This introduction to vishing is offered in the hope that being aware of it makes you less likely to fall for a vishing based scam.
Vishing is short for voice phishing. Voice refers to the fact that the scam is perpetrated over the phone. Phishing is a scam designed to "criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity..." according to Wikipedia.
As people get less trusting (deservedly so) of email, the bad guys hope victims put more faith in phone numbers.
A recent article by Brian Krebs at WashingtonPost.com, The Anatomy of a Vishing Scam, describes a particular scam in detail and offers an education by example. In the case Brian describes, the initial contact with the victim was by text messaging to a cellphone, but it could just as well have been via email or instant messaging.
The crucial point is that just because someone or something says that a phone number belongs to a bank or credit union doesn't make it true.
In the old days, tracing a phone number to its true owner was no big deal. But now, according to Brian "the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down."
The story is likely to be that something bad has happened to your bank account, or is about to happen to it, and unless you call the phone number immediately you can kiss your money good-bye. The scammer hopes the story will scare you to the point that you don't even consider the validity of the phone number.
Call your bank or credit union, but call the number in the phone book or on your statements. If it's a scam, they should appreciate the heads up. They may not, but they should.
See a summary of all my Defensive Computing postings.
Warning of a new scam targeting non-profits comes from Alex Eckelberry of Sunbelt Software, the company behind the anti-Spyware program CounterSpy.
The scam starts out with an email message that seems to be from Barbara Moratek Vice President, Director of Grant Programs at Ivete Foundation. The come-on in the body of the message is:
"Would you have additional information for prospective donors or volunteers other than what is on your website? Thank you in advance."
I've said before, you can never trust the FROM address of an email message. According to the email header from one of the messages, it originated in Brazil, in the city of Curitiba from a computer with a name of virtua-cwbas189-4-7-26ctb.virtua.com.br.
But, there is a new twist to this scam, the bad guys have set up traps for someone doing a Google search for "Barbara Moratek". Alex provides a screen shot of this Google search from Thursday January 10th showing "... a bunch of links pushing fake codec Trojans and other junk sites (many on Blogger)." So, the process of checking whether the email is legitimate can result in your computer getting infested with malicious software. Fortunately this scam has gotten enough attention that the top links on Google are now warnings about Barbara Moratek.
Yet another wrinkle to this scam is that the malicious web pages Google offered up were from sites that are not obviously suspicious. For example, Digg and Lycos both served up phony Barbara Moratek web pages as did Blogspot and Celebrity-pictures-gossip.com. User contributed content has to always be consumed with a grain of salt.
One thing strikes me as inexcusable. The alert about this first went up on January 10th, Brian Krebs picked up on it and wrote about it at WashingtonPost.com on the 11th. Both the Sunbelt blog and Brian's Security Fix column are well known and popular, which begs the question:
Why are there still malicious Barbara Moratek web pages showing up in Google?
As I write this on January 13th, three of the scam Barbara Moratek pages still show up on the first page of search results at Google. Is anyone minding the store? Yahoo's search is clean, the first two pages of results of a search for "Barbara Moratek" turn up nothing but warnings about the scam. No actual malicious pages are shown. Google should do better, it can't be a big deal for them to remove known malicious web pages from their database.
For more on deciding whether an email message is on the level see a couple earlier postings of mine:
-- Defending against a phishing email message October 27, 2007
-- Is that e-mail message legit? How a computer nerd analyzes it November 11, 2007
Always be skeptical on the Internet.
Update: You can report a web site that you suspect contains malicious software to Google at google.com/safebrowsing/report_badware/. The trailing slash is required. January 14, 2008.
See a summary of all my Defensive Computing postings.
I get more than my share of unwanted e-mail messages of all types, but a new (to me at least) scam appeared in my in-box today. The subject was "New User Letter" and the message appears below with the ID numbers changed as a precaution.
We are glad you joined CoolPics.
User Number: 5134626785
Temp Login ID: user2450
Temorary Password: ga872
Be Secure. Change your Login ID and Password.
Follow this Link: http://76.220.224.169/
Enjoy,
New Member Technical Support
CoolPics
By the time I looked into it, the IP address seemed to have been taken out of service--it was unreachable both with a browser and the ping command.
One reason to lookout for this sort of thing is that the Web page it sends you to might try to install malicious software on your computer. My recent blog trilogy on DropMyRights is one way to defend against this type of attack. See "DropMyRights" Part 1, Part 2 and Part 3 .
My personal Web site has more "Examples of Bad E-mail Messages". The important lesson is to always be skeptical about e-mail messages, and, not to judge them based on the from address. It is very easy to forge the from address in an e-mail message.
- prev
- 1
- next
