Posted by maxwis (141 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.