July 10, 2006 2:48 PM PDT
Phishers come calling on VoIP
In a twist on phishing, fraudsters are now calling their intended victims instead of e-mailing them. The caller hears an automated message that warns of a problem with a bank account, Secure Computing, a maker of security appliances, said in a statement on Monday.
The message includes instructions to call a phone number to resolve the issues. That number connects the caller to a voice response system asking the consumer to enter their 16-digit credit card number, Secure Computing said.
The fraudsters likely use stolen identities to set up a voice-response system and acquire local VoIP phone numbers, according to Secure Computing, which dubbed the new way of scamming "vishing."
Phishers have already been sending out e-mails that attempt to trick people into sharing personal information over the phone, instead of via a Web site, the traditional scam.
Cybercrooks are also using cell phones as a way to bait victims. In the U.K. and Iceland, SMS (short message service) text messages were used to lure people to a malicious Web site that installed a backdoor, according to F-Secure, a Finnish antivirus company.
Criminals are organizing better and moving to more sophisticated tactics to get their hands on confidential data and turn PCs of unwitting users into bots, or compromised PCs commandeered by remote attackers, law enforcement officials said recently.
Phishing is one of the most common threats. In May, just over 20,000 phishing Web sites--a new record--were reported to the Anti-Phishing Working Group. Phishing is aimed at tricking a computer user into giving up sensitive information such as a credit card or Social Security number.
"Consumers need to be extra-vigilant when giving out their information on the phone," Paul Henry, vice president of strategic accounts for Secure Computing, said in the statement about vishing. "Common sense is the first line of protection."
To avoid falling for a vishing scheme or any scam that involves calling a supposed bank number: Never call a number provided in a phone call or an e-mail. Only call the number on the back of your card or on a bank statement.
4 commentsJoin the conversation! Add your comment