April 27, 2006 5:51 PM PDT

Phishers try a phone hook

In a new twist on phishing, fraudsters are sending out e-mails that attempt to trick people into sharing personal information over the phone.

Cloudmark, a San Francisco-based e-mail security company, said it has seen two separate attacks this week. In both cases, the spammed message warns of a problem with a bank account and instructs the recipient to dial a phone number to resolve it, the company said in a statement published Tuesday.

The caller is connected to a voice response system that is made to sound exactly like the bank's own system, Cloudmark said.

"The phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN," Cloudmark said.

"The result can be personally financially devastating," Adam O'Donnell, the senior research scientist at Cloudmark, said in the statement.

Phishing scams are prevalent and continue to proliferate. In traditional scams, miscreants try to pilfer personal information by sending spam e-mail with links to a malicious Web site, crafted to look like a site belonging to a trusted service provider. The phone scams are a new twist, made possible by cheap Internet-based telephone services, Cloudmark said.

Antispam technology can block the e-mail scams, Cloudmark said. The company urged people who do receive the messages to notify their service providers immediately. As a precaution, people should not dial phone numbers received in an e-mail message and should double-check and dial the numbers printed on ATM and credit cards instead, it advised.

See more CNET content tagged:
Cloudmark, phishing, twist, service provider, bank

8 comments

Join the conversation!
Add your comment
To be protected from Internet fraud you need CallingID toolbar
CallingID for the Internet is a simple add-on to their browser. When users install CallingID they experience the Internet from a new angle. For the first time they see who owns the sites they visit, where the owner is located and receive an immediate indication about the risk level of sending data to these sites. When visiting msn.com they see that the site is owned by Microsoft and it is OK to send personal information to this site, but when they visit kazza.com they see that the owner of this site is hiding his identity and accordingly, sending data to such a site is considered high risk (information sent to someone who deliberately hides his identity may be used by scammers). CallingID verifies for the user when it is OK to send data, particularly personal information which requires an encrypted session, and when there is a risk involved. A simple display indicates the sites safety level, resulting from 52 different security tests performed behind the scenes and, if the user wishes, he receives all the detailed test results. CallingID can be downloaded from CallingID web site or from download.com
Posted by ba_oren (16 comments )
Reply Link Flag
To be protected from Internet fraud you need CallingID toolbar
CallingID for the Internet is a simple add-on to their browser. When users install CallingID they experience the Internet from a new angle. For the first time they see who owns the sites they visit, where the owner is located and receive an immediate indication about the risk level of sending data to these sites. When visiting msn.com they see that the site is owned by Microsoft and it is OK to send personal information to this site, but when they visit kazza.com they see that the owner of this site is hiding his identity and accordingly, sending data to such a site is considered high risk (information sent to someone who deliberately hides his identity may be used by scammers). CallingID verifies for the user when it is OK to send data, particularly personal information which requires an encrypted session, and when there is a risk involved. A simple display indicates the sites safety level, resulting from 52 different security tests performed behind the scenes and, if the user wishes, he receives all the detailed test results. CallingID can be downloaded from CallingID web site or from download.com
Posted by ba_oren (16 comments )
Reply Link Flag
To be protected from Internet fraud you need CallingID toolbar
CallingID for the Internet is a simple add-on to their browser. When users install CallingID they experience the Internet from a new angle. For the first time they see who owns the sites they visit, where the owner is located and receive an immediate indication about the risk level of sending data to these sites. When visiting msn.com they see that the site is owned by Microsoft and it is OK to send personal information to this site, but when they visit kazza.com they see that the owner of this site is hiding his identity and accordingly, sending data to such a site is considered high risk (information sent to someone who deliberately hides his identity may be used by scammers). CallingID verifies for the user when it is OK to send data, particularly personal information which requires an encrypted session, and when there is a risk involved. A simple display indicates the site?s safety level, resulting from 52 different security tests performed behind the scenes and, if the user wishes, he receives all the detailed test results. CallingID can be downloaded from CallingID web site or from download.com
Posted by ba_oren (16 comments )
Reply Link Flag
To be protected from Internet fraud you need CallingID toolbar
CallingID for the Internet is a simple add-on to their browser. When users install CallingID they experience the Internet from a new angle. For the first time they see who owns the sites they visit, where the owner is located and receive an immediate indication about the risk level of sending data to these sites. When visiting msn.com they see that the site is owned by Microsoft and it is OK to send personal information to this site, but when they visit kazza.com they see that the owner of this site is hiding his identity and accordingly, sending data to such a site is considered high risk (information sent to someone who deliberately hides his identity may be used by scammers). CallingID verifies for the user when it is OK to send data, particularly personal information which requires an encrypted session, and when there is a risk involved. A simple display indicates the site?s safety level, resulting from 52 different security tests performed behind the scenes and, if the user wishes, he receives all the detailed test results. CallingID can be downloaded from CallingID web site or from download.com
Posted by ba_oren (16 comments )
Reply Link Flag
To be protected you need CallingID toolbar
CallingID for the Internet is a simple add-on to their browser. When users install CallingID they experience the Internet from a new angle. For the first time they see who owns the sites they visit, where the owner is located and receive an immediate indication about the risk level of sending data to these sites. When visiting msn.com they see that the site is owned by Microsoft and it is OK to send personal information to this site, but when they visit kazza.com they see that the owner of this site is hiding his identity and accordingly, sending data to such a site is considered high risk (information sent to someone who deliberately hides his identity may be used by scammers). CallingID verifies for the user when it is OK to send data, particularly personal information which requires an encrypted session, and when there is a risk involved. A simple display indicates the sites safety level, resulting from 52 different security tests performed behind the scenes and, if the user wishes, he receives all the detailed test results. CallingID can be downloaded from CallingID web site or from download.com
Posted by ba_oren (16 comments )
Reply Link Flag
why post three times?
Or was C-Net acting up again?
Posted by techguy83 (295 comments )
Link Flag
To be protected you need CallingID toolbar
CallingID for the Internet is a simple add-on to their browser. When users install CallingID they experience the Internet from a new angle. For the first time they see who owns the sites they visit, where the owner is located and receive an immediate indication about the risk level of sending data to these sites. When visiting msn.com they see that the site is owned by Microsoft and it is OK to send personal information to this site, but when they visit kazza.com they see that the owner of this site is hiding his identity and accordingly, sending data to such a site is considered high risk (information sent to someone who deliberately hides his identity may be used by scammers). CallingID verifies for the user when it is OK to send data, particularly personal information which requires an encrypted session, and when there is a risk involved. A simple display indicates the sites safety level, resulting from 52 different security tests performed behind the scenes and, if the user wishes, he receives all the detailed test results. CallingID can be downloaded from CallingID web site or from download.com
Posted by ba_oren (16 comments )
Reply Link Flag
why post three times?
Or was C-Net acting up again?
Posted by techguy83 (295 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.